This page presents the CISQ/OMG Quality Measurement Rules coverage at system- and technology-level for applications based on C++ technology and Microsoft SQL supported by CAST AIP. C++ and Microsoft SQL is an example of a common technology stack used in many applications. If necessary, CAST can help create an overview of CISQ coverage for other combinations of technologies.
| OMG Characteristics | OMG Rule Id and Name | Levels | AIP QR Id | AIP QR Name | Description of Coverage | Source Techno |
|---|---|---|---|---|---|---|
| Maintainability | ASCMM-MNT-02: Class Element Excessive Inheritance of Class Elements with Concrete Implementation | Technology | 578 | Avoid Classes with multiple inheritance | Multiple inheritance increases the code complexity. Therefore the cost of maintenance will also increase. | C++ |
| Maintainability | ASCMM-MNT-02: Class Element Excessive Inheritance of Class Elements with Concrete Implementation | Technology | N/A | Not applicable in the context of database technologies. Relational databases don't deal with objects (and, thus, inheritance) - they deal with entities and relationships. | SQL | |
| Maintainability | ASCMM-MNT-04: Callable and Method Control Element Number of Outward Calls | System / Technology / Unit | 7778 | Avoid Artifacts with High Fan-Out | Direct implementation of the rule. | C++ / SQL |
| Maintainability | ASCMM-MNT-07: Inter-Module Dependency Cycles | Technology | - | C++ | ||
| Maintainability | ASCMM-MNT-07: Inter-Module Dependency Cycles | Technology | N/A | Not applicable in the context of database technologies. The modules are usually developed using a programming language. | SQL | |
| Maintainability | ASCMM-MNT-09: Horizontal Layer Excessive Number | System | AC | Architecture Checker | Excessive number of layers are detected when defining the architecture. | C++ |
| Maintainability | ASCMM-MNT-09: Horizontal Layer Excessive Number | System | N/A | Not applicable to DBMS technologies | SQL | |
| Maintainability | ASCMM-MNT-10: Named Callable and Method Control Element Multi-Layer Span | System | AC | Architecture Checker | Components that span several layers are detected when defining the architecture. | C++ |
| Maintainability | ASCMM-MNT-10: Named Callable and Method Control Element Multi-Layer Span | System | N/A | Not applicable to DBMS technologies | SQL | |
| Maintainability | ASCMM-MNT-12: Named Callable and Method Control Element with Layer-skipping Call | System | AC | Architecture Checker | Defining the architecture with Architecture Checker and specifying the authorized links between the layers allow to pinpoint the components with layer-skipping calls. | C++ |
| Maintainability | ASCMM-MNT-12: Named Callable and Method Control Element with Layer-skipping Call | System | N/A | Not applicable to DBMS technologies | SQL | |
| Maintainability | ASCMM-MNT-17: Class Element Excessive Inheritance Level | Technology | 7802 | Avoid Classes with a High Depth of Inheritance Tree | Direct implementation of the rule. | C++ |
| Maintainability | ASCMM-MNT-17: Class Element Excessive Inheritance Level | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Maintainability | ASCMM-MNT-18: Class Element Excessive Number of Children | Technology | 7792 | Avoid Classes with a High Number Of Children | Direct implementation of the rule. | C++ |
| Maintainability | ASCMM-MNT-18: Class Element Excessive Number of Children | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 7860 | Avoid unreferenced Functions and Stored Procedures | Direct implementation of the rule. | C++ / SQL |
| Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 7908 | Avoid unreferenced Methods | Direct implementation of the rule. | C++ |
| Performance Efficiency | ASCPEM-PRF-04: Data Resource Read and Write Access Excessive Complexity | System / Technology / Unit | 7808 | Avoid Artifacts with SQL statement including subqueries | Sub-queries contribute to SQL query complexity. This AIP rule checks for nested SQL queries. | C++ |
| Performance Efficiency | ASCPEM-PRF-04: Data Resource Read and Write Access Excessive Complexity | System / Technology / Unit | 7808 | Avoid Artifacts with SQL statement including subqueries | Sub-queries contribute to SQL query complexity. This AIP rule checks for nested SQL queries. | SQL |
| Performance Efficiency | ASCPEM-PRF-05: Data Resource Read Access Unsupported by Index Element | System / Technology / Unit | - | .C++ | ||
| Performance Efficiency | ASCPEM-PRF-05: Data Resource Read Access Unsupported by Index Element | System / Technology / Unit | 7902 | Avoid SQL queries that no index can support | Direct implementation of the rule. | SQL |
| Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7424 | Avoid using SQL queries inside a loop | SQL queries can be expensive in terms of resources. This AIP rule checks for queries executed inside loops. | C++ / SQL |
