WarnOnUseDatabase
This check warns a user when generated or raw SQL contains 'USE DATABASE' directive.
Uses
Use the check to warn when changeset's generated or raw SQL contain 'USE DATABASE' directive. Unintended or unauthorized database use can lead to security and compliance issues, especially in regulated industries. This quality check alerts users so they can exercise more control over database use privileges and permission changes, which is especially important in automated data pipelines, before these changes are deployed to your production environments.
Run the WarnOnUseDatabase check
The WarnOnUseDatabase check is enabled by default, so you will not need to turn it on if you have not changed your settings previously. To run the WarnOnUseDatabase check, ensure you have a Liquibase Pro license key and the checks-scope property includes changelog. The checks-scope parameter is set in the default properties file, environment variable, or any standard method. Then, check the changelog to see if WarnOnUseDatabase is enabled.
Enable the WarnOnUseDatabase
liquibase checks enable --check-name=WarnOnUseDatabase| Short Name | Scope | Enabled | Severity | Customization | Description |
|---|---|---|---|---|---|
WarnOnUseDatabase
|
changelog |
true |
Default value: 0
|
<none> |
This check warns a user when generated or raw SQL contains 'USE DATABASE' directive. |
liquibase checks enable --check-name=WarnOnUseDatabase example output
Check 'WarnOnUseDatabase' is already enabled. No changes made.
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| # | Check Name | Short Name | Description | Enabled | Customization | Severity | Scope |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 10 | Warn on Detection of 'GRANT' | SqlGrantWarn | This check warns a user when | false | None | 0 | changelog |
| | Statements | | SQL contains 'GRANT' | | | | |
| | | | statements so that they can | | | | |
| | | | ensure that the privilege | | | | |
| | | | being granted won't lead to | | | | |
| | | | security issues. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 20 | Warn on Detection of 'REVOKE' | SqlRevokeWarn | This check warns a user when | false | None | 0 | changelog |
| | Statements | | SQL contains 'REVOKE' | | | | |
| | | | statements so that they can | | | | |
| | | | ensure that the privilege | | | | |
| | | | being revoked won't lead to | | | | |
| | | | data access and dependency | | | | |
| | | | issues. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| WarnOnUseDatabase | changelog | true | 0 | None | This check warns a user when |
| | | | | | generated or raw SQL contains |
| | | | | | 'USE DATABASE' directive. |
+---------------------------------+------------+---------+----------+--------------------------------+--------------------------------+
| 30 | Warn when 'DROP TABLE' | ChangeDropTableWarn | This check warns a user when a | false | None | 0 | changelog |
| | detected | | table is being dropped so that | | | | |
| | | | they can ensure that dropping | | | | |
| | | | the table won't lead to | | | | |
| | | | unintentional loss of data. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 40 | Warn when 'DROP COLUMN' | ChangeDropColumnWarn | This check warns a user when a | false | None | 0 | changelog |
| | detected | | column is being dropped so | | | | |
| | | | that they can ensure that | | | | |
| | | | dropping the column won't lead | | | | |
| | | | to unintentional loss of data. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 50 | Warn when 'MODIFY column' | ModifyDataTypeWarn | This check warns a user when a | false | None | 0 | changelog |
| | detected | | change will result in | | | | |
| | | | modification of a data type so | | | | |
| | | | they can ensure that modifying | | | | |
| | | | the data type won't lead to | | | | |
| | | | unintentional loss of data | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 60 | Check for specific patterns in | SqlUserDefinedPatternCheck | This check scans raw SQL for | false | SEARCH_STRING = null | 0 | changelog |
| | sql | | the presence of specific | | MESSAGE = A match for regular | | |
| | | | patterns and warns the user | | expression SEARCH_STRING was | | |
| | | | when they are found. | | detected in Changeset | | |
| | | | | | CHANGESET. | | |
| | | | | | STRIP_COMMENTS = true | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 70 | Check Table Column Count | TableColumnLimit | Ensures that no table has more | true | MAX_COLUMNS = 2 | 1 | changelog, |
| | | | than a threshold number of | | | | database |
| | | | columns. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 80 | Object name pattern match | ObjectNameMustMatch | This check confirms the listed | false | OPERATOR = STARTS_WITH | 0 | changelog, |
| | | | object names conform to the | | SEARCH_STRING = null | | database |
| | | | supplied pattern. | | OBJECT_TYPES = null | | |
| | | | | | CASE_SENSITIVE = true | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 85 | Object name pattern not match | ObjectNameMustNotMatch | This check confirms the listed | false | OPERATOR = STARTS_WITH | 0 | changelog, |
| | | | object names do not match the | | SEARCH_STRING = null | | database |
| | | | supplied pattern. | | OBJECT_TYPES = null | | |
| | | | | | CASE_SENSITIVE = true | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 90 | Warn on Grant of Specific | SqlGrantSpecificPrivsWarn | This check warns a user when | false | PRIVILEGE_LIST = null | 0 | changelog |
| | Privileges | | changeset includes or | | | | |
| | | | generates sql that grants | | | | |
| | | | specific privileges to a user | | | | |
| | | | or role | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 100 | Warn when 'TRUNCATE TABLE' | ChangeTruncateTableWarn | This check warns a user when a | false | None | 0 | changelog |
| | detected | | table is being truncated so | | | | |
| | | | that they can ensure that | | | | |
| | | | truncating the table won't | | | | |
| | | | lead to unintentional loss of | | | | |
| | | | data. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 110 | Warn on Detection of grant | SqlGrantOptionWarn | This check warns a user when | false | None | 0 | changelog |
| | that contains 'WITH GRANT | | SQL contains 'GRANT' | | | | |
| | OPTION' | | statements that include the | | | | |
| | | | 'WITH GRANT OPTION' clause so | | | | |
| | | | that they can ensure that the | | | | |
| | | | privilege being granted won't | | | | |
| | | | lead to security issues | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 130 | Warn on Detection of grant | SqlGrantAdminWarn | This check warns a user when | false | None | 0 | changelog |
| | that contains 'WITH ADMIN | | SQL contains 'GRANT' | | | | |
| | OPTION' | | statements that include the | | | | |
| | | | 'WITH ADMIN OPTION' clause so | | | | |
| | | | that they can ensure that the | | | | |
| | | | privilege being granted won't | | | | |
| | | | lead to security issues | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 160 | Rollback Required for | RollbackRequired | This check triggers when a | false | None | 0 | changelog |
| | Changeset | | changeset does not have a | | | | |
| | | | rollback defined. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 170 | Changesets Must Have a Label | ChangesetLabelCheck | This check enforces the | false | None | 0 | changelog |
| | Assigned | | Liquibase recommendation that | | | | |
| | | | labels be assigned to each | | | | |
| | | | changeset to provide better | | | | |
| | | | deployment control and to | | | | |
| | | | enhance traceability of | | | | |
| | | | efforts across changesets. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 173 | Changesets Must Have a Context | ChangesetContextCheck | This check enforces the | false | None | 0 | changelog |
| | Assigned | | Liquibase recommendation that | | | | |
| | | | contexts be assigned to each | | | | |
| | | | changeset to provide better | | | | |
| | | | deployment control and to | | | | |
| | | | enhance traceability of | | | | |
| | | | efforts across changesets. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 176 | Changesets Must Have a Comment | ChangesetCommentCheck | This check enforces the | false | None | 0 | changelog |
| | Assigned | | Liquibase recommendation that | | | | |
| | | | comments be added to each | | | | |
| | | | changeset to document the | | | | |
| | | | purpose of a changeset for | | | | |
| | | | other/future consumers of this | | | | |
| | | | changelog | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 500 | Table must have a comment | TableCommentCheck | This check flags any Table | true | None | 0 | database |
| | | | described in a changelog or | | | | |
| | | | existing on a database target | | | | |
| | | | which does not have a Comment. | | | | |
| | | | (Note: This is not a check for | | | | |
| | | | a Liquibase changelog | | | | |
| | | | comment.) | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 510 | Table Comment Pattern Check | ExamplePatternCheck | This check triggers when | true | OPERATOR = CONTAINS | 1 | changelog, |
| | | | specific user-supplied | | SEARCH_STRING = PRIMARY_TABLE | | database |
| | | | patterns are found in Table | | MESSAGE = MATCH | | |
| | | | Comments. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 510 | Table Comment Pattern Check | TableCommentPatternCheck | This check triggers when | false | OPERATOR = CONTAINS | 0 | changelog, |
| | | | specific user-supplied | | SEARCH_STRING = null | | database |
| | | | patterns are found in Table | | MESSAGE = A match for regular | | |
| | | | Comments. | | expression SEARCH_STRING was | | |
| | | | | | detected in IDENTIFIER. | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 570 | Constraint must exist | ConstraintCheckShortName | Check for and alert when | true | CONSTRAINT_OPERATOR = CONTAINS | 1 | database |
| | | | specified table does not | | TABLE_NAME = PRIMARY_TABLE | | |
| | | | contain the required | | COLUMN_NAME = NULLABLECOL | | |
| | | | constraint(s). | | CONSTRAINT = PRIMARYKEY | | |
| | | | | | CASE_SENSITIVE = false | | |
| | | | | | MESSAGE = Example Message | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 570 | Constraint must exist | ConstraintMustExist | Check for and alert when | false | CONSTRAINT_OPERATOR = | 0 | database |
| | | | specified table does not | | STARTS_WITH | | |
| | | | contain the required | | TABLE_NAME = null | | |
| | | | constraint(s). | | COLUMN_NAME = null | | |
| | | | | | CONSTRAINT = PRIMARYKEY | | |
| | | | | | CASE_SENSITIVE = true | | |
| | | | | | MESSAGE = The specified table | | |
| | | | | | 'TABLE_NAME' does not | | |
| | | | | | contain the required | | |
| | | | | | 'CONSTRAINT' constraint. | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 570 | Constraint must exist | ConstraintMustExistTEST | Check for and alert when | true | CONSTRAINT_OPERATOR = ALL | 0 | database |
| | | | specified table does not | | CONSTRAINT = Primarykey | | |
| | | | contain the required | | CASE_SENSITIVE = false | | |
| | | | constraint(s). | | MESSAGE = any | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
Liquibase command 'checks enable' was executed successfully.