Kontakt

Ansicht
Dokumentation

ABENPROGRAM_GENERATION_ABEXA - PROGRAM GENERATION ABEXA

ABENPROGRAM_GENERATION_ABEXA - PROGRAM GENERATION ABEXA

BAL_S_LOG - Application Log: Log header data   rdisp/max_wprun_time - Maximum work process run time  
This documentation is copyright by SAP AG.
SAP E-Book

Program Generation

This example demonstrates how a program is generated using GENERATE SUBROUTINE POOL.

Source Code

Execute

Description

The program allows declaration statements to be entered in a declaration part and operational statements to be entered in an implementation part. These entries are inserted consecutively into a method of a sample program, which is imported into an internal table using the statement READ REPORT. When Execute is selected, the generic program is created in this way using GENERATE SUBROUTINE POOL and the method is called. Before this happens, the syntax is checked using SYNTAX-CHECK.

The ability to enter source code for a generic program freely presents the greatest potential security risk. The following measures have been taken to avoid abuse of this program:

  • The static constructor of the class display checks whether the program is executed in a production system, that is, a system with production clients. No entries are possible in such a system and no function codes are accepted apart from the display of documentation.
  • The static constructor of the class display checks whether the current user has authorization for the ABAP Editor in the current system and development authorization for modifying and executing temporary programs. Entries and program execution are only possible for such a user, since all actions possible here are also possible in the ABAP development environment.
  • Since developers in particular are tempted to test the vulnerability of their test programs, the available statements are restricted as follows:
  • Only declarative statements can be entered in the declaration part. This is achieved using the same syntax check as for the declaration part of a class. This check is made in the method check_declarations of the class program.

  • Only those statements specified by an include list are valid in the implementation part. An exclude list prevents the use of other classes or objects, except for the output class CL_DEMO_OUTPUT. This check is made in the method check_implementation of the class program, for which the method CHECK of the class CL_DEMO_SECURE_ABAP_CODE is called. If the statements INSERT, MODIFY, or DELETE are used, the addressed table must be declared in the declaration part. This prevents writes from being performed on database tables.

Note

If, despite these measures, it is still possible to generate and execute potentially dangerous code with this program without manipulating the program flow or the program data in the debugger, inform the component BC-ABA-LA immediately.






ROGBILLS - Synchronize billing plans   Vendor Master (General Section)  
This documentation is copyright by SAP AG.

Length: 3563 Date: 20240419 Time: 072729     sap01-206 ( 36 ms )