search

Trivadis / plsql-cop-cli

db* CODECOP Command Line
Other
24 stars 1 forks source link

Missing </blockquote> in SQL Script of G-3330: Avoid autonomous transaction #28

Closed PhilippSalvisberg closed 3 months ago

PhilippSalvisberg commented 3 months ago

The rule in SonarQube 10 looks like this:

image

The complete description is shown as blockquote. The quote should be only for the first two paragraphs in "Reason".

The culprit is guideline_3330_na.sql that is used as source for the transformation to the SonarQube rule. It does not contain a closing blockquote tag. 

-- G-3330: Avoid autonomous transactions.

-- Reason
/*<blockquote><p>Before we take a look at how autonomous transactions work, 
I’d like to emphasize that this type of transaction is a powerful and therefore
dangerous tool when used improperly. The true need for an autonomous transaction is very
rare indeed. I would be very suspicious of any code that makes use of
them — that code would get extra examination.
It is far too easy to accidentally introduce logical
data integrity issues into a system using them. (page 300)</p>

<p>In my experience, that is the only truly valid use of an autonomous transaction - 
to log errors or informational messages in a manner that can be committed independently
of the parent transaction. (page 305)</p>

<footer>- Kyte, Thomas (2013), <cite>_Expert Oracle Database Architecture. Third Edition_. Apress.</cite></footer>

<p>It is most likely not possible to distinguish legitimate uses of autonomous transactions from
illegitimate ones via static code analysis. However, since we expect exactly one autonomous
transaction per application, the number of false positives is manageable.</p>*/

-- Bad
create or replace package body dept_api is
   procedure ins_dept(in_dept_row in dept%rowtype) is
      pragma autonomous_transaction;
   begin
      insert into dept
      values in_dept_row;
      commit; -- required by autonomous transaction
   end ins_dept;
end dept_api;
/

-- Good
create or replace package body dept_api is
   procedure ins_dept(in_dept_row in dept%rowtype) is
   begin
      insert into dept
      values in_dept_row;
      -- transaction is commited in calling module
      -- after the completion of the unit of work
   end ins_dept;
end dept_api;
/
PhilippSalvisberg commented 3 months ago

fixed with Azure DevOps commit 34de7aee40571f09c2e61a26f07af05ead355542

image