Get Example source ABAP code based on a different SAP table
ARTIClE
Program Generation This example demonstrates how a program is generated using GENERATE SUBROUTINE POOL.
ABAP_SOURCE_CODE ABAP_EXEC
ABAP_DESCRIPTION The program permits declaration statements to be entered in a declaration part and operational statements to be entered in an implem entation part. These entries are inserted consecutively into a method of a pattern program, which is imported into an internal table using the statement READ REPORT. When Execute is selected, the program is generated using GENERATE SUBROUTINE POOL and the method is called. Before this happens, the syntax is checked using SYNTAX-CHECK. The ability to enter source code for a generic program presents the greatest potential security risk. The following measures have been taken to avoid abuse of this program:
The static constructor of the class display checks whether the program is executed in a production system (a system with production clients). Source code cannot be entered in these systems and no function codes are accepted apart from the display of documentation.
The static constructor of the class display checks whether the current user has authorization for ABAP Editor in the current system and development authorization for modifying and executing temporary programs. Only these users can enter source code and execute programs, since all actions possible here are also possible in the development environment.
Since developers in particular are tempted to test the vulnerability of their test programs, the available statements are restricted as follows:
Only declarative statements can be entered in the declaration part. This is checked using the same syntax check as for the declaration part of a class. This check is made in the method check_declarations of the class program.
Only those statements entered in a white list are valid in the implementation part. A black list prevents the use of other classes or objects (except for the output class CL_DEMO_OUTPUT). This check is made in the method check_implementation of the class program, with the method CHECK of the class CL_DEMO_SECURE_ABAP_CODE being called. If the statements INSERT, MODIFY, or DELETE are used, the addressed table must be declared in the declaration part. This prevents writes from being performed on database tables.
Note If, despite these measures, it is still possible to generate and execute potentially dangerous code with this program without manipulating the program flow or the program data in the debugger, inform the component BC-ABA-LA immediately.
