Hugging Face's logo

Spaces:
aquabarrier
/
ab-ms-core
Paused

App Files Community
ab-ms-core / tools /find_dynamic_sql_procs.sql
MukeshKapoor25's picture
MukeshKapoor25
Add new reference models and update repositories for enhanced data handling
9b21c17
raw
history blame contribute delete
2.07 kB
 -- tools/find_dynamic_sql_procs.sql
-- Parameterized T-SQL to scan all stored procedure sources for dynamic-SQL patterns.
-- Usage:
-- :setvar SearchPattern "sp_executesql|EXEC\s*\(|EXEC\s+@|\+\s*'"
-- :setvar TopN 1000
-- :setvar ContextChars 120
-- Run in SSMS, Azure Data Studio or sqlcmd (sqlcmd: use -v to pass variables).
SET NOCOUNT ON;
-- variables via sqlcmd or client substitution
DECLARE @SearchPattern NVARCHAR(400) = 'sp_executesql|EXEC\s*\(|EXEC\s+@|\+\s*\''; -- regex-like tokens (plain LIKE uses %)
DECLARE @Top INT = 1000;
DECLARE @Context INT = 120; -- characters of surrounding context
-- We use simple LIKE checks plus more specific patterns to score confidence.
SELECT TOP(@Top)
s.name AS schema_name,
p.name AS proc_name,
p.create_date,
p.modify_date,
m.definition,
-- basic token flags
CASE WHEN m.definition LIKE '%sp_executesql%' THEN 1 ELSE 0 END AS has_sp_executesql,
CASE WHEN m.definition LIKE '%EXEC %(%' ESCAPE '\' THEN 1 ELSE 0 END AS has_exec_parenthesis,
CASE WHEN m.definition LIKE '%EXEC @%' THEN 1 ELSE 0 END AS has_exec_variable,
CASE WHEN m.definition LIKE '%''+%''%' ESCAPE '\' OR m.definition LIKE '%'' + %' ESCAPE '\' THEN 1 ELSE 0 END AS has_string_concat,
-- rough confidence score
(CASE WHEN m.definition LIKE '%sp_executesql%' THEN 3 ELSE 0 END
+ CASE WHEN m.definition LIKE '%EXEC %(%' ESCAPE '\' THEN 2 ELSE 0 END
+ CASE WHEN m.definition LIKE '%EXEC @%' THEN 2 ELSE 0 END
+ CASE WHEN m.definition LIKE '%''+%''%' ESCAPE '\' OR m.definition LIKE '%'' + %' ESCAPE '\' THEN 1 ELSE 0 END) AS confidence_score
FROM sys.procedures p
JOIN sys.schemas s ON p.schema_id = s.schema_id
LEFT JOIN sys.sql_modules m ON p.object_id = m.object_id
WHERE m.definition IS NOT NULL
AND (
m.definition LIKE '%sp_executesql%'
OR m.definition LIKE '%EXEC %(%' ESCAPE '\'
OR m.definition LIKE '%EXEC @%'
OR m.definition LIKE '%''+%''%' ESCAPE '\'
OR m.definition LIKE '%'' + %' ESCAPE '\'
)
ORDER BY confidence_score DESC, s.name, p.name;