False positives in multi-line dynamic sql

We are having some issues with code smells having many false positives while analyzing sql scripts with dynamic sql statements that span multiple lines.

Example:

SET $SQL = ‘SELECT ’ + $ColumnName + ’ FROM TABLE’
– This works fine

SET $SQL = ’
SELECT ’ + $ColumnName + ’
FROM TABLE’
– The analysis seems to ignore the ’ on the first line, then get confused in the following lines between ‘text’ and commands. As a result, it thinks ’ + $ColumnName + ’ is text and, if this variable is used multiple times in the dynamic sql statement, will raise a duplicate string literal issue. Is this a known issue?

Hello @nrcjli

Thank you for reporting the problem. This is a new issue, and I created a ticket in our internal tracking system. If you know of a workaround, please post it here for other users until we fix the parsing error. Thank you.

Link to the internal issue

Best Martin

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.