rspec/rules/S2007/plsql/rule.adoc

== Why is this an issue?

When data structures (scalar variables, collections, cursors) are declared in the package specification (not within any specific program), they can be referenced directly by any program running in a session with ``++EXECUTE++`` rights to the package.


Instead, declare all package-level data in the package body and provide getter and setter functions in the package specification. Developers can then access the data using these methods and will automatically follow all rules you set upon data modification.


By doing so you can guarantee data integrity, change your data structure implementation, and also track access to those data structures.

=== Noncompliant code example

[source,sql]
----
-- Package specification
CREATE PACKAGE employee AS
   name VARCHAR2(42); -- Non-Compliant
END employee;
/

DROP PACKAGE employee;
----

=== Compliant solution

[source,sql]
----
-- Package specification
CREATE PACKAGE employee AS
   PROCEDURE setName (newName VARCHAR2);
   FUNCTION getName RETURN VARCHAR2;
END employee;
/

-- Package body
CREATE PACKAGE BODY employee AS
   name VARCHAR2(42);

   PROCEDURE setName (newName VARCHAR2) IS
   BEGIN
     name := newName;
   END;

   FUNCTION getName RETURN VARCHAR2 IS
   BEGIN
     RETURN name;
   END;
END employee;
/

DROP PACKAGE BODY employee;

DROP PACKAGE employee;
----

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Move this variable declaration into a program.


'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			When data structures (scalar variables, collections, cursors) are declared in the package specification (not within any specific program), they can be referenced directly by any program running in a session with ``++EXECUTE++`` rights to the package.
Add rules 2000-2999 2020-06-30 12:48:07 +02:00
Force linebreaks 2021-02-02 15:02:10 +01:00
Add rules 2000-2999 2020-06-30 12:48:07 +02:00			`Instead, declare all package-level data in the package body and provide getter and setter functions in the package specification. Developers can then access the data using these methods and will automatically follow all rules you set upon data modification.`

Force linebreaks 2021-02-02 15:02:10 +01:00
Add rules 2000-2999 2020-06-30 12:48:07 +02:00			`By doing so you can guarantee data integrity, change your data structure implementation, and also track access to those data structures.`

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
Add rules 2000-2999 2020-06-30 12:48:07 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,sql]`
Add rules 2000-2999 2020-06-30 12:48:07 +02:00			`----`
			`-- Package specification`
			`CREATE PACKAGE employee AS`
			`name VARCHAR2(42); -- Non-Compliant`
			`END employee;`
			`/`

			`DROP PACKAGE employee;`
			`----`

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Compliant solution`
Add rules 2000-2999 2020-06-30 12:48:07 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,sql]`
Add rules 2000-2999 2020-06-30 12:48:07 +02:00			`----`
			`-- Package specification`
			`CREATE PACKAGE employee AS`
			`PROCEDURE setName (newName VARCHAR2);`
			`FUNCTION getName RETURN VARCHAR2;`
			`END employee;`
			`/`

			`-- Package body`
			`CREATE PACKAGE BODY employee AS`
			`name VARCHAR2(42);`

			`PROCEDURE setName (newName VARCHAR2) IS`
			`BEGIN`
			`name := newName;`
			`END;`

			`FUNCTION getName RETURN VARCHAR2 IS`
			`BEGIN`
			`RETURN name;`
			`END;`
			`END employee;`
			`/`

			`DROP PACKAGE BODY employee;`

			`DROP PACKAGE employee;`
			`----`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`=== Message`

			`Move this variable declaration into a program.`

RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

			`include::../comments-and-links.adoc[]`
Make sure that includes are always surrounded by empty lines (#2270) When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again. 2023-06-22 10:38:01 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`