-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathliquibase.checks-settings.conf
398 lines (395 loc) · 15.3 KB
/
liquibase.checks-settings.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
## Quality Checks Settings File
########## IMPORTANT: NEVER EDIT THIS KEY
## id: 'some-l0ng-uni4ue-id3nt1fier-c0d3'
########## ALWAYS EDITABLE KEY VALUES and PARAMETERS
## severity: <can be set to 0, 1, 2, 3, 4>
## enabled: <can be "true" or "false">
########## EDITABLE PARAMETERS
## Standard value options:
## ALLOWED_LIST: <comma-separated list>
## CASE_SENSITIVE: <true, false>
## CHANGE_TYPE_LIST: <comma-separated list; valid values: RENAMEVIEW, DROPFOREIGNKEYCONSTRAINT, DROPTABLE, DROPUNIQUECONSTRAINT, SQLFILE, MERGECOLUMNS, RENAMETRIGGER, TAGDATABASE, ADDNOTNULLCONSTRAINT, SETCOLUMNREMARKS, DISABLECHECKCONSTRAINT, ADDUNIQUECONSTRAINT, CREATEFUNCTION, CREATETRIGGER, DROPINDEX, DROPSEQUENCE, CREATESEQUENCE, DROPPACKAGE, OUTPUT, STOP, DROPNOTNULLCONSTRAINT, ENABLETRIGGER, SETTABLEREMARKS, DROPTRIGGER, DROPCOLUMN, DROPPROCEDURE, SQL, EXECUTECOMMAND, ADDCHECKCONSTRAINT, CREATEVIEW, DROPFUNCTION, CREATETABLE, DROPPACKAGEBODY, ENABLECHECKCONSTRAINT, LOADUPDATEDATA, CUSTOMCHANGE, DROPSYNONYM, INSERT, DROPDEFAULTVALUE, ADDCOLUMN, CREATEPROCEDURE, LOADDATA, CREATEINDEX, DROPALLFOREIGNKEYCONSTRAINTS, CREATEPACKAGEBODY, CREATESYNONYM, DISABLETRIGGER, DELETE, RENAMESEQUENCE, ADDDEFAULTVALUE, DROPPRIMARYKEY, UPDATE, MODIFYDATATYPE, ADDFOREIGNKEYCONSTRAINT, DROPCHECKCONSTRAINT, EMPTY, MARKUNUSED, ALTERSEQUENCE, ADDAUTOINCREMENT, RENAMECOLUMN, ADDLOOKUPTABLE, DROPVIEW, CREATEPACKAGE, ADDPRIMARYKEY, RENAMETABLE>
## COLUMN_NAME: <non-empty string>
## CONSTRAINT: <NOT_NULL, UNIQUE, PRIMARYKEY, FOREIGNKEY, DEFAULT>
## CONSTRAINT_OPERATOR: <STARTS_WITH, ENDS_WITH, CONTAINS, REGEXP, ALL>
## DEFAULTS_FILENAME: <valid filename>
## EXCEPTIONS_LIST: <comma-separated list>
## FILETYPE: <sql, xml, json, yml, yaml>
## JDBC_URL: <non-empty string>
## MAX_COLUMNS: <positive numeric value>
## MESSAGE: <non-empty string>
## OBJECT_TYPES: <TABLE, COLUMN, SEQUENCE, INDEX, SCHEMA>
## OPERATOR: <STARTS_WITH, ENDS_WITH, CONTAINS, REGEXP, EQUALS>
## PASSWORD: <non-empty string>
## PRIVILEGE_LIST: <comma-separated list of valid database privileges>
## PROJECT_DIR: <path to a directory>
## SAMPLE_CHANGELOG_NAME: <valid filename>
## SEARCH_STRING: <a string, or a valid regular expression>
## STRIP_COMMENTS: <true, false>
## TABLE_NAME: <string>
## USERNAME: <non-empty string>
fileCreated: 2023-11-13T14:40:11.977Z
fileModified: 2023-11-13T17:09:19.149Z
rules:
- description: This check warns a user when SQL contains 'GRANT' statements so that
they can ensure that the privilege being granted won't lead to security issues.
enabled: true
id: '38fc7edf-9a60-3d00-8b40-23c7e719745f'
name: Warn on Detection of 'GRANT' Statements
severity: '4'
shortName: SqlGrantWarn
- description: This check warns a user when SQL contains 'REVOKE' statements so that
they can ensure that the privilege being revoked won't lead to data access and
dependency issues.