| Performance Efficiency | ASCPEM-PRF-09: Non-Stored SQL Callable Control Element with Excessive Number of Data Resource Access | Technology / Unit | - | C++ / SQL | ||
| Performance Efficiency | ASCPEM-PRF-10: Non-SQL Named Callable and Method Control Element with Excessive Number of Data Resource Access | System | - | C++ / SQL | ||
| Performance Efficiency | ASCPEM-PRF-11: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | AC | Architecture Checker | Defining the architecture with Architecture Checker and specifying the authorized links between the layers allow to pinpoint the components with layer-skipping calls. | C++ |
| Performance Efficiency | ASCPEM-PRF-11: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | N/A | Not applicable to DBMS technologies | SQL | |
| Performance Efficiency | ASCPEM-PRF-12: Storable and Member Data Element Excessive Number of Aggregated Storable and Member Data Elements | Technology / Unit | - | C++ | ||
| Performance Efficiency | ASCPEM-PRF-12: Storable and Member Data Element Excessive Number of Aggregated Storable and Member Data Elements | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Performance Efficiency | ASCPEM-PRF-14: Storable and Member Data Element Memory Allocation Missing De-Allocation Control Element | Technology / Unit | - | C++ / SQL | ||
| Performance Efficiency | ASCPEM-PRF-15: Storable and Member Data Element Reference Missing De-Referencing Control Element | Technology / Unit | - | C++ | ||
| Performance Efficiency | ASCPEM-PRF-15: Storable and Member Data Element Reference Missing De-Referencing Control Element | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | - | C++ / SQL | ||
| Reliability | ASCRM-CWE-252-data: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Data Resource | System / Technology / Unit | - | C++ / SQL | ||
| Reliability | ASCRM-CWE-704: Incorrect Type Conversion or Cast | Technology / Unit | - | C++ / SQL | ||
| Reliability | ASCRM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | - | C++ / SQL | ||
| Reliability | ASCRM-CWE-788: Memory Location Access After End of Buffer | Technology / Unit | - | C++ / SQL | ||
| Reliability | ASCRM-RLB-02: Serializable Storable Data Element without Serialization Control Element | Technology / Unit | - | C++ | ||
| Reliability | ASCRM-RLB-02: Serializable Storable Data Element without Serialization Control Element | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-03: Serializable Storable Data Element with non-Serializable Item Elements | Technology / Unit | - | C++ | ||
| Reliability | ASCRM-RLB-03: Serializable Storable Data Element with non-Serializable Item Elements | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-04: Persistant Storable Data Element without Proper Comparison Control Element | Technology / Unit | - | C++ | ||
| Reliability | ASCRM-RLB-04: Persistant Storable Data Element without Proper Comparison Control Element | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-05: Runtime Resource Management Control Element in a Component Built to Run on Application Servers | Technology / Unit | - | C++ | ||
| Reliability | ASCRM-RLB-05: Runtime Resource Management Control Element in a Component Built to Run on Application Servers | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-10: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | AC | Architecture Checker | Defining the architecture with Architecture Checker and specifying the authorized links between the layers allow to pinpoint the components with layer-skipping calls. | C++ |
| Reliability | ASCRM-RLB-10: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | N/A | Not applicable to DBMS technologies | SQL | |
| Reliability | ASCRM-RLB-11: Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | Technology | - | C++ | ||
| Reliability | ASCRM-RLB-11: Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-13: Inter-Module Dependency Cycles | Technology | - | C++ | ||
| Reliability | ASCRM-RLB-13: Inter-Module Dependency Cycles | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-14: Parent Class Element with References to Child Class Element | Technology | - | C++ | ||
| Reliability | ASCRM-RLB-14: Parent Class Element with References to Child Class Element | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-022: Path Traversal Improper Input Neutralization | System / Technology | 7990 | Avoid using realpath() function | Contributes to the recommendation, the function 'realpath()' is considered as very risky and must not be used since it is not possible to specify correctly the size for the output buffer | C++ |
| ecurity | ASCSM-CWE-022: Path Traversal Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-078: OS Command Injection Improper Input Neutralization | System / Technology | - | C++ | ||
| Security | ASCSM-CWE-078: OS Command Injection Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-079: Cross-site Scripting Improper Input Neutralization | System / Technology | - | C++ | ||
| Security | ASCSM-CWE-079: Cross-site Scripting Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-089: SQL Injection Improper Input Neutralization | System / Technology | - | C++ | ||
| Security | ASCSM-CWE-089: SQL Injection Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-99: Name or Reference Resolution Improper Input Neutralization | System / Technology / Unit | - | C++ | ||
| Security | ASCSM-CWE-99: Name or Reference Resolution Improper Input Neutralization | System / Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | 7970 | Never use strcpy() function | Contributes to the recommendation | C++ |
| Security | ASCSM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | 7972 | Never use sprintf() or vsprintf() functions | Contributes to the recommendation | C++ |
| Security | ASCSM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | 7976 | Never use gets() function | Contributes to the recommendation | C++ |
| Security | ASCSM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | 7992 | Avoid using getpass() function | Contributes to the recommendation | C++ |
| Security | ASCSM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | 7988 | Avoid using snprintf() function family | Contributes to the recommendation | C++ |
| Security | ASCSM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | 7986 | Avoid using streadd() function | Contributes to the recommendation | C++ |
| Security | ASCSM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | 7984 | Avoid using strecpy() function | Contributes to the recommendation | C++ |
| Security | ASCSM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | 7982 | Avoid using strlen() function family | Contributes to the recommendation | C++ |
| Security | ASCSM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | 7980 | Avoid using strtrns() function | Contributes to the recommendation | C++ |
| Security | ASCSM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | 7978 | Avoid using the scanf() function family | Contributes to the recommendation | C++ |
| Security | ASCSM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | - | SQL | ||
| Security | ASCSM-CWE-129: Array Index Improper Input Neutralization | System / Technology | - | C++ | ||
| Security | ASCSM-CWE-129: Array Index Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-134: Format String Improper Input Neutralization | System / Technology | - | C++ | ||
| Security | ASCSM-CWE-134: Format String Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-434: File Upload Improper Input Neutralization | System / Technology | - | C++ | ||
| Security | ASCSM-CWE-434: File Upload Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-606: Unchecked Input for Loop Condition | System / Technology | - | C++ / SQL | ||
| Security | ASCSM-CWE-667: Shared Resource Improper Locking | Technology | - | C++ / SQL | ||
| Security | ASCSM-CWE-672: Expired or Released Resource Usage | Technology / Unit | - | C++ / SQL | ||
| Security | ASCSM-CWE-681: Numeric Types Incorrect Conversion | Technology / Unit | 8002 | Never perform C-style cast between incompatible Class pointers | Ensure that the required type casting is used when dealing with incompatible class pointers. | C++ |
| Security | ASCSM-CWE-681: Numeric Types Incorrect Conversion | Technology / Unit | 8058 | A pointer to a derived Class shall only be cast implicitly to a pointer to base Class | Ensure that the required type casting is used when dealing with incompatible class pointers. | C++ |
| Security | ASCSM-CWE-681: Numeric Types Incorrect Conversion | Technology / Unit | 8060 | A pointer to a base Class shall only be cast to a pointer to a derived Class by means of 'dynamic_cast' | Ensure that the required type casting is used when dealing with incompatible class pointers. | C++ |
| Security | ASCSM-CWE-681: Numeric Types Incorrect Conversion | Technology / Unit | - | SQL | ||
| Security | ASCSM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | - | C++ / SQL | ||
| Security | ASCSM-CWE-789: Uncontrolled Memory Allocation | System / Technology | - | C++ / SQL | ||
| Security | ASCSM-CWE-798: Hard-Coded Credentials Usage for Remote Authentication | Technology / Unit | - | C++ / SQL | ||
| Security | ASCSM-CWE-835: Loop with Unreachable Exit Condition (Infinite Loop) | Technology / Unit | - | C++ / SQL |
Unit-level CISQ/OMG Quality Measurement Rules for a C++ and Microsoft SQL application can be found here: CISQ/OMG Automated Source Code Measurement Standards Coverage for a C++ and Microsoft SQL application - Unit-level