Use the oracledb_session InSpec audit resource to test SQL commands run against a Oracle database.


A oracledb_session resource block declares the username and password to use for the session with an optional service to connect to, and then the command to be run:

describe oracledb_session(user: 'username', password: 'password', service: 'ORCL.localdomain').query('QUERY').row(0).column('result') do
  its('value') { should eq('') }


  • oracledb_session declares a username and password with permission to run the query (required), and an optional parameters for host (default: localhost), SID (default: nil, which uses the default SID, and path to the sqlplus binary (default: sqlplus).
  • query('QUERY') contains the query to be run
  • its('value') { should eq('') } compares the results of the query against the expected result in the test


The following examples show how to use this InSpec audit resource.

Test for matching databases

sql = oracledb_session(user: 'my_user', pass: 'password')

describe sql.query('SELECT NAME AS VALUE FROM v$database;').row(0).column('value') do
  its('value') { should cmp 'ORCL' }

Test for matching databases with custom host, SID and sqlplus binary location

sql = oracledb_session(user: 'my_user', pass: 'password', host: 'oraclehost', sid: 'mysid', sqlplus_bin: '/u01/app/oracle/product/12.1.0/dbhome_1/bin/sqlplus')

describe sql.query('SELECT NAME FROM v$database;').row(0).column('name') do
  its('value') { should cmp 'ORCL' }


For a full list of available matchers, please visit our matchers page.