This page presents the CISQ/OMG Quality Measurement Rules coverage at system- and technology-level for applications based on ABAP technology and SAP SQL supported by CAST AIP. ABAP and SAP SQL is an example of a common technology stack used in many applications. If necessary, CAST can help create an overview of CISQ coverage for other combinations of technologies.
| OMG Characteristics | OMG Rule Id and Name | Levels | AIP QR Id | AIP QR Name | Description of Coverage | Source Techno |
|---|---|---|---|---|---|---|
| Maintainability | ASCMM-MNT-02: Class Element Excessive Inheritance of Class Elements with Concrete Implementation | Technology | - | ABAP / SAP SQL | ||
| Maintainability | ASCMM-MNT-04: Callable and Method Control Element Number of Outward Calls | System / Technology / Unit | 7778 | Avoid Artifacts with High Fan-Out | Direct implementation of the rule. | ABAP / SAP SQL |
| Maintainability | ASCMM-MNT-07: Inter-Module Dependency Cycles | Technology | N/A | There is no module in ABAP development. Packages are organized in hierarchical structure. | ABAP / SAP SQL | |
| Maintainability | ASCMM-MNT-09: Horizontal Layer Excessive Number | System | AC | Architecture Checker | Excessive number of layers are detected when defining the architecture. | ABAP / SAP SQL |
| Maintainability | ASCMM-MNT-10: Named Callable and Method Control Element Multi-Layer Span | System | AC | Architecture Checker | Components that span several layers are detected when defining the architecture. | ABAP / SAP SQL |
| Maintainability | ASCMM-MNT-12: Named Callable and Method Control Element with Layer-skipping Call | System | AC | Architecture Checker | Defining the architecture with Architecture Checker and specifying the authorized links between the layers allow to pinpoint the components with layer-skipping calls. | ABAP / SAP SQL |
| Ma-intainability | ASCMM-MNT-17: Class Element Excessive Inheritance Level | Technology | 7802 | Avoid Classes with a High Depth of Inheritance Tree | Direct implementation of the rule. | ABAP / SAP SQL |
| Maintainability | ASCMM-MNT-18: Class Element Excessive Number of Children | Technology | 7792 | Avoid Classes with a High Number Of Children | Direct implementation of the rule. | ABAP / SAP SQL |
| Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 7860 | Avoid unreferenced Functions and Stored Procedures | Direct implementation of the rule. | ABAP / SAP SQL |
| Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 7908 | Avoid unreferenced Methods | Direct implementation of the rule. | ABAP / SAP SQL |
| Performance Efficiency | ASCPEM-PRF-04: Data Resource Read and Write Access Excessive Complexity | System / Technology / Unit | 7808 | Avoid Artifacts with SQL statement including subqueries | Sub-queries contribute to SQL query complexity. This AIP rule checks for nested SQL queries. | ABAP / SAP SQL |
| Performance Efficiency | ASCPEM-PRF-05: Data Resource Read Access Unsupported by Index Element | System / Technology / Unit | 7870 | Avoid using the NOT LIKE operator in WHERE clauses | Using negative operator in condition prevents using indexes in SQL queries. This AIP rule checks for queries using NOT LIKE in their WHERE clause. | ABAP / SAP SQL |
| Performance Efficiency | ASCPEM-PRF-05: Data Resource Read Access Unsupported by Index Element | System / Technology / Unit | 7878 | Avoid Open SQL SELECT queries without WHERE condition | Queries with no condition are not using index and execute full table scans. This AIP rule checks for queries with no WHERE clause. | ABAP / SAP SQL |
| Performance Efficiency | ASCPEM-PRF-05: Data Resource Read Access Unsupported by Index Element | System / Technology / Unit | 7902 | Avoid SQL queries that no index can support | Direct implementation of the rule. | ABAP / SAP SQL |
| Performance Efficiency | ASCPEM-PRF-05: Data Resource Read Access Unsupported by Index Element | System / Technology / Unit | 7904 | Avoid SQL queries on XXL tables that no index can support | Direct implementation of the rule but applied to database tables with large number of rows. | ABAP / SAP SQL |
| Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7424 | Avoid using SQL queries inside a loop | SQL queries can be expensive in terms of resources. This AIP rule checks for queries executed inside loops. | ABAP / SAP SQL |
| Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7880 | Avoid nested loops | OMG rule implemented for the case of nested loops. | ABAP / SAP SQL |
| Performance Efficiency | ASCPEM-PRF-09: Non-Stored SQL Callable Control Element with Excessive Number of Data Resource Access | Technology / Unit | 7544 | Avoid using SELECT ... ENDSELECT statement | The SELECT..ENDSELECT statement is known to impact performance in database accesses. | ABAP / SAP SQL |
| Performance Efficiency | ASCPEM-PRF-10: Non-SQL Named Callable and Method Control Element with Excessive Number of Data Resource Access | System | - | ABAP / SAP SQL | ||
| Performance Efficiency | ASCPEM-PRF-11: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | AC | Architecture Checker | Defining the architecture with Architecture Checker and specifying the authorized links between the layers allow to pinpoint the components with layer-skipping calls. | ABAP / SAP SQL |
| Performance Efficiency | ASCPEM-PRF-12: Storable and Member Data Element Excessive Number of Aggregated Storable and Member Data Elements | Technology / Unit | 7424 | Avoid using SQL queries inside a loop | SQL queries can be expensive in terms of resources. This AIP rule checks for queries executed inside loops. | ABAP / SAP SQL |
| Performance Efficiency | ASCPEM-PRF-14: Storable and Member Data Element Memory Allocation Missing De-Allocation Control Element | Technology / Unit | - | ABAP / SAP SQL | ||
| Performance Efficiency | ASCPEM-PRF-15: Storable and Member Data Element Reference Missing De-Referencing Control Element | Technology / Unit | - | ABAP / SAP SQL | ||
| Reliability | ASCRM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | - | ABAP / SAP SQL | ||
| Reliability | ASCRM-CWE-252-data: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Data Resource | System / Technology / Unit | 7520 | Avoid unchecked return code (SY-SUBRC) after OPEN SQL or READ statement | Direct implementation of the rule for ABAP internal tables and database tables accesses. | ABAP / SAP SQL |
| Reliability | ASCRM-CWE-704: Incorrect Type Conversion or Cast | Technology / Unit | - | ABAP / SAP SQL | ||
| Reliability | ASCRM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | - | ABAP / SAP SQL | ||
| Reliability | ASCRM-CWE-788: Memory Location Access After End of Buffer | Technology / Unit | - | ABAP / SAP SQL | ||
| Reliability | ASCRM-RLB-02: Serializable Storable Data Element without Serialization Control Element | Technology / Unit | N/A | This rule is not applicable to ABAP language. | ABAP / SAP SQL | |
| Reliability | ASCRM-RLB-03: Serializable Storable Data Element with non-Serializable Item Elements | Technology / Unit | N/A | This rule is not applicable to ABAP language. | ABAP / SAP SQL | |
| Reliability | ASCRM-RLB-04: Persistant Storable Data Element without Proper Comparison Control Element | Technology / Unit | - | ABAP / SAP SQL | ||
| Reliability | ASCRM-RLB-05: Runtime Resource Management Control Element in a Component Built to Run on Application Servers | Technology / Unit | - | ABAP / SAP SQL | ||
| Reliability | ASCRM-RLB-10: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | AC | Architecture Checker | Defining the architecture with Architecture Checker and specifying the authorized links between the layers allow to pinpoint the components with layer-skipping calls. | ABAP / SAP SQL |
| Reliability | ASCRM-RLB-11: Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | Technology | - | ABAP / SAP SQL | ||
| Reliability | ASCRM-RLB-13: Inter-Module Dependency Cycles | Technology | - | ABAP / SAP SQL | ||
| Reliability | ASCRM-RLB-14: Parent Class Element with References to Child Class Element | Technology | 7934 | Avoid Superclass (or Interface) knowing Subclass (or Interface) | Direct implementation of the rule. | ABAP / SAP SQL |
| Security | ASCSM-CWE-022: Path Traversal Improper Input Neutralization | System / Technology | - | ABAP / SAP SQL | ||
| Security | ASCSM-CWE-078: OS Command Injection Improper Input Neutralization | System / Technology | - | ABAP / SAP SQL | ||
| Security | ASCSM-CWE-079: Cross-site Scripting Improper Input Neutralization | System / Technology | - | ABAP / SAP SQL | ||
| Security | ASCSM-CWE-089: SQL Injection Improper Input Neutralization | System / Technology | - | ABAP / SAP SQL | ||
| Security | ASCSM-CWE-99: Name or Reference Resolution Improper Input Neutralization | System / Technology / Unit | - | ABAP / SAP SQL | ||
| Security | ASCSM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | - | ABAP / SAP SQL | ||
| Security | ASCSM-CWE-129: Array Index Improper Input Neutralization | System / Technology | - | ABAP / SAP SQL | ||
| Security | ASCSM-CWE-134: Format String Improper Input Neutralization | System / Technology | - | ABAP / SAP SQL | ||
| Security | ASCSM-CWE-434: File Upload Improper Input Neutralization | System / Technology | - | ABAP / SAP SQL | ||
| Security | ASCSM-CWE-606: Unchecked Input for Loop Condition | System / Technology | - | ABAP / SAP SQL | ||
| Security | ASCSM-CWE-667: Shared Resource Improper Locking | Technology | - | ABAP / SAP SQL | ||
| Security | ASCSM-CWE-672: Expired or Released Resource Usage | Technology / Unit | - | ABAP / SAP SQL | ||
| Security | ASCSM-CWE-681: Numeric Types Incorrect Conversion | Technology / Unit | 8114 | Avoid numerical data corruption during incompatible mutation | Implementation of the OMG rule for types char, date, float, and packed. | ABAP / SAP SQL |
| Security | ASCSM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | - | ABAP / SAP SQL | ||
| Security | ASCSM-CWE-789: Uncontrolled Memory Allocation | System / Technology | N/A | This rule is not applicable to ABAP language. | ABAP / SAP SQL | |
| Security | ASCSM-CWE-798: Hard-Coded Credentials Usage for Remote Authentication | Technology / Unit | - | ABAP / SAP SQL | ||
| Security | ASCSM-CWE-835: Loop with Unreachable Exit Condition (Infinite Loop) | Technology / Unit | - | ABAP / SAP SQL |
Unit-level CISQ/OMG Quality Measurement Rules for a C++ and Microsoft SQL application can be found here: CISQ/OMG Automated Source Code Measurement Standards Coverage for an ABAP and SAP SQL application - Unit-level