Execute immediate additional parsing #260
Description
Subject: Suggestion for Enhancing Logic Handling of Dynamic SQL Statements
Hello,
We would like to propose an enhancement to the current logic related to the processing of dynamic SQL statements. At present, the implementation does not analyze or process the literals contained within EXECUTE IMMEDIATE statements.
This logic could be improved by introducing additional checks for child nodes—particularly in cases where the dynamic statement consists solely of a single LITERAL node.
Rationale:
Literals used within EXECUTE IMMEDIATE often contain PL/SQL code for creating tables, foreign keys, sequences, and other schema elements. Enabling the analysis of such literals would allow us to apply existing rules to this embedded SQL and develop new rules specifically targeting dynamically executed code. This would significantly improve the robustness and coverage of our static analysis.
We believe this enhancement would be a valuable addition and are happy to provide further details or examples if needed.
Suggested change:
A new rule could be introduced that subscribes to the EXECUTE_IMMEDIATE_STATEMENT node, extracts the string literal containing the SQL code, and performs analysis by applying existing rules to the extracted script.
The extracted SQL string could be temporarily written to a file for analysis purposes and then removed after processing. If any issues are identified by existing rules during this analysis, the EXECUTE_IMMEDIATE_STATEMENT node would report those findings accordingly—effectively linking the results of the embedded SQL analysis back to the dynamic statement in the original PL/SQL code.
Best regards,
Unity Bars Team