### Description This is a generic issue. There are some places in utPLSQL that are vulnerable to SQL injections. We have 1) find a way to identify them 2) fix them 3) set up an automated review mechanism to find such issues, e.g. during our automated builds @krisrice pointed out the following example in [ut_suite_manager.get_cached_suite_data](https://github.com/utPLSQL/utPLSQL/blob/develop/source/core/ut_suite_manager.pkb#L394) ``` and c.object_owner = ']'||upper(a_object_owner)||q'[' ``` This line as two issues 1) the parameter is not asserted, in this case via `sys.dbms_assert.schema_name` 2) the parameter is converted to upper case, which leads to wrong results when quoted usernames are used (see also #920). ### utPLSQL Version v3.1.7.2808-develop