This page presents the CISQ/OMG Quality Measurement Rules at unit-level for applications based on C++ technology and Microsoft SQL supported by CAST AIP. C++ and Microsoft SQL is an example of a common technology stack used in many applications. If necessary, CAST can help create overview of CISQ coverage for other combinations of technologies.
| OMG Characteristics | OMG Rule Id and Name | Levels | AIP QR Id | AIP QR Name | Description of Coverage | Source Techno |
|---|---|---|---|---|---|---|
| Maintainability | ASCMM-MNT-01: Control Flow Transfer Control Element outside Switch Block | Unit | 8032 | Avoid using a break statement in 'for' loops | OMG rule applied to the case of "break" in "for" loop. | C++ |
| Maintainability | ASCMM-MNT-01: Control Flow Transfer Control Element outside Switch Block | Unit | 8028 | Avoid missing default in switch statements | OMG rule applied to the case of missing "default" in switch | C++ |
| Maintainability | ASCMM-MNT-01: Control Flow Transfer Control Element outside Switch Block | Unit | 7816 | Avoid using GOTO statement | The rule will lists all Functions and Procedures using "GOTO" statements in the participating database.
| SQL |
| Maintainability | ASCMM-MNT-03: Storable and Member Data Element Initialization with Hard-Coded Literals | Unit | - | C++ / SQL | ||
| Maintainability | ASCMM-MNT-05: Loop Value Update within the Loop | Unit | - | C++ / SQL | ||
| Maintainability | ASCMM-MNT-06: Commented Code Element Excessive Volume | Unit | 7126 | Avoid Artifacts with high Commented-out Code Lines/Code Lines ratio | Direct implementation of the rule. | C++ / SQL |
| Maintainability | ASCMM-MNT-08: Source Element Excessive Size | Unit | 7842 | Avoid large Artifacts - too many Lines of Code | Direct implementation of the rule. | C++ / SQL |
| Maintainability | ASCMM-MNT-11: Callable and Method Control Element Excessive Cyclomatic Complexity Value | Unit | 7766 | Avoid Artifacts with High Cyclomatic Complexity | Direct implementation of the rule. | C++ / SQL |
| Maintainability | ASCMM-MNT-13: Callable and Method Control Element Excessive Number of Parameters | Unit | 7770 | Avoid Artifacts with too many parameters | Direct implementation of the rule. | C++ / SQL |
| Maintainability | ASCMM-MNT-14: Callable and Method Control Element Excessive Number of Control Elements involving Data Element from Data Manager or File Resource | Unit | - | C++ / SQL | ||
| Maintainability | ASCMM-MNT-15: Public Member Element | Unit | 7794 | Avoid Classes with a High Public Data Ratio | The Public Data Ratio is directly linked to Public Member Elements. | C++ |
| Maintainability | ASCMM-MNT-15: Public Member Element | Unit | 630 | Avoid data members that are not private | In order to gain full control on all the data members/objects of a class, it is necessary to create member functions that will only allow to access/modify the data members/objects. This is one of the main benefits and principles of Object-Oriented design and coding: Encapsulation. If direct access to the object state is allowed through public members, there is no way for the class to ensure its invariants are respected and it will be less secure. | C++ |
| Maintainability | ASCMM-MNT-15: Public Member Element | Unit | - | SQL | ||
| Maintainability | ASCMM-MNT-16: Method Control Element Usage of Member Element from other Class Element | Unit | - | C++ | ||
| Maintainability | ASCMM-MNT-16: Method Control Element Usage of Member Element from other Class Element | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Maintainability | ASCMM-MNT-19: Named Callable and Method Control Element Excessive Similarity | Unit | 7156 | Avoid Too Many Copy Pasted Artifacts | Element similarity is addressed by the copy/paste ratio measured by the AIP rule. | C++ / SQL |
| Performance Efficiency | ASCPEM-PRF-01: Static Block Element containing Class Instance Creation Control Element | Unit | - | C++ / SQL | ||
| Performance Efficiency | ASCPEM-PRF-02: Immutable Storable and Member Data Element Creation | Unit | - | C++ | ||
| Performance Efficiency | ASCPEM-PRF-02: Immutable Storable and Member Data Element Creation | Unit | 7790
| Avoid Cursors inside a loop | This rule lists all SQL Artifacts (except table and view) accessing a cursor inside a loop. | SQL |
| Performance Efficiency | ASCPEM-PRF-03: Static Member Data Element outside of a Singleton Class Element | Unit | - | C++ | ||
| Performance Efficiency | ASCPEM-PRF-03: Static Member Data Element outside of a Singleton Class Element | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Performance Efficiency | ASCPEM-PRF-06: Large Data Resource ColumnSet Excessive Number of Index Elements | Unit | - | C++ / SQL | ||
| Performance Efficiency | ASCPEM-PRF-07: Large Data Resource ColumnSet with Index Element of Excessive Size | Unit | - | C++ / SQL | ||
| Performance Efficiency | ASCPEM-PRF-13: Data Resource Access not using Connection Pooling capability | Unit | - | C++ | ||
| Performance Efficiency | ASCPEM-PRF-13: Data Resource Access not using Connection Pooling capability | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-CWE-252-resource: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Platform Resource | Unit | - | C++ / SQL | ||
| Reliability | ASCRM-CWE-396: Declaration of Catch for Generic Exception | Unit | 8000 | Avoid 'catch-all' statement | Implementation of the OMG rule in the C++ context, for the 'catch-all' statement. | C++ |
| Reliability | ASCRM-CWE-396: Declaration of Catch for Generic Exception | Unit | - | SQL | ||
| Reliability | ASCRM-CWE-397: Declaration of Throws for Generic Exception | Unit | 678 | Never throw an exception from a Destructor | Direct implementation of the rule | C++ |
| Reliability | ASCRM-CWE-397: Declaration of Throws for Generic Exception | Unit | - | SQL | ||
| Reliability | ASCRM-CWE-456: Storable and Member Data Element Missing Initialization | Unit | 7932 | Avoid Constructors not supplying an initial value for all non-static data members | It is necessary to initialize data members either scalar types or pointers in order to reduce the risk of an invalid state after successful construction. Not initializing such data members can lead to unexpected behaviour. | C++ |
| Reliability | ASCRM-CWE-456: Storable and Member Data Element Missing Initialization | Unit | 7998 | Avoid local variables that are not initialized at declaration time | It is necessary to initialize data members either scalar types or pointers in order to reduce the risk of an invalid state after successful construction. Not initializing such data members can lead to unexpected behaviour. | C++ |
| Reliability | ASCRM-CWE-456: Storable and Member Data Element Missing Initialization | Unit | - | SQL | ||
| Reliability | ASCRM-CWE-674: Uncontrolled Recursion | Unit | 7388 | Avoid artifacts having recursive calls | Direct implementation of the rule. | C++ / SQL |
| Reliability | ASCRM-RLB-06: Storable or Member Data Element containing Pointer Item Element without Proper Copy Control Element | Unit | 7298 | A Class that has pointer data members must provide a copy Constructor | If you do not provide a copy constructor, the compiler will generate one for you automatically. This generated copy constructor simply performs a member-wise assignment of all of the data members of a class. This is fine for a class that does not contain any pointer variables, but for pointers this would lead to duplicate references to the same objects with the risk of invalid references and thus of memory corruption and crashes. It is a good idea to get into the habit of always providing the copy constructor for your classes. | C++ |
| Reliability | ASCRM-RLB-06: Storable or Member Data Element containing Pointer Item Element without Proper Copy Control Element | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-07: Class Instance Self Destruction Control Element | Unit | 8004 | Avoid using 'delete this' | This requirement ensures that self destruction of objects can be harmful. For example, 'delete this' leaves the current instance in a "dangling" state, which may lead to undefined behavior. 'delete this' is only valid if you can guarantee that the instance members will no longer be accessed. | C++ |
| Reliability | ASCRM-RLB-07: Class Instance Self Destruction Control Element | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-08: Named Callable and Method Control Elements with Variadic Parameter Element | Unit | 8074 | Avoid using 'class' or 'struct' parameters with variadic Functions | Variadic functions are functions that accept a variable number of arguments, such as 'printf()' and 'format()'. Using them with other data types than C-style structs will lead to unexpected behaviour. | C++ |
| Reliability | ASCRM-RLB-08: Named Callable and Method Control Elements with Variadic Parameter Element | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-09: Float Type Storable and Member Data Element Comparison with Equality Operator | Unit | - | C++ / SQL | ||
| Reliability | ASCRM-RLB-12: Singleton Class Instance Creation without Proper Lock Element Management | Unit | - | C++ | ||
| Reliability | ASCRM-RLB-12: Singleton Class Instance Creation without Proper Lock Element Management | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-15: Class Element with Virtual Method Element wihout Virtual Destructor | Unit | 584 | Avoid Classes with at least one virtual Function and without a virtual Destructor | Whenever a virtual method is defined in a class, it means that the class is intended to be used in an inheritance hierarchy. In this context, a derived object will often be handled through a pointer to its base class, to achieve polymorphism. If a class has a non-virtual destructor, and an attempt is made to destroy an object of a derived type through a pointer to the base type, the behavior is undefined. | C++ |
| Reliability | ASCRM-RLB-15: Class Element with Virtual Method Element without Virtual Destructor | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-16: Parent Class Element without Virtual Destructor Method Element | Unit | 620 | Avoid base Classes without virtual Destructors | On some platforms, it may call the base-class version of the destructor instead of the derived-class version, provoking memory leaks, resource losses and stability issues. | C++ |
| Reliability | ASCRM-RLB-16: Parent Class Element without Virtual Destructor Method Element | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-17: Child Class Element wihout Virtual Destructor unlike its Parent Class Element | Unit | 7340 | Avoid Classes with Destructor not explicitly virtual whenever one of its base Class has a virtual Destructor | Whenever a virtual method is defined in a class, it means that the class is intended to be used in an inheritance hierarchy. In this context, a derived object will often be handled through a pointer to its base class, to achieve polymorphism. If a class has a non-virtual destructor, and an attempt is made to destroy an object of a derived type through a pointer to the base type, the behavior is undefined. | C++ |
| Reliability | ASCRM-RLB-17: Child Class Element without Virtual Destructor unlike its Parent Class Element | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-18: Storable and Member Data Element Initialization with Hard-Coded Network Resource Configuration Data | Unit | - | C++ | ||
| Reliability | ASCRM-RLB-18: Storable and Member Data Element Initialization with Hard-Coded Network Resource Configuration Data | Unit | - | SQL | ||
| Reliability | ASCRM-RLB-19: Synchronous Call Time-Out Absence | Unit | 8054 | Avoid calling blocking functions with an infinite timeout | Here we have to ensure that we avoid functions with parameters corresponding to infinite timeout can lead to program blocking and/or deadlock.
| C++ |
| Reliability | ASCRM-RLB-19: Synchronous Call Time-Out Absence | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-252-resource: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Platform Resource | Unit | - | C++ / SQL | ||
| Security | ASCSM-CWE-327: Broken or Risky Cryptographic Algorithm Usage | Unit | - | C++ | ||
| Security | ASCSM-CWE-327: Broken or Risky Cryptographic Algorithm Usage | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-396: Declaration of Catch for Generic Exception | Unit | - | C++ | ||
| Security | ASCSM-CWE-396: Declaration of Catch for Generic Exception | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-397: Declaration of Throws for Generic Exception | Unit | - | C++ | ||
| Security | ASCSM-CWE-397: Declaration of Throws for Generic Exception | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-456: Storable and Member Data Element Missing Initialization | Unit | - | C++ | ||
| Security | ASCSM-CWE-456: Storable and Member Data Element Missing Initialization | Unit | N/A | Not applicable in the context of database technologies. | SQL |