This page presents the CISQ/OMG Quality Measurement Rules coverage at system- and technology-level for applications based on .NET technology and Microsoft SQL supported by CAST AIP. .NET and Microsoft SQL is an example of a common technology stack used in many applications. If necessary, CAST can help create an overview of CISQ coverage for other combinations of technologies.
| OMG Characteristics | OMG Rule Id and Name | Levels | AIP QR Id | AIP QR Name | Description | Source Techno |
|---|---|---|---|---|---|---|
| Maintainability | ASCMM-MNT-02: Class Element Excessive Inheritance of Class Elements with Concrete Implementation | Technology | N/A | .NET: does not provide multiple heritage for classes SQL: Not applicable in the context of database technologies. Relational databases don't deal with objects (and, thus, inheritance) - they deal with entities and relationships. | .NET / SQL | |
| Maintainability | ASCMM-MNT-04: Callable and Method Control Element Number of Outward Calls | System / Technology / Unit | 7778 | Avoid Artifacts with High Fan-Out | Direct implementation of the rule. | .NET / SQL |
| Maintainability | ASCMM-MNT-07: Inter-Module Dependency Cycles | Technology | 7294 | Avoid cyclical calls and inheritances between namespaces content | OMG rule is implemented for the namespaces. | .NET |
| Maintainability | ASCMM-MNT-07: Inter-Module Dependency Cycles | Technology | N/A | Not applicable in the context of database technologies. The modules are usually developed using a programming language. | SQL | |
| Maintainability | ASCMM-MNT-09: Horizontal Layer Excessive Number | System | AC | Architecture Checker | Excessive number of layers are detected when defining the architecture. | .NET |
| Maintainability | ASCMM-MNT-09: Horizontal Layer Excessive Number | System | N/A | Not applicable to DBMS technologies | SQL | |
| Maintainability | ASCMM-MNT-10: Named Callable and Method Control Element Multi-Layer Span | System | AC | Architecture Checker | Components that span several layers are detected when defining the architecture. | .NET |
| Maintainability | ASCMM-MNT-10: Named Callable and Method Control Element Multi-Layer Span | System | N/A | Not applicable to DBMS technologies | SQL | |
| Maintainability | ASCMM-MNT-12: Named Callable and Method Control Element with Layer-skipping Call | System | AC | Architecture Checker | Defining the architecture with Architecture Checker and specifying the authorized links between the layers allow to pinpoint the components with layer-skipping calls. | .NET |
| Maintainability | ASCMM-MNT-12: Named Callable and Method Control Element with Layer-skipping Call | System | N/A | Not applicable to DBMS technologies | SQL | |
| Maintainability | ASCMM-MNT-17: Class Element Excessive Inheritance Level | Technology | 7802 | Avoid Classes with a High Depth of Inheritance Tree | Direct implementation of the rule. | .NET |
| Maintainability | ASCMM-MNT-17: Class Element Excessive Inheritance Level | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Maintainability | ASCMM-MNT-18: Class Element Excessive Number of Children | Technology | 7792 | Avoid Classes with a High Number Of Children | Direct implementation of the rule. | .NET |
| Maintainability | ASCMM-MNT-18: Class Element Excessive Number of Children | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 7908 | Avoid unreferenced Methods | Direct implementation of the rule. | .NET |
| Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 7860
| Avoid unreferenced Functions | This rule lists all unreferenced functions, procedures and package functions & procedures. | SQL |
| Performance Efficiency | ASCPEM-PRF-04: Data Resource Read and Write Access Excessive Complexity | System / Technology / Unit | 7808
| Avoid Artifacts with SQL statement including subqueries | Sub-queries contribute to SQL query complexity. This AIP rule checks for nested SQL queries. | .NET / SQL |
| Performance Efficiency | ASCPEM-PRF-04: Data Resource Read and Write Access Excessive Complexity | System / Technology / Unit | 7130 | Avoid Artifacts with High Depth of Nested Subqueries | The complexity of SQL subqueries can cause performance issues. | .NET |
| Performance Efficiency | ASCPEM-PRF-05: Data Resource Read Access Unsupported by Index Element | System / Technology / Unit | - | .NET | ||
| erformance Efficiency | ASCPEM-PRF-05: Data Resource Read Access Unsupported by Index Element | System / Technology / Unit | 7902 | Avoid SQL queries that no index can support | Direct implementation of the rule. | SQL |
| Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7470 | Avoid doing select on Data table in loop | SQL queries can be expensive in terms of resources. This AIP rule checks for queries executed inside loops. | .NET |
| Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7198 | Avoid String concatenation in loops | String concatenation can be expensive in terms of resources. This AIP rule checks for concatenations executed inside loops. | .NET |
| Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7204 | Avoid method invocation in a loop termination expression | Method invocation can be expensive in terms of resources inside a loop. This AIP rule checks for method invocation executed inside loops. | .NET |
| Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7424 | Avoid using SQL queries inside a loop | SQL queries can be expensive in terms of resources inside a loop. This AIP rule checks for SQL queries executed inside loops. | .NET / SQL |
| Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7212 | Avoid instantiations inside loops | OMG rule implemented for the case of Class instantiation inside a loop | .NET |
| Performance Efficiency | ASCPEM-PRF-09: Non-Stored SQL Callable Control Element with Excessive Number of Data Resource Access | Technology / Unit | 7914 | Avoid direct access to Database Tables | OMG rule has been implemented for the SQL requests. | .NET |
| Performance Efficiency | ASCPEM-PRF-09: Non-Stored SQL Callable Control Element with Excessive Number of Data Resource Access | Technology / Unit | - | SQL | ||
| Performance Efficiency | ASCPEM-PRF-10: Non-SQL Named Callable and Method Control Element with Excessive Number of Data Resource Access | System | 8110 | Use dedicated stored procedures when multiple data accesses are needed | OMG rule implemented for SQL calls in .NET code. It takes into account any database access, via explicit SQL command and via stored procedure. | .NET |
| Performance Efficiency | ASCPEM-PRF-10: Non-SQL Named Callable and Method Control Element with Excessive Number of Data Resource Access | System | - | SQL | ||
| Performance Efficiency | ASCPEM-PRF-11: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | AC | Architecture Checker | Defining the architecture with Architecture Checker and specifying the authorized links between the layers allow to pinpoint the components with layer-skipping calls. | .NET |
| Performance Efficiency | ASCPEM-PRF-11: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | N/A | Not applicable to DBMS technologies | SQL | |
| Performance Efficiency | ASCPEM-PRF-12: Storable and Member Data Element Excessive Number of Aggregated Storable and Member Data Elements | Technology / Unit | - |
| .NET | |
| Performance Efficiency | ASCPEM-PRF-12: Storable and Member Data Element Excessive Number of Aggregated Storable and Member Data Elements | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Performance Efficiency | ASCPEM-PRF-13: Data Resource Access not using Connection Pooling capability | Unit | - | .NET | ||
| Performance Efficiency | ASCPEM-PRF-14: Storable and Member Data Element Memory Allocation Missing De-Allocation Control Element | Technology / Unit | - | .NET | ||
| Performance Efficiency | ASCPEM-PRF-14: Storable and Member Data Element Memory Allocation Missing De-Allocation Control Element | Technology / Unit | - | SQL | ||
| Performance Efficiency | ASCPEM-PRF-15: Storable and Member Data Element Reference Missing De-Referencing Control Element | Technology / Unit | 3612 | Close SQL connection ASAP | OMG rule is implemented for the SQL connections | .NET |
| Performance Efficiency | ASCPEM-PRF-15: Storable and Member Data Element Reference Missing De-Referencing Control Element | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | - | .NET / SQL | ||
| Reliability | ASCRM-CWE-252-data: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Data Resource | System / Technology / Unit | - | .NET / SQL | ||
| Reliability | ASCRM-CWE-704: Incorrect Type Conversion or Cast | Technology / Unit | 8148 | .NET | ||
| Reliability | ASCRM-CWE-704: Incorrect Type Conversion or Cast | Technology / Unit | - | SQL | ||
| Reliability | ASCRM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | 3612 | Close SQL connection ASAP | "Close SQL connection ASAP" covers a subset, the OMG rule is more general: it is about detecting unreleased resources. | .NET |
| Reliability | ASCRM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | - | SQL | ||
| Reliability | ASCRM-CWE-788: Memory Location Access After End of Buffer | Technology / Unit | N/A | The management of the memory is done automatically. | .NET | |
| Reliability | ASCRM-CWE-788: Memory Location Access After End of Buffer | Technology / Unit | - | SQL | ||
| Reliability | ASCRM-RLB-02: Serializable Storable Data Element without Serialization Control Element | Technology / Unit | - | .NET | ||
| Reliability | ASCRM-RLB-02: Serializable Storable Data Element without Serialization Control Element | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-03: Serializable Storable Data Element with non-Serializable Item Elements | Technology / Unit | - | .NET | ||
| Reliability | ASCRM-RLB-03: Serializable Storable Data Element with non-Serializable Item Elements | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-04: Persistant Storable Data Element without Proper Comparison Control Element | Technology / Unit | 7504 | .NET | ||
