TableCommentPatternCheck

The TableCommentPatternCheck check triggers when specific user-supplied patterns are present in table comments.

  • checks require specific parameters noted in the table.
  • Customizations to checks configuration are stored in the liquibase.checks-settings file.

Uses

You can use the check to look for the presence of specific patterns in their table comments. These patterns can directly affect security and velocity, so it is pertinent they have checks run against them. There are statements, patterns, and actions necessary to catch as early as possible because they can directly affect security and velocity.



Run the TableCommentPatternCheck check

To run the TableCommentPatternCheck check, ensure you have a Liquibase Lab license, a valid URL property, and the checks-scope property includes database. The checks-scope is set in the default properties file, environment variable, or any standard method. Then, check the table for comment patterns. Enable the TableCommentPatternCheck check by running the following command in the CLI: 

liquibase checks enable --check-name=TableCommentPatternCheck

Liquibase prompts you to establish a copy of this check and to initiate the customization work flow. To do this, select options for each of the attributes below in the CLI.

Note: This check can not be enabled directly because one or more fields does not have a default value. Creating a copy of this check initiates the customization work flow.

TableCommentPatternCheck Configurable Attributes

The following table identifies attributes that are configurable by TableCommentPatternCheck. Constraints.

Attribute Name Type Description Options/ Validation Default Value
Operator String/enum The location to look for the provided SearchString Value

- startsWith - SearchString provided should be found at the beginning of the table.

- endsWith - SearchString provided should be found at the end of the table.

- contains - SearchString Provided can be anywhere in the table.

- regexp - SearchString provided is a regexp that should be matched.

contains
SearchString String/enum The substring or regular expression to match. Validation - SearchString should be a valid regular expression.
Message String/enum The message the user wishes to print when the check detects a pattern match   A match for regular expression {{SearchString}} value was detected in Changeset changeset id.
Case_Sensitivity

String/enum

Set CASE_SENSITIVE (options: true, false) user entry of true or false is accepted case-insensitively false
Severity String/enum Set CASE_SENSITIVE (options: true, false) user entry of true or false is accepted case-insensitively false

liquibase checks enable --check-name=TableCommentPatternCheck runs successfully. The output displays the comment pattern credential match, if they exist.