enabled: true
id: '0b73828f-2e8d-3c36-b1c3-7153bcb6f160'
name: Warn on Detection of 'REVOKE' Statements
severity: '4'
shortName: SqlRevokeWarn
- description: This check warns a user when generated or raw SQL contains 'USE DATABASE'
directive.
enabled: false
id: '9197d8c1-86e7-3277-b3d9-677c2f2b4213'
name: Warn on Detection of 'USE DATABASE' statements
severity: '0'
shortName: WarnOnUseDatabase
- description: This check warns a user when a table is being dropped so that they
can ensure that dropping the table won't lead to unintentional loss of data.
enabled: true
id: '218fa8f2-ea81-308e-b010-5c25cf62c8fc'
name: Warn when 'DROP TABLE' detected
severity: '4'
shortName: ChangeDropTableWarn
- description: This check warns a user when a column is being dropped so that they
can ensure that dropping the column won't lead to unintentional loss of data.
enabled: true
id: '223ed841-5f53-3eab-8ca8-f66393c689a4'
name: Warn when 'DROP COLUMN' detected
severity: '4'
shortName: ChangeDropColumnWarn
- description: This check warns a user when a change will result in modification of
a data type so they can ensure that modifying the data type won't lead to unintentional
loss of data
enabled: false
id: 'e98e0a4d-0582-360b-a89f-37b2f65e65d2'
name: Warn when 'MODIFY <column>' detected
severity: '0'
shortName: ModifyDataTypeWarn
- description: This check warns a user when generated or raw SQL contains 'SELECT
*' statements so that they can ensure selecting all fields from a table in a
query is safe and necessary
enabled: false
id: 'b36ff4e4-b647-3bfa-b73f-33c7a588c567'
name: Warn on Detection of 'SELECT *'
severity: '0'
shortName: SqlSelectStarWarn
- description: This check scans SQL for the presence of specific patterns and warns
the user when they are found.
enabled: false
id: '6fe07581-c90d-3add-9057-1547a1439727'
name: Check for specific patterns in sql
parameters:
- parameter: SEARCH_STRING
value: null
- parameter: MESSAGE
value: A match for regular expression <SEARCH_STRING> was detected in Changeset
<CHANGESET>.
- parameter: STRIP_COMMENTS
value: true
parentRuleId: null
severity: '0'
shortName: SqlUserDefinedPatternCheck
- description: Ensures that no table has more than a threshold number of columns.
enabled: false
id: '2abde5de-a71d-3ead-8fd6-e13a743c0aec'
name: Check Table Column Count
parameters:
- parameter: MAX_COLUMNS
value: 50
parentRuleId: null
severity: '0'
shortName: TableColumnLimit
- description: This check confirms the listed object names conform to the supplied
pattern.
enabled: false
id: '51362082-ddc1-34dc-98f6-c7413345b19b'
name: Object name pattern match
parameters:
- parameter: OPERATOR
value: STARTS_WITH
- parameter: SEARCH_STRING
value: null
- parameter: OBJECT_TYPES
value: null
- parameter: CASE_SENSITIVE
value: true
parentRuleId: null
severity: '0'
shortName: ObjectNameMustMatch
- description: This check confirms the listed object names do not match the supplied
pattern.
enabled: false
id: '1bd2ac39-66fd-31fc-ac37-d6ba4c6319cc'
name: Object name pattern not match
parameters:
- parameter: OPERATOR
value: STARTS_WITH
- parameter: SEARCH_STRING
value: null
- parameter: OBJECT_TYPES
value: null
- parameter: CASE_SENSITIVE
value: true
parentRuleId: null
severity: '0'
shortName: ObjectNameMustNotMatch
- description: This check warns a user when changeset includes or generates sql that
grants specific privileges to a user or role
enabled: false
id: '751a7709-1676-36eb-b1fb-31819ff4b681'
name: Warn on Grant of Specific Privileges
parameters:
- parameter: PRIVILEGE_LIST
value: null
parentRuleId: null
severity: '0'
shortName: SqlGrantSpecificPrivsWarn
- description: This check warns a user when a table is being truncated so that they
can ensure that truncating the table won't lead to unintentional loss of data.
