NoExecute
Last updated: January 30, 2026
NoExecute is a custom policy check that prevents the use of EXEC or EXECUTE statements.
regex: (?i:exec\s|execute\s)\s*
This example utilizes SQL Server. You can use this check as it is or customize it further to fit your needs in your SQL database. All Regex Custom Policy Checks can only run against the changelog, not against the database.
Before you begin
Scope | Database |
changelog | SQL Server |
Liquibase 4.29.0+
Configure a valid Liquibase Pro license key
Create a Check Settings file: Use the Checks Settings Configuration File
Ensure the Liquibase Checks extension is installed. In Liquibase 4.31.0+, it is already installed in the
/liquibase/internal/libdirectory, so no action is needed.If the checks JAR is not installed, download
liquibase-checks-<version>.jarand put it in theliquibase/libdirectory.Maven users only:
Add this dependency to your
pom.xmlfile:
<dependency> <groupId>org.liquibase.ext</groupId> <artifactId>liquibase-checks</artifactId> <version>2.0.0</version> </dependency>
Java Development Kit 17+ (available for Open JDK and Oracle JDK)
Linux, macOS, or Windows operating system
Procedure
These steps describe how to create the Custom Policy Check. It does not exist by default in Liquibase Pro.
Run this command in the CLI:
liquibase checks customize --check-name=SqlUserDefinedPatternCheckGive your check a short name for easy identification
Use up to 64 alpha-numeric characters only.
In this example, we will use:
NoExecuteSet the Severity to return a code of 0-4 when triggered.
These severity codes allow you to determine if the job moves forward or stops when this check triggers.
Learn more here: Use Policy Checks in Automation: Severity and Exit Code
options: 'INFO'=0, 'MINOR'=1, 'MAJOR'=2, 'CRITICAL'=3, 'BLOCKER'=4
Set the SEARCH_STRING to this valid regular expression:
Regular expression search string
(?i:exec\s|execute\s)\s*Set the MESSAGE to display when a match for the regular expression <SEARCH_STRING> is found in a Changeset.
In this example, we will set the description to:
Error! EXEC or EXECUTE detected.Set STRIP_COMMENTS to true if you want to remove the comments from the output.
Results
The regex custom policy check is created successfully.
Sample Failing Scripts
--changeset amalik:execute_immediate
DECLARE
sql_stmt VARCHAR2(200);
plsql_block VARCHAR2(500);
emp_id NUMBER(4) := 7566;
salary NUMBER(7,2);
dept_id NUMBER(2) := 50;
dept_name VARCHAR2(14) := 'PERSONNEL';
location VARCHAR2(13) := 'DALLAS';
emp_rec emp%ROWTYPE;
BEGIN
EXECUTE IMMEDIATE 'CREATE TABLE bonus (id NUMBER, amt NUMBER)';
sql_stmt := 'INSERT INTO dept VALUES (:1, :2, :3)';
EXECUTE IMMEDIATE sql_stmt USING dept_id, dept_name, location;
sql_stmt := 'SELECT * FROM emp WHERE empno = :id';
EXECUTE IMMEDIATE sql_stmt INTO emp_rec USING emp_id;
plsql_block := 'BEGIN emp_pkg.raise_salary(:id, :amt); END;';
EXECUTE IMMEDIATE plsql_block USING 7788, 500;
sql_stmt := 'UPDATE emp SET sal = 2000 WHERE empno = :1
RETURNING sal INTO :2';
EXECUTE IMMEDIATE sql_stmt USING emp_id RETURNING INTO salary;
EXECUTE IMMEDIATE 'DELETE FROM dept WHERE deptno = :num'
USING dept_id;
EXECUTE IMMEDIATE 'ALTER SESSION SET SQL_TRACE TRUE';
END;
Sample Error Message
CHANGELOG CHECKS
----------------
Checks completed validation of the changelog and found the following issues:
Check Name: Check for specific patterns in sql (NoExecute)
Changeset ID: execute_immediate
Changeset Filepath: changeLogs/2_objects/02_storedprocedure/execute_immediate.sql
Check Severity: INFO (Return code: 4)
Message: Error! EXEC or EXECUTE detected.