Check for destructive SQL code such as TRUNCATE TABLE

I am new to Sonar Cloud and looking to use it with Bitbucket pipelines for T-SQL code. The pipeline is used for automated DB deployments.
I was looking to have SQL statements such as TRUNCATE and DROP to be highlighted by Sonar Cloud but it seems the rule is not built in.
Not sure if any customization is possible or if this is something that is possible to be built into the tool if not already on the roadmap?


Hey @riken ,

Thanks for raising this.
It appears to be a miss on the TRUNCATE keyword on the frontend highlighting.
I opened an internal ticket for it.

About the DROP keyword, on my side it seems properly highlighted.
Here is an example.

Could you confirm that this is TRUNCATE-specific?
If you have issues with other reserved keywords as well, please let me know so that I can mention it as well. :slight_smile:


Hi Greg, thank you for your response.

I think I was not clear in what I was asking for here.

What I am looking for is that if someone uses TRUNCATE or DROP in their code. I want it to show up as an issue. Iā€™m not sure which domain that would fit into, maybe code smell or vulnerability?
When someone uses those words in code, I want to know about it in the pull request before that code is deployed/merged.


Hey again @riken ,

You are right, I misunderstood your request, sorry for that. :slight_smile:
About your suggestion, I am not sure it is a usecase that is applicable to most SQL codebases.
I can imagine people using destructive statements on migration scripts, definitely on temp tables and possibly even on normal tables or views. How would you differentiate between a correct and an incorrect usage of these statements?

Also, as you correctly pointed out, how would you report this? Is it a code smell or a vulnerability to drop a table? I think it could be, but DROP/TRUNCATE are still valid SQL keywords that can be used correctly.

I think what you are trying to do can be achieved by adding a DROP|TRUNCATE regex or a parsing script as an extra step in the pipeline, so that there is visiblity when destructive verbs are invoked.

Kind regards,

Hi, thanks for that. I will look to add it to the pipeline.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.