TableCommentPatternCheck

The TableCommentPatternCheck check triggers when specific user-supplied patterns are present in table comments.

Note: Checks require specific parameters noted in the table. Customizations to checks configuration are stored in the liquibase.checks-settings file.

Uses

You can use the check to look for the presence of specific patterns in their table comments. These patterns can directly affect security and velocity, so it is pertinent they have checks run against them. There are statements, patterns, and actions necessary to catch as early as possible because they can directly affect security and velocity.

Run the TableCommentPatternCheck check

To run the TableCommentPatternCheck check, ensure you have a Liquibase Labs license, a valid URL property, and the checks-scope property includes database. The checks-scope parameter is set in the default properties file, environment variable, or any standard method. Then, check the table for comment patterns. Enable the TableCommentPatternCheck check by running the following command in the CLI:

liquibase checks enable --check-name=TableCommentPatternCheck

Liquibase prompts you to establish a copy of this check and to initiate the customization work flow. To do this, select options for each of the attributes below in the CLI.

Note: This check can not be enabled directly because one or more fields does not have a default value. Creating a copy of this check initiates the customization work flow.

TableCommentPatternCheck configurable attributes

The following table identifies attributes that are configurable by TableCommentPatternCheck. More information about constraints is available here.

Attribute Name Type Description Customization Default Value
SEVERITY String/enum

Set the severity to return a code of 0–4 when the check is triggered.

  • 'INFO' | 0
  • 'MINOR' | 1
  • 'MAJOR' | 2
  • 'CRITICAL' | 3
  • 'BLOCKER' | 4

'INFO' | 0

OPERATOR String/enum

The location to look for the provided SEARCH_STRING value

  • STARTS_WITH – Value of SEARCH_STRING should be found at the beginning of the table.
  • ENDS_WITH – Value of SEARCH_STRING should be found at the end of the table.
  • CONTAINS – Value of SEARCH_STRING can be anywhere in the table.
  • REGEXP – Value of SEARCH_STRING is a regexp that should be matched.

STARTS_WITH

SEARCH_STRING String/enum

The substring or regular expression to match with the one in the changelog file. Cannot be empty.

When OPERATOR=REGEXP, SEARCH_STRING must be a valid regular expression. Otherwise, all characters are allowed

 
MESSAGE String/enum

The output printed when the check detects a pattern match

  A match for regular expression SEARCH_STRING was detected in IDENTIFIER.

Note: Liquibase uses the java.util.regex engine to match regular expressions.

The output displays the comment pattern credential match, if they exist.