Executing of external code in a common module on the server (ExecuteExternalCodeInCommonModule)¶

Type	Scope	Severity	Activated by default	Minutes to fix	Tags
`Security Hotspot`	`BSL`	`Critical`	`Yes`	`15`	`badpractice` `standard`

Description¶

When you develop applications, note that not only execution of a code written in the Enterprise mode is unsafe, but also places, where the Execute or Eval methods are used to execute the code created based on parameters passed to server functions and procedures.
If the execution of arbitrary code Is necessary then it has to be preliminarily checked.

This restriction is not applicable to the code being executed on the client.

Examples¶

Sources¶

Restrictions on the use of Execute and Eval on the server (RU)

Snippets¶

Diagnostic ignorance in code¶

// BSLLS:ExecuteExternalCodeInCommonModule-off
// BSLLS:ExecuteExternalCodeInCommonModule-on

Parameter for config¶

"ExecuteExternalCodeInCommonModule": false