| Reliability | ASCRM-RLB-04: Persistant Storable Data Element without Proper Comparison Control Element | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-05: Runtime Resource Management Control Element in a Component Built to Run on Application Servers | Technology / Unit | 7728 | .NET | ||
| Reliability | ASCRM-RLB-05: Runtime Resource Management Control Element in a Component Built to Run on Application Servers | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-10: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | AC | Architecture Checker | Defining the architecture with Architecture Checker and specifying the authorized links between the layers allow to pinpoint the components with layer-skipping calls. | .NET |
| Reliability | ASCRM-RLB-10: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | N/A | Not applicable to DBMS technologies | SQL | |
| Reliability | ASCRM-RLB-11: Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | Technology | - | .NET | ||
| Reliability | ASCRM-RLB-11: Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-13: Inter-Module Dependency Cycles | Technology | 7294 | Avoid cyclical calls and inheritances between namespaces content | Direct implementation of the rule. | .NET |
| Reliability | ASCRM-RLB-13: Inter-Module Dependency Cycles | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-14: Parent Class Element with References to Child Class Element | Technology | 7934 | Avoid Superclass (or Interface) knowing Subclass (or Interface) | Direct implementation of the rule. | .NET |
| Reliability | ASCRM-RLB-14: Parent Class Element with References to Child Class Element | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-022: Path Traversal Improper Input Neutralization | System / Technology | 7752 | Avoid file path manipulation vulnerabilities ( CWE-73 ) | Direct implementation of the rule. | .NET |
| Security | ASCSM-CWE-022: Path Traversal Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-078: OS Command Injection Improper Input Neutralization | System / Technology | 7748 | Avoid OS command injection vulnerabilities ( CWE-78 ) | Direct implementation of the rule. | .NET |
| Security | ASCSM-CWE-078: OS Command Injection Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-079: Cross-site Scripting Improper Input Neutralization | System / Technology | 7740 | Avoid cross-site scripting DOM vulnerabilities ( CWE-79 ) | Direct implementation of the rule. | .NET |
| Security | ASCSM-CWE-079: Cross-site Scripting Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-089: SQL Injection Improper Input Neutralization | System / Technology | 7742 | Avoid SQL injection vulnerabilities ( CWE-89 ) | Direct implementation of the rule. | .NET |
| Security | ASCSM-CWE-089: SQL Injection Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-99: Name or Reference Resolution Improper Input Neutralization | System / Technology / Unit | - | .NET | ||
| Security | ASCSM-CWE-99: Name or Reference Resolution Improper Input Neutralization | System / Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | - | .NET / SQL | ||
| Security | ASCSM-CWE-129: Array Index Improper Input Neutralization | System / Technology | - | .NET | ||
| Security | ASCSM-CWE-129: Array Index Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-134: Format String Improper Input Neutralization | System / Technology | - | .NET | ||
| Security | ASCSM-CWE-134: Format String Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-434: File Upload Improper Input Neutralization | System / Technology | - | .NET | ||
| Security | ASCSM-CWE-434: File Upload Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-606: Unchecked Input for Loop Condition | System / Technology | - | .NET / SQL | ||
| Security | ASCSM-CWE-667: Shared Resource Improper Locking | Technology | - | .NET / SQL | ||
| Security | ASCSM-CWE-672: Expired or Released Resource Usage | Technology / Unit | - | .NET / SQL | ||
| Security | ASCSM-CWE-681: Numeric Types Incorrect Conversion | Technology / Unit | - | .NET / SQL | ||
| Security | ASCSM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | 3612 | Close SQL connection ASAP | "Close SQL connection ASAP" covers a subset, the OMG rule is more general: it is about detecting unreleased resources. | .NET |
| 8108 | .NET | |||||
| Security | ASCSM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | - | SQL | ||
| Security | ASCSM-CWE-789: Uncontrolled Memory Allocation | System / Technology | - | .NET / SQL | ||
| Security | ASCSM-CWE-798: Hard-Coded Credentials Usage for Remote Authentication | Technology / Unit | 8222 | CWE-798 : Use of Hard-coded Credentials | .NET | |
| Security | ASCSM-CWE-798: Hard-Coded Credentials Usage for Remote Authentication | Technology / Unit | - | SQL | ||
| Security | ASCSM-CWE-835: Loop with Unreachable Exit Condition (Infinite Loop) | Technology / Unit | 7388 | .NET | ||
| Security | ASCSM-CWE-835: Loop with Unreachable Exit Condition (Infinite Loop) | Technology / Unit | - | SQL |
Unit-level CISQ/OMG Quality Measurement Rules for a .NET and Microsoft SQL application can be found here: CISQ/OMG Automated Source Code Measurement Standards Coverage for a .NET and Microsoft SQL application - Unit-level