Monday, September 1, 2014

Software archeology in terms of SAP

"REPORT HAS BEEN DEACTIVATED". You may find statement saying that within ABAP code like reports. One may wonder what does it actually mean. Usually the case is that the code is obsolete and it should not be longer used.

What makes SAP code obsolete? These are cases I’m thinking of:

·      Particular function was rewritten (refactored) and an old one is not needed any more and is obsolete.

·       Functionality implementation error. Some part of functionality was intended to be present but later it was decided to do not implement it but some initial code remains. Thus remaining code is obsolete.

·     Implementation errors in security area. There is potential security risk or vulnerable patterns with the code. These can be following - just to name few: hardcoded users or passwords, performing certain code without logging it or without checking authorization objects, direct access to critical DB tables, injections issues (ABAP, SQL one), RFC execution, directory traversing, using of wait commands, etc. These errors were not detected during security checks of development cycle and were rolled out to customer’s systems. These kind of errors make parts of the code obsolete.

As soon as the refactored code is delivered or implementation type of errors were explored a corrections are prepared (mostly in form of SAP Notes). These corrections mark the code as obsolete and prevent execution of it.














That’s basically what happened in case if we see e.g. REPORT HAS BEEN DEACTIVATED in the ABAP code.
To enforce that particular ABAP code will not be used it is even commented out. The code needs to be comment out instead of simply removing whole objects in order to prevent unnecessary ABAP dump. By this user informed about obsolescence: 





























Other point of view (as suggested in the comment that introduces deactivation of the function) is software archeology (see 1st screenshot). Even seems it is practice in SAP that after few more releases particular code is not only commented but also removed it is very nice to see a track of software archeology J

No comments: