Assert all input parameters used in dynamic SQL and PL/SQL

### Description

This is a generic issue. There are some places in utPLSQL that are vulnerable to SQL injections. We have 

1) find a way to identify them 
2) fix them
3) set up an automated review mechanism to find such issues, e.g. during our automated builds

@krisrice pointed out the following example in [ut_suite_manager.get_cached_suite_data](https://github.com/utPLSQL/utPLSQL/blob/develop/source/core/ut_suite_manager.pkb#L394)

```
and c.object_owner = ']'||upper(a_object_owner)||q'['
```

This line as two issues 

1) the parameter is not asserted, in this case via `sys.dbms_assert.schema_name`
2) the parameter is converted to upper case, which leads to wrong results when quoted usernames are used (see also #920).

### utPLSQL Version

v3.1.7.2808-develop



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Assert all input parameters used in dynamic SQL and PL/SQL #921

Description

utPLSQL Version

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Assert all input parameters used in dynamic SQL and PL/SQL #921

Description

Description

utPLSQL Version

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions