This page presents the CISQ/OMG Quality Measurement Rules coverage at system- and technology-level for applications based on JEE technology and Oracle SQL supported by CAST AIP. JEE and Oracle SQL is an example of a common technology stack used in many applications. If necessary, CAST can help create an overview of CISQ coverage for other combinations of technologies.
| OMG Characteristics | OMG Rule Id and Name | Levels | AIP QR Id | AIP QR Name | Description | Source Techno |
|---|---|---|---|---|---|---|
| Maintainability | ASCMM-MNT-02: Class Element Excessive Inheritance of Class Elements with Concrete Implementation | Technology | N/A | JEE | ||
| Maintainability | ASCMM-MNT-02: Class Element Excessive Inheritance of Class Elements with Concrete Implementation | Technology | N/A | Not applicable in the context of database technologies. Relational databases don't deal with objects (and, thus, inheritance) - they deal with entities and relationships. | SQL | |
| Maintainability | ASCMM-MNT-04: Callable and Method Control Element Number of Outward Calls | System / Technology / Unit | 7778 | Avoid Artifacts with High Fan-Out | Direct implementation of the rule. However,for JEE, OMG mandates a default value of 5 for the fan-out threshold, and the default in AIP is 4. | JEE / SQL |
| Maintainability | ASCMM-MNT-07: Inter-Module Dependency Cycles | Technology | 7292 | Avoid cyclical calls and inheritances between packages | Direct implementation of the rule. | JEE |
| Maintainability | ASCMM-MNT-07: Inter-Module Dependency Cycles | Technology | N/A | Not applicable in the context of database technologies. The modules are usually developed using a programming language. | SQL | |
| Maintainability | ASCMM-MNT-09: Horizontal Layer Excessive Number | System | AC | Architecture Checker | Excessive number of layers are detected when defining the architecture. | JEE |
| Maintainability | ASCMM-MNT-09: Horizontal Layer Excessive Number | System | N/A | Not applicable to DBMS technologies | SQL | |
| Maintainability | ASCMM-MNT-10: Named Callable and Method Control Element Multi-Layer Span | System | AC | Architecture Checker | Components that span several layers are detected when defining the architecture. | JEE |
| Maintainability | ASCMM-MNT-10: Named Callable and Method Control Element Multi-Layer Span | System | N/A | Not applicable to DBMS technologies | SQL | |
| Maintainability | ASCMM-MNT-12: Named Callable and Method Control Element with Layer-skipping Call | System | AC | Architecture Checker | Defining the architecture with Architecture Checker and specifying the authorized links between the layers allow to pinpoint the components with layer-skipping calls. | JEE |
| Maintainability | ASCMM-MNT-12: Named Callable and Method Control Element with Layer-skipping Call | System | N/A | Not applicable to DBMS technologies | SQL | |
| Maintainability | ASCMM-MNT-17: Class Element Excessive Inheritance Level | Technology | 7802 | Avoid Classes with a High Depth of Inheritance Tree | Direct implementation of the rule. | JEE |
| Maintainability | ASCMM-MNT-17: Class Element Excessive Inheritance Level | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Maintainability | ASCMM-MNT-18: Class Element Excessive Number of Children | Technology | 7792 | Avoid Classes with a High Number Of Children | Direct implementation of the rule. | JEE |
| Maintainability | ASCMM-MNT-18: Class Element Excessive Number of Children | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 7860 | Avoid unreferenced Functions | JEE: Direct implementation of the rule. SQL: This rule lists all unreferenced functions, procedures and package functions & procedures. | JEE / SQL |
| Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 7908 | Avoid unreferenced Methods | Direct implementation of the rule. | JEE |
| Performance Efficiency | ASCPEM-PRF-04: Data Resource Read and Write Access Excessive Complexity | System / Technology / Unit | 7808 | Avoid Artifacts with SQL statement including subqueries | Sub-queries contribute to SQL query complexity. This AIP rule checks for nested SQL queries. | JEE |
| Performance Efficiency | ASCPEM-PRF-04: Data Resource Read and Write Access Excessive Complexity | System / Technology / Unit | 7130 | Avoid Artifacts with High Depth of Nested Subqueries | Nested sub-queries contribute to SQL query complexity. This AIP rule checks for nested SQL queries. | JEE |
| Performance Efficiency | ASCPEM-PRF-05: Data Resource Read Access Unsupported by Index Element | System / Technology / Unit | - | JEE | ||
| Performance Efficiency | ASCPEM-PRF-05: Data Resource Read Access Unsupported by Index Element | System / Technology / Unit | 7902 | Avoid SQL queries that no index can support | Direct implementation of the rule. | SQL |
| Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7206 | Avoid the use of InstanceOf inside loops | OMG rule applied to the case of type checking inside loops | JEE |
| Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7200 | Avoid String concatenation in loops | OMG rule implemented for the case of concatenation inside loops | JEE |
| Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7210 | Avoid instantiations inside loops | OMG rule implemented for the case of Class instantiation inside a loop | JEE |
| Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7954 | Avoid indirect String concatenation inside loops | OMG rule implemented for the case of concatenation inside functions called in loops | JEE |
| Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7204 | Avoid method invocation in a loop termination expression | OMG rule implemented for the case of method invocation in loop condition. | JEE |
| Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7424 | Avoid using SQL queries inside a loop | SQL queries can be expensive in terms of resources. This AIP rule checks for queries executed inside loops. | JEE / SQL |
| Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7962 | Avoid direct or indirect remote calls inside a loop | OMG rule implemented for the case of EJB or SAL call inside a loop | JEE |
| Performance Efficiency | ASCPEM-PRF-09: Non-Stored SQL Callable Control Element with Excessive Number of Data Resource Access | Technology / Unit | 7914 | Avoid direct access to Database Tables | Strict implementation of the OMG rule: forbids use of non-stored SQL procedures in Java Code | JEE |
| Performance Efficiency | ASCPEM-PRF-09: Non-Stored SQL Callable Control Element with Excessive Number of Data Resource Access | Technology / Unit | - | SQL | ||
| Performance Efficiency | ASCPEM-PRF-10: Non-SQL Named Callable and Method Control Element with Excessive Number of Data Resource Access | System | 8110 | Use dedicated stored procedures when multiple data accesses are needed | OMG rule implemented for SQL calls in Java code. It takes into account any database access, via explicit SQL command and via stored procedure. | JEE |
| Performance Efficiency | ASCPEM-PRF-10: Non-SQL Named Callable and Method Control Element with Excessive Number of Data Resource Access | System | - | SQL | ||
| Performance Efficiency | ASCPEM-PRF-11: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | AC | Architecture Checker | Defining the architecture with Architecture Checker and specifying the authorized links between the layers allow to pinpoint the components with layer-skipping calls. | JEE |
| Performance Efficiency | ASCPEM-PRF-11: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | N/A | Not applicable to DBMS technologies | SQL | |
| Performance Efficiency | ASCPEM-PRF-12: Storable and Member Data Element Excessive Number of Aggregated Storable and Member Data Elements | Technology / Unit | 7424 | Avoid using SQL queries inside a loop | SQL queries can be expensive in terms of resources. This AIP rule checks for queries executed inside loops. | JEE |
| Performance Efficiency | ASCPEM-PRF-12: Storable and Member Data Element Excessive Number of Aggregated Storable and Member Data Elements | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Performance Efficiency | ASCPEM-PRF-14: Storable and Member Data Element Memory Allocation Missing De-Allocation Control Element | Technology / Unit | N/A | Not applicable in the Java context, where memory is fully managed. | JEE / SQL | |
| Performance Efficiency | ASCPEM-PRF-15: Storable and Member Data Element Reference Missing De-Referencing Control Element | Technology / Unit | 7562 | Avoid static Field of type collection | OMG rule implemented for static collection variables, which are storage structures with potentially increasing memory, and are created from the lifetime of the application without the possibility of being dereferenced. | JEE |
| Performance Efficiency | ASCPEM-PRF-15: Storable and Member Data Element Reference Missing De-Referencing Control Element | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | - | JEE / SQL | ||
| Reliability | ASCRM-CWE-252-data: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Data Resource | System / Technology / Unit | 8112 | Avoid improper processing of the execution status of data handling operation | Implementation of the OMG rule in the Java context, by checking proper handling of exceptions triggers durting data access operations | JEE |
| Reliability | ASCRM-CWE-252-data: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Data Resource | System / Technology / Unit | - | SQL | ||
| Reliability | ASCRM-CWE-704: Incorrect Type Conversion or Cast | Technology / Unit | - | JEE / SQL | ||
| Reliability | ASCRM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | 8108 | Close the outermost stream ASAP | OMG rule implemented in the case of Java streams | JEE |
| Reliability | ASCRM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | 8104 | Close database resources ASAP | OMG rule implemented for Java DB accesses (JDBC, JPA and Hibernate) | JEE |
| Reliability | ASCRM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | - | SQL | ||
| Reliability | ASCRM-CWE-788: Memory Location Access After End of Buffer | Technology / Unit | N/A | In Java, out of bound access is detected by the language, and will throw an exception | JEE / SQL | |
| Reliability | ASCRM-RLB-02: Serializable Storable Data Element without Serialization Control Element | Technology / Unit | - | Not applicable in the context of database technologies. | JEE / SQL | |
| Reliability | ASCRM-RLB-03: Serializable Storable Data Element with non-Serializable Item Elements | Technology / Unit | 7650 | All types of a serializable Class must be serializable | Direct implementation of the rule. | JEE |
| Reliability | ASCRM-RLB-03: Serializable Storable Data Element with non-Serializable Item Elements | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-04: Persistant Storable Data Element without Proper Comparison Control Element | Technology / Unit | 7504 | Persistent classes should Implement hashCode() and equals() | OMG rule implemented in the case of Hibernate persistence. | JEE |
| Reliability | ASCRM-RLB-04: Persistant Storable Data Element without Proper Comparison Control Element | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-05: Runtime Resource Management Control Element in a Component Built to Run on Application Servers | Technology / Unit | 7728 | Avoid thread creation for application running on application server | OMG rule implemented for forbidding thread creations | JEE |
| Reliability | ASCRM-RLB-05: Runtime Resource Management Control Element in a Component Built to Run on Application Servers | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-10: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | AC | Architecture Checker | Defining the architecture with Architecture Checker and specifying the authorized links between the layers allow to pinpoint the components with layer-skipping calls. | JEE |
| Reliability | ASCRM-RLB-10: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | N/A | Not applicable to DBMS technologies | SQL | |
| Reliability | ASCRM-RLB-11: Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | Technology | 7154 | Avoid Fields in Action Classes that are not final static | OMG rule implemented in the case of multi-threading implemented using Struts actions. | JEE |
| Reliability | ASCRM-RLB-11: Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-13: Inter-Module Dependency Cycles | Technology | 7292 | Avoid cyclical calls and inheritances between packages | Direct implementation of the rule. | JEE |
| Reliability | ASCRM-RLB-13: Inter-Module Dependency Cycles | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-14: Parent Class Element with References to Child Class Element | Technology | 7934 | Avoid Superclass (or Interface) knowing Subclass (or Interface) | Direct implementation of the rule. | JEE |
| Reliability | ASCRM-RLB-14: Parent Class Element with References to Child Class Element | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-022: Path Traversal Improper Input Neutralization | System / Technology | 7752 | Avoid file path manipulation vulnerabilities ( CWE-73 ) | Direct implementation of the rule. | JEE |
| Security | ASCSM-CWE-022: Path Traversal Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-078: OS Command Injection Improper Input Neutralization | System / Technology | 7748 | Avoid OS command injection vulnerabilities ( CWE-78 ) | Direct implementation of the rule. | JEE |
| Security | ASCSM-CWE-078: OS Command Injection Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-079: Cross-site Scripting Improper Input Neutralization | System / Technology | 7740 | Avoid cross-site scripting DOM vulnerabilities ( CWE-79 ) | Direct implementation of the rule. | JEE |
| Security | ASCSM-CWE-079: Cross-site Scripting Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-089: SQL Injection Improper Input Neutralization | System / Technology | 7742 | Avoid SQL injection vulnerabilities ( CWE-89 ) | Direct implementation of the rule. | JEE |
| Security | ASCSM-CWE-089: SQL Injection Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-99: Name or Reference Resolution Improper Input Neutralization | System / Technology / Unit | 7732 | Avoid non validated inputs | Checks inputs validation in the JSP context | JEE |
| Security | ASCSM-CWE-99: Name or Reference Resolution Improper Input Neutralization | System / Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | - | JEE / SQL | ||
| Security | ASCSM-CWE-129: Array Index Improper Input Neutralization | System / Technology | - | Not applicable in the context of database technologies.
| JEE / SQL | |
| Security | ASCSM-CWE-134: Format String Improper Input Neutralization | System / Technology | 8098 | Avoid uncontrolled format string (CWE-134) | Direct implementation of the rule. | JEE |
| Security | ASCSM-CWE-134: Format String Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-434: File Upload Improper Input Neutralization | System / Technology | 7752 | Avoid file path manipulation vulnerabilities ( CWE-73 ) | Direct implementation of the rule. | JEE |
| 8218 | Direct implementation of the rule. | JEE | ||||
| Security | ASCSM-CWE-434: File Upload Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-606: Unchecked Input for Loop Condition | System / Technology | - | JEE / SQL | ||
| Security | ASCSM-CWE-667: Shared Resource Improper Locking | Technology | - | JEE / SQL | ||
| Security | ASCSM-CWE-672: Expired or Released Resource Usage | Technology / Unit | 8214 | Direct implementation of the rule. | JEE | |
| Security | ASCSM-CWE-672: Expired or Released Resource Usage | Technology / Unit | - | SQL | ||
| Security | ASCSM-CWE-681: Numeric Types Incorrect Conversion | Technology / Unit | 8216 | Direct implementation of the rule. | JEE | |
| Security | ASCSM-CWE-681: Numeric Types Incorrect Conversion | Technology / Unit | - | SQL | ||
| Security | ASCSM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | 8108 | Close the outermost stream ASAP | OMG rule implemented in the case of Java streams | JEE |
| Security | ASCSM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | 8104 | Close database resources ASAP | OMG rule implemented for Java DB accesses (JDBC, JPA and Hibernate) | JEE |
| Security | ASCSM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | - | SQL | ||
| Security | ASCSM-CWE-789: Uncontrolled Memory Allocation | System / Technology | - | JEE / SQL | ||
| Security | ASCSM-CWE-798: Hard-Coded Credentials Usage for Remote Authentication | Technology / Unit | 8222 | Direct implementation of the rule. | JEE | |
| Security | ASCSM-CWE-798: Hard-Coded Credentials Usage for Remote Authentication | Technology / Unit | - | SQL | ||
| Security | ASCSM-CWE-835: Loop with Unreachable Exit Condition (Infinite Loop) | Technology / Unit | 7388 | Avoid artifacts having recursive calls | Direct implementation of the rule. | JEE |
| Security | ASCSM-CWE-835: Loop with Unreachable Exit Condition (Infinite Loop) | Technology / Unit | - | SQL |
Unit-level CISQ/OMG Quality Measurement Rules for a JEE and Oracle SQL application can be found here: CISQ/OMG Automated Source Code Measurement Standards Coverage for a JEE and Oracle SQL application - Unit-level