Security Checks in ABAP Release 7.40, SP08 - ABAP Keyword Documentation

ABAP - Keyword Documentation → ABAP - ABAP Release News → News for ABAP Release 7.40 and its SPs → News for ABAP Release 7.40, SP08 →

Mail Feedback

Security Checks in ABAP Release 7.40, SP08

The security checks in the extended program check were revised as follows in ABAP release 7.40, SP08, alongside general improvements in data flow analysis and performance:

1. Use of System Fields

2. Security-Relevant Function Modules

3. Administration Transaction

Modification 1

Use of System Fields

The system fields sy-host, sy-sysid, and sy-mandt in logical expressions can indicate potential back doors, like when using sy-uname, and are now checked accordingly.

It is possible to define additional system fields, for which this check is performed, by implementing BAdI SLIN_BADI_SEC_BACKDOOR.

Modification 2

Security-Relevant Function Modules

The check that ensures that the return code sy-subrc is evaluated when a security-relevant function module (such as AUTHORITY_CHECK_TCODE or FILE_VALIDATE_NAME) is called was revised so that the list of predefined function modules can be expanded using the BAdI SLIN_BADI_SEC_PROCEDURES. The program RSLIN_SEC_DISPLAY_SECREL_PROC displays the full list.

Modification 3

Administration Transaction

The new transaction SLIN_ADMIN is used for the administration of the extended program check and the security checks.