Page tree
Skip to end of metadata
Go to start of metadata

Error rendering macro 'redirect'

Invalid URL: "CISQ - CWE - OWASP rules". Please provide a valid URL to redirect to.

This page presents the CISQ/OMG Quality Measurement Rules at unit-level for applications based on JEE technology and Oracle SQL supported by CAST AIP. JEE and Oracle SQL is an example of a common technology stack used in many applications. If necessary, CAST can help create overview of CISQ coverage for other combinations of technologies.

OMG CharacteristicsOMG Rule Id and NameLevelsAIP QR IdAIP QR NameDescriptionSource Techno
MaintainabilityASCMM-MNT-01: Control Flow Transfer Control Element outside Switch BlockUnit7910Never exit a finally block with a return, break, continue, or throwJava try/catch/finally blocks can be considered as conditional control structures, albeit based on exception instead of stored variables. This rule checks for unconditional transfer of control in the "finally" block.JEE
MaintainabilityASCMM-MNT-01: Control Flow Transfer Control Element outside Switch BlockUnit8032Avoid using a break statement in 'for' loopsOMG rule applied to the case of "break" in "for" loop. JEE
MaintainabilityASCMM-MNT-01: Control Flow Transfer Control Element outside Switch BlockUnit7816Avoid using GOTO statement

The rule will lists all Functions and Procedures using "GOTO" statements in the participating database.

 

SQL
MaintainabilityASCMM-MNT-03: Storable and Member Data Element Initialization with Hard-Coded LiteralsUnit-  JEE / SQL
MaintainabilityASCMM-MNT-05: Loop Value Update within the LoopUnit-  JEE / SQL
MaintainabilityASCMM-MNT-06: Commented Code Element Excessive VolumeUnit7126Avoid Artifacts with high Commented-out Code Lines/Code Lines ratioDirect implementation of the rule.JEE / SQL
MaintainabilityASCMM-MNT-08: Source Element Excessive SizeUnit7842Avoid large Artifacts - too many Lines of Code

Direct implementation of the rule.

However, OMG mandates a default value of 1000 for the maximum number of lines. The default in AIP is technology dependent, 100 in the case of JEE

JEE
MaintainabilityASCMM-MNT-08: Source Element Excessive SizeUnit7842Avoid large Artifacts - too many Lines of CodeDirect implementation of the rule.SQL
MaintainabilityASCMM-MNT-11: Callable and Method Control Element Excessive Cyclomatic Complexity ValueUnit7766Avoid Artifacts with High Cyclomatic ComplexityDirect implementation of the rule.JEE / SQL
MaintainabilityASCMM-MNT-13: Callable and Method Control Element Excessive Number of Parameters Unit7770Avoid Artifacts with too many parametersDirect implementation of the rule.JEE / SQL
MaintainabilityASCMM-MNT-14: Callable and Method Control Element Excessive Number of Control Elements involving Data Element from Data Manager or File Resource Unit-  JEE / SQL
MaintainabilityASCMM-MNT-15: Public Member ElementUnit4568Avoid declaring Public Instance VariablesDirect implementation of the rule.JEE
MaintainabilityASCMM-MNT-15: Public Member ElementUnit-  SQL
MaintainabilityASCMM-MNT-16: Method Control Element Usage of Member Element from other Class ElementUnit4602Avoid using Fields (non static final) from other ClassesDirect implementation of the rule.JEE
MaintainabilityASCMM-MNT-16: Method Control Element Usage of Member Element from other Class ElementUnitN/A Not applicable in the context of database technologies.SQL
MaintainabilityASCMM-MNT-19: Named Callable and Method Control Element Excessive SimilarityUnit7156Avoid Too Many Copy Pasted ArtifactsElement similarity is addressed by the copy/paste ratio measured by the AIP rule.JEE / SQL
Performance EfficiencyASCPEM-PRF-01: Static Block Element containing Class Instance Creation Control ElementUnit-  JEE / SQL
Performance EfficiencyASCPEM-PRF-02: Immutable Storable and Member Data Element CreationUnit7200Avoid String concatenation in loopsOMG rule implemented for the case of concatenation inside loopsJEE
Performance EfficiencyASCPEM-PRF-02: Immutable Storable and Member Data Element CreationUnit7954Avoid indirect String concatenation inside loopsOMG rule implemented for the case of concatenation inside functions/methods called inside loopsJEE
Performance EfficiencyASCPEM-PRF-02: Immutable Storable and Member Data Element CreationUnit