enabled: true
id: '136bed9a-17c5-3edc-b1e7-30065052e859'
name: Warn when 'TRUNCATE TABLE' detected
severity: '4'
shortName: ChangeTruncateTableWarn
- description: This check warns a user when SQL contains 'GRANT' statements that include
the 'WITH GRANT OPTION' clause so that they can ensure that the privilege being
granted won't lead to security issues
enabled: false
id: '892b5881-6d02-3846-bdf0-c8538e7b013f'
name: Warn on Detection of grant that contains 'WITH GRANT OPTION'
severity: '0'
shortName: SqlGrantOptionWarn
- description: Disallow Oracle reserved keywords from being used in database object
names. See https://docs.oracle.com/cd/B19306_01/em.102/b40103/app_oracle_reserved_words.htm
for complete list of keywords.
enabled: false
id: 'b0530bd6-986c-3084-b2d7-d01261a6337e'
name: Disallow oracle reserved keywords
parameters:
- parameter: OBJECT_TYPES
value: null
- parameter: ALLOWED_LIST
value: null
- parameter: CASE_SENSITIVE
value: true
parentRuleId: null
severity: '0'
shortName: OracleReservedKeywords
- description: Disallow SQL Server reserved keywords from being used in database object
names. See https://docs.microsoft.com/en-us/sql/t-sql/language-elements/reserved-keywords-transact-sql?view=sql-server-ver16
for complete list of keywords.
enabled: false
id: '3328f158-14fe-389e-ad3d-ed633c07cd8b'
name: Disallow sql server reserved keywords
parameters:
- parameter: OBJECT_TYPES
value: null
- parameter: ALLOWED_LIST
value: null
- parameter: CASE_SENSITIVE
value: true
parentRuleId: null
severity: '0'
shortName: SQLServerReservedKeywords
- description: Disallow SQL Server's future reserved keywords from being used in database
object names. See https://docs.microsoft.com/en-us/sql/t-sql/language-elements/reserved-keywords-transact-sql?view=sql-server-ver16
for complete list of keywords.
enabled: false
id: 'e373a890-b092-3c11-b204-d71b84282a26'
name: Disallow sql server future reserved keywords
parameters:
- parameter: OBJECT_TYPES
value: null
- parameter: ALLOWED_LIST
value: null
- parameter: CASE_SENSITIVE
value: true
parentRuleId: null
severity: '0'
shortName: SQLServerFutureReservedKeywords
- description: Disallow Postgres reserved keywords from being used in database object
names. See https://www.postgresql.org/docs/14/sql-keywords-appendix.html for complete
list of keywords.
enabled: false
id: '23ba52ce-5e52-3025-8404-6c455797e53a'
name: Disallow postgres reserved keywords
parameters:
- parameter: OBJECT_TYPES
value: null
- parameter: ALLOWED_LIST
value: null
- parameter: CASE_SENSITIVE
value: true
parentRuleId: null
severity: '0'
shortName: PostgresReservedKeywords
- description: Disallow SQL Server's ODBC reserved keywords from being used in database
object names. See https://docs.microsoft.com/en-us/sql/t-sql/language-elements/reserved-keywords-transact-sql?view=sql-server-ver16
for complete list of keywords.
enabled: false
id: '534bf3f7-941c-35a0-8127-a3b869f7eec2'
name: Disallow sql server odbc reserved keywords
parameters:
- parameter: OBJECT_TYPES
value: null
- parameter: ALLOWED_LIST
value: null
- parameter: CASE_SENSITIVE
value: true
parentRuleId: null
severity: '0'
shortName: SQLServerODBCReservedKeywords
- description: Disallow Postgres non-reserved keywords from being used in database
object names. See https://www.postgresql.org/docs/14/sql-keywords-appendix.html
for complete list of keywords.
enabled: false
id: 'f731c06a-1f37-31e4-82e2-1e7df7d9c930'
name: Disallow postgres non reserved keywords
parameters:
- parameter: OBJECT_TYPES
value: null
- parameter: ALLOWED_LIST
value: null
- parameter: CASE_SENSITIVE
value: true
parentRuleId: null
severity: '0'
shortName: PostgresNonReservedKeywords
- description: This check warns a user when SQL contains 'GRANT' statements that include
the 'WITH ADMIN OPTION' clause so that they can ensure that the privilege being
granted won't lead to security issues
enabled: true
id: 'a85a72fd-9d93-33cd-bbdb-59f21538af9d'
name: Warn on Detection of grant that contains 'WITH ADMIN OPTION'
severity: '4'
shortName: SqlGrantAdminWarn
- description: This check warns a user when a ChangeSet includes a ChangeType listed
by the user as forbidden
enabled: false
id: '467fd8ba-a898-30a7-b265-aa48a023ae21'
name: Warn on Use of User Defined ChangeTypes
parameters:
- parameter: CHANGE_TYPE_LIST
value: dropTable,dropColumn
parentRuleId: null
severity: '0'
shortName: DetectChangeType
- description: This check triggers when a changeset does not have a rollback defined.
