eslint-plugin-postgresql
All rules

Security

postgresql/no-security-definer-without-search-path

Disallow `SECURITY DEFINER` functions without an explicit `SET search_path`.

  • Type problem
  • Recommended error
  • Fixable no

Why this matters

A `SECURITY DEFINER` function runs with the owner's privileges. If the caller controls `search_path`, they can shadow built-ins (e.g. `pg_catalog.lower`) with their own functions and execute code as the owner — a recurring CVE pattern. Pin `search_path` (e.g. `SET search_path = pg_catalog, pg_temp`) on every `SECURITY DEFINER` function. `SECURITY INVOKER` (the default) is out of scope.

Examples

Incorrect

Incorrect 
CREATE FUNCTION fn() RETURNS void
LANGUAGE plpgsql
SECURITY DEFINER
AS $$ BEGIN END $$;

Correct

Correct 
CREATE FUNCTION fn() RETURNS void
LANGUAGE plpgsql
SECURITY DEFINER
SET search_path = pg_catalog, pg_temp
AS $$ BEGIN END $$;

Configure it

// eslint.config.js
import postgresql from "eslint-plugin-postgresql";

export default [
  {
    files: ["**/*.sql"],
    languageOptions: {
      parser: postgresql.configs.recommended.languageOptions.parser,
    },
    plugins: { postgresql },
    rules: {
      "postgresql/no-security-definer-without-search-path": "error",
    },
  },
];

Options

This rule has no options.

Try this rule

Edit the SQL — only no-security-definer-without-search-path is enabled.

Pre-filled with the first incorrect example. Toggle off in the rule shelf to see how the diagnostic disappears.

0 errors 0 warnings parse 0ms · rules 0ms
Diagnostics

No issues found.

2 rules enabled.

Rule under test no-security-definer-without-search-path — plus no-syntax-error as a safety net.
eslint-plugin-postgresql

An ESLint plugin that lints .sql files with real PostgreSQL grammar and a curated set of best-practice rules.

Project
Resources
© 2026 eslint-plugin-postgresql contributors Built on libpg-query · PostgreSQL 17