security-definer-function-non-temp-schema (ST005)

Automatic fix is available.

What it does

Checks that a security definer function has non-temporary schema in the search path.

Why not?

Because a SECURITY DEFINER function is executed with the privileges of the user that owns it, care is needed to ensure that the function cannot be misused. For security, search_path should be set to exclude any schemas writable by untrusted users. This prevents malicious users from creating objects (e.g., tables, functions, and operators) that mask objects intended to be used by the function. A secure arrangement can be obtained by forcing the temporary schema to be searched last. To do this, write pg_temp as the last entry in search_path.

When should you?

Never.

Use instead:

Include non-temporary schema in the search_path of a SECURITY DEFINER functions.