security-definer-function-no-explicit-search-path (ST003)

Automatic fix is available.

What it does

Checks that a security definer function has explicit search path.

Why not?

Because a SECURITY DEFINER function is executed with the privileges of the user that owns it, care is needed to ensure that the function cannot be misused. For security, search_path should be set to exclude any schemas writable by untrusted users. This prevents malicious users from creating objects (e.g., tables, functions, and operators) that mask objects intended to be used by the function.

When should you?

Never.

Use instead:

Set an explicit search_path on SECURITY DEFINER functions.