TableCommentPatternCheck

The TableCommentPatternCheck check triggers when specific user-supplied patterns are present in table comments.

Note: Checks require specific parameters noted in the table. Customizations to checks configuration are stored in the liquibase.checks-settings file.

Uses

You can use the check to look for the presence of specific patterns in their table comments. These patterns can directly affect security and velocity, so it is pertinent they have checks run against them. There are statements, patterns, and actions necessary to catch as early as possible because they can directly affect security and velocity.

Tip: Please be aware that TableCommentPatternCheck only supports modeled changeset types. If you use this Quality Check with unmodeled changesets (formatted SQL changelogs as well as sql and sqlFile changeTypes), a message will appear stating the changeset was skipped.

Note: It is important to note that Quality Checks for Databases are only compatible with Relational databases verified as Advanced. Learn more about Database Verification Levels here: Database Verification and Support

Run the TableCommentPatternCheck check

To run the TableCommentPatternCheck check, ensure you have a Liquibase Pro license key, a valid URL property, and the checks-scope property includes database. The checks-scope parameter is set in the default properties file, environment variable, or any standard method. Then, check the table for comment patterns. Enable the TableCommentPatternCheck check by running the following command in the CLI:

liquibase checks enable --check-name=TableCommentPatternCheck

Liquibase prompts you to establish a copy of this check and to initiate the customization work flow. To do this, select options for each of the attributes below in the CLI.

Note: This check can not be enabled directly because one or more fields does not have a default value. Creating a copy of this check initiates the customization work flow.

TableCommentPatternCheck configurable attributes

The following table identifies attributes that are configurable by TableCommentPatternCheck. More information about constraints is available here.

Attribute Name Type Description Customization Default Value
SEVERITY String/enum

Set the severity to return a code of 0–4 when the check is triggered.

  • 'INFO' | 0
  • 'MINOR' | 1
  • 'MAJOR' | 2
  • 'CRITICAL' | 3
  • 'BLOCKER' | 4

'INFO' | 0

OPERATOR String/enum

The location to look for the provided SEARCH_STRING value

  • STARTS_WITH – Value of SEARCH_STRING should be found at the beginning of the table.
  • ENDS_WITH – Value of SEARCH_STRING should be found at the end of the table.
  • CONTAINS – Value of SEARCH_STRING can be anywhere in the table.
  • REGEXP – Value of SEARCH_STRING is a regexp that should be matched.

STARTS_WITH

SEARCH_STRING String/enum

The substring or regular expression to match with the one in the changelog file. Cannot be empty.

When OPERATOR=REGEXP, SEARCH_STRING must be a valid regular expression. Otherwise, all characters are allowed

--
MESSAGE String/enum

The output printed when the check detects a pattern match

-- A match for regular expression SEARCH_STRING was detected in IDENTIFIER.

Note: Liquibase uses the java.util.regex engine to match regular expressions.

The output displays the comment pattern credential match, if they exist.