7790

 

Avoid Cursors inside a loopThis rule lists all SQL Artifacts (except table and view) accessing a cursor inside a loop.SQL
Performance EfficiencyASCPEM-PRF-03: Static Member Data Element outside of a Singleton Class ElementUnit7562Avoid static Field of type collectionOMG rule implemented for the case of static collection fields.
There is no exception for Singleton classes in that case, since the memory issues cause by static collections also apply to their case.
JEE
Performance EfficiencyASCPEM-PRF-03: Static Member Data Element outside of a Singleton Class ElementUnit7704Avoid static Fields that are not finalOMG rule applied to the case of EJBJEE
Performance EfficiencyASCPEM-PRF-03: Static Member Data Element outside of a Singleton Class ElementUnitN/A Not applicable in the context of database technologies.SQL
Performance EfficiencyASCPEM-PRF-06: Large Data Resource ColumnSet Excessive Number of Index ElementsUnit7348Avoid too many Indexes on one TableDirect implementation of the rule.JEE
Performance EfficiencyASCPEM-PRF-06: Large Data Resource ColumnSet Excessive Number of Index ElementsUnit-  SQL
Performance EfficiencyASCPEM-PRF-07: Large Data Resource ColumnSet with Index Element of  Excessive SizeUnit7350Avoid Tables having Indexes with a too large Index definitionDirect implementation of the rule.JEE
Performance EfficiencyASCPEM-PRF-07: Large Data Resource ColumnSet with Index Element of  Excessive SizeUnit-  SQL
Performance EfficiencyASCPEM-PRF-13: Data Resource Access not using Connection Pooling capabilityUnit7638Avoid using DriverManagerOMG rule implemented for Java, where Driver manager creates basic, non-pooled DB connection.JEE
Performance EfficiencyASCPEM-PRF-13: Data Resource Access not using Connection Pooling capabilityUnitN/A Not applicable in the context of database technologies.SQL
ReliabilityASCRM-CWE-252-resource: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Platform ResourceUnitN/A In Java, errors in the handling of system resources are reported via exceptions, which cannot go undetected. If not handled, the program will stopJEE / SQL
ReliabilityASCRM-CWE-396: Declaration of Catch for Generic ExceptionUnit7862Avoid catching an exception of type Exception, RuntimeException, or ThrowableImplementation of the OMG rule in the Java context, for all the basic Exception typesJEE
ReliabilityASCRM-CWE-396: Declaration of Catch for Generic ExceptionUnit-  SQL
ReliabilityASCRM-CWE-397: Declaration of Throws for Generic ExceptionUnit7824The exception Exception should never been thrown. Always Subclass Exception and throw the subclassed Classes.Direct implementation of the rule.JEE
ReliabilityASCRM-CWE-397: Declaration of Throws for Generic ExceptionUnit-  SQL
ReliabilityASCRM-CWE-456: Storable and Member Data Element Missing InitializationUnitN/A In Java, member variables are always given a default value when an object is instantiated, even if the constructor does not explicitly assign one.JEE / SQL
ReliabilityASCRM-CWE-674:Uncontrolled RecursionUnit7388Avoid artifacts having recursive callsDirect implementation of the rule.JEE / SQL
ReliabilityASCRM-RLB-01: Empty Exception BlockUnit7782Avoid empty finally blocksFinally blocks must be used to execute the code that is needed after either the try and/or the catch block have been executed.JEE
ReliabilityASCRM-RLB-01: Empty Exception BlockUnit7788Avoid empty catch blocksDirect implementation of the rule.JEE
ReliabilityASCRM-RLB-01: Empty Exception BlockUnitN/A Not applicable in the context of database technologies.SQL
ReliabilityASCRM-RLB-06: Storable or Member Data Element containing Pointer Item Element without Proper Copy Control ElementUnitN/A 

Not applicable in the Java context, where there is no pointer.