enabled: true
id: 'd517b518-8a6f-3084-a5be-97e7d89c6860'
name: Rollback Required for Changeset
severity: '4'
shortName: RollbackRequired
- description: This check enforces the Liquibase recommendation that labels be assigned
to each changeset to provide better deployment control and to enhance traceability
of efforts across changesets.
enabled: false
id: '00da80be-8adf-3c05-9380-b2538ae3015a'
name: Changesets Must Have a Label Assigned
severity: '0'
shortName: ChangesetLabelCheck
- description: This check enforces the Liquibase recommendation that contexts be assigned
to each changeset to provide better deployment control and to enhance traceability
of efforts across changesets.
enabled: false
id: 'e56b7a4a-5953-3be3-96d2-0814eb8e7a02'
name: Changesets Must Have a Context Assigned
severity: '0'
shortName: ChangesetContextCheck
- description: This check enforces the Liquibase recommendation that comments be added
to each changeset to document the purpose of a changeset for other/future consumers
of this changelog
enabled: false
id: '517fcf2f-769c-3916-af1c-4c6aeef37914'
name: Changesets Must Have a Comment Assigned
severity: '0'
shortName: ChangesetCommentCheck
- description: This check enforces the Liquibase Best Practice of keeping individual
changesets small by limiting them to one statement or change.
enabled: false
id: '2b02222f-32cf-3761-add0-9615b821678f'
name: One Change Per Changeset
severity: '0'
shortName: OneChangePerChangeset
- description: This check warns when a create table action doesn't also include a
primary key.
enabled: false
id: '8164f717-c798-323b-b268-65b5eca0784e'
name: Require primary key when creating table
parameters:
- parameter: EXCEPTIONS_LIST
value: ''
- parameter: CASE_SENSITIVE
value: true
parentRuleId: null
severity: '0'
shortName: PrimaryKeyOnCreateTable
- description: This check scans your target URL database tables to find tables which
do not have an associated index.
enabled: false
id: 'b945447e-9e2a-3422-b40c-543d7505568a'
name: Table must have an index
severity: '0'
shortName: CheckTablesForIndex
- description: 'This database check flags any table which does not have a comment.
(Note: This is not a check for a Liquibase changelog comment.)'
enabled: false
id: 'f9a9e270-09b1-3a4c-90b1-e3ae1de98d77'
name: Table must have a comment
severity: '0'
shortName: TableCommentCheck
- description: This check triggers when specific user-supplied patterns are found
in Table Comments.
enabled: false
id: '52e205f6-185c-3e14-9e90-18c66f1267a9'
name: Table Comment Pattern Check
parameters:
- parameter: OPERATOR
value: CONTAINS
- parameter: SEARCH_STRING
value: null
- parameter: MESSAGE
value: A match for regular expression <SEARCH_STRING> was detected in <IDENTIFIER>.
parentRuleId: null
severity: '0'
shortName: TableCommentPatternCheck
- description: Check for and alert when specified table does not contain the required
constraint(s).
enabled: false
id: 'c3a5ceda-c901-3864-8394-18c04139036c'
name: Constraint must exist
parameters:
- parameter: CONSTRAINT_OPERATOR
value: STARTS_WITH
- parameter: TABLE_NAME
value: null
- parameter: COLUMN_NAME
value: null
- parameter: CONSTRAINT
value: PRIMARYKEY
- parameter: CASE_SENSITIVE
value: true
- parameter: MESSAGE
value: The specified table '<TABLE_NAME>' does not contain the required '<CONSTRAINT>'
constraint.
parentRuleId: null
severity: '0'
shortName: ConstraintMustExist
- description: Alerts when a changeset ID does not follow the 8-4-4-4-12 pattern of
UUID or GUID.
enabled: false
id: 'af508207-cd38-3498-8a56-187ed76caebb'
name: Require Changeset ID is valid UUID
severity: '0'
shortName: RequireChangesetIDisUUID
version: '1.1'