This page presents the CISQ/OMG Quality Measurement Rules coverage at system- and technology-level for applications based on Web / JEE technology and Oracle SQL supported by CAST AIP. Web / JEE and Oracle SQL is an example of a common technology stack used in many applications. If necessary, CAST can help create an overview of CISQ coverage for other combinations of technologies.
OMG Characteristics | OMG Rule Id and Name | Levels | AIP QR Id | AIP QR Name | Description | Source Techno |
---|---|---|---|---|---|---|
Maintainability | ASCMM-MNT-02: Class Element Excessive Inheritance of Class Elements with Concrete Implementation | Technology | N/A | Not possible. | JEE / Web | |
Maintainability | ASCMM-MNT-02: Class Element Excessive Inheritance of Class Elements with Concrete Implementation | Technology | N/A | Not applicable in the context of database technologies. Relational databases don't deal with objects (and, thus, inheritance) - they deal with entities and relationships. | SQL | |
Maintainability | ASCMM-MNT-04: Callable and Method Control Element Number of Outward Calls | System / Technology / Unit | 7778 | Avoid Artifacts with High Fan-Out | Direct implementation of the rule. However,for JEE, OMG mandates a default value of 5 for the fan-out threshold, and the default in AIP is 4. | JEE / SQL / Web |
Maintainability | ASCMM-MNT-07: Inter-Module Dependency Cycles | Technology | 7292 | Avoid cyclical calls and inheritances between packages | Direct implementation of the rule. | JEE |
Maintainability | ASCMM-MNT-07: Inter-Module Dependency Cycles | Technology | N/A | Web | ||
Maintainability | ASCMM-MNT-07: Inter-Module Dependency Cycles | Technology | N/A | Not applicable in the context of database technologies. The modules are usually developed using a programming language. | SQL | |
Maintainability | ASCMM-MNT-09: Horizontal Layer Excessive Number | System | AC | Architecture Checker | Excessive number of layers are detected when defining the architecture. | JEE / Web |
Maintainability | ASCMM-MNT-09: Horizontal Layer Excessive Number | System | N/A | Not applicable to DBMS technologies | SQL | |
Maintainability | ASCMM-MNT-10: Named Callable and Method Control Element Multi-Layer Span | System | AC | Architecture Checker | Components that span several layers are detected when defining the architecture. | JEE / Web |
Maintainability | ASCMM-MNT-10: Named Callable and Method Control Element Multi-Layer Span | System | N/A | Not applicable to DBMS technologies | SQL | |
Maintainability | ASCMM-MNT-12: Named Callable and Method Control Element with Layer-skipping Call | System | AC | Architecture Checker | Defining the architecture with Architecture Checker and specifying the authorized links between the layers allow to pinpoint the components with layer-skipping calls. | JEE / Web |
Maintainability | ASCMM-MNT-12: Named Callable and Method Control Element with Layer-skipping Call | System | N/A | Not applicable to DBMS technologies | SQL | |
Maintainability | ASCMM-MNT-17: Class Element Excessive Inheritance Level | Technology | 7802 | Avoid Classes with a High Depth of Inheritance Tree | Direct implementation of the rule. | JEE |
Maintainability | ASCMM-MNT-17: Class Element Excessive Inheritance Level | Technology | N/A | Web | ||
Maintainability | ASCMM-MNT-17: Class Element Excessive Inheritance Level | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
Maintainability | ASCMM-MNT-18: Class Element Excessive Number of Children | Technology | 7792 | Avoid Classes with a High Number Of Children | Direct implementation of the rule. | JEE / Web |
Maintainability | ASCMM-MNT-18: Class Element Excessive Number of Children | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 7860 | Avoid unreferenced Functions | JEE: Direct implementation of the rule. SQL: This rule lists all unreferenced functions, procedures and package functions & procedures. | JEE / SQL |
Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 7908 | Avoid unreferenced Methods | Direct implementation of the rule. | JEE |
Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 1020514 | Avoid using Javascript undefined in AngularJS application | Partially contribute to the rule in the AngularJS context. . | Web |
Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 1018508 | Use Angular wrapper service $document | Partially contribute to the rule in the AngularJS context. | Web |
Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 1018512 | Use Angular wrapper service $timeout | Partially contribute to the rule in the AngularJS context | Web |
Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 1018516 | Avoid using Javascript Array typecheck in AngularJS application | Partially contribute to the rule in the AngularJS context. | Web |
Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 1018518 | Avoid using Javascript Date typecheck in AngularJS application | Partially contribute to the rule in the AngularJS context. | Web |
Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 1018520 | Avoid using Javascript Function typecheck in AngularJS application | Partially contribute to the rule in the AngularJS context. | Web |
Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 1018522 | Avoid using Javascript String typecheck in AngularJS application | Partially contribute to the rule in the AngularJS context. | Web |
Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 1018528 | Avoid using Javascript Regexp typecheck in AngularJS application | Partially contribute to the rule in the AngularJS context. | Web |
Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 1018524 | Avoid using Javascript Object typecheck in AngularJS application | Partially contribute to the rule in the AngularJS context. | Web |
Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 1018510 | Use Angular wrapper service $window | Partially contribute to the rule in the AngularJS context. | Web |
Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 1018530 | Avoid using !angular.isUndefined() and !angular.isDefined() in AngularJS application | Partially contributes to the rule in the AngularJS context. | Web |
Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 1020040 | Avoid using delete with no object properties | Partially contributes to the rule. | Web |
Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 1020054 | Avoid using delete on arrays | Partially contributes to the rule. | Web |
Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 1020536 | Avoid using $ or jQuery, use angular.element instead | Partially contributes to