Not applicable in the context of database technologies.

JEE / SQL
ReliabilityASCRM-RLB-07: Class Instance Self Destruction Control ElementUnitN/A 

Not applicable in the Java context, where there is no explicit destruction of objects

Not applicable in the context of database technologies.

JEE / SQL
ReliabilityASCRM-RLB-08: Named Callable and Method Control Elements with Variadic Parameter ElementUnit- 

Not applicable in the Java context.

Not applicable in the context of database technologies.

JEE / SQL
ReliabilityASCRM-RLB-09: Float Type Storable and Member Data Element Comparison with Equality OperatorUnit8096Avoid testing floating point numbers for equalityOMG rule implemented in the case of float to float comparisonJEE
ReliabilityASCRM-RLB-09: Float Type Storable and Member Data Element Comparison with Equality OperatorUnit-  SQL
ReliabilityASCRM-RLB-12: Singleton Class Instance Creation without Proper Lock Element ManagementUnit7438Avoid non thread safe singletonDirect implementation of the rule.JEE
ReliabilityASCRM-RLB-12: Singleton Class Instance Creation without Proper Lock Element ManagementUnitN/A Not applicable in the context of database technologies. SQL
ReliabilityASCRM-RLB-15: Class Element with Virtual Method Element wihout Virtual DestructorUnitN/A 

Not applicable in the Java context, where there is no explicit destruction of objects

Not applicable in the context of database technologies.

JEE / SQL
ReliabilityASCRM-RLB-16: Parent Class Element without Virtual Destructor Method ElementUnitN/A 

Not applicable in the Java context, where there is no explicit destruction of objects

Not applicable in the context of database technologies.

 

JEE / SQL
ReliabilityASCRM-RLB-17: Child Class Element wihout Virtual Destructor unlike its Parent Class Element UnitN/A 

Not applicable in the Java context, where there is no explicit destruction of objects

Not applicable in the context of database technologies.

JEE / SQL
ReliabilityASCRM-RLB-18: Storable and Member Data Element Initialization with Hard-Coded Network Resource Configuration DataUnit8102Avoid hard-coded network resource namesDirect implementation of the rule.JEE
ReliabilityASCRM-RLB-18: Storable and Member Data Element Initialization with Hard-Coded Network Resource Configuration DataUnit-  SQL
ReliabilityASCRM-RLB-19: Synchronous Call Time-Out AbsenceUnit8100Blocking synchronous calls should have associated timeoutsDirect implementation of the rule.JEE
ReliabilityASCRM-RLB-19: Synchronous Call Time-Out AbsenceUnitN/A Not applicable in the context of database technologies. SQL
SecurityASCSM-CWE-252-resource: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Platform ResourceUnit-  JEE / SQL
SecurityASCSM-CWE-327: Broken or Risky Cryptographic Algorithm UsageUnit- 

Not applicable in the context of database technologies.

Not applicable in the Java context.

JEE / SQL
SecurityASCSM-CWE-396: Declaration of Catch for Generic ExceptionUnit7862Avoid catching an exception of type Exception, RuntimeException, or ThrowableImplementation of the OMG rule in the Java context, for all the basic Exception typesJEE
SecurityASCSM-CWE-396: Declaration of Catch for Generic ExceptionUnitN/A Not applicable in the context of database technologies. SQL
SecurityASCSM-CWE-397: Declaration of Throws for Generic ExceptionUnit7824The exception Exception should never been thrown. Always Subclass Exception and throw the subclassed Classes.Direct implementation of the rule.JEE
SecurityASCSM-CWE-397: Declaration of Throws for Generic ExceptionUnitN/A Not applicable in the context of database technologies. SQL
SecurityASCSM-CWE-456: Storable and Member Data Element Missing InitializationUnitN/A 

In Java, member variables are always given a default value when an object is instantiated, even if the constructor does not explicitly assign one.

Not applicable in the context of database technologies.

JEE / SQL
  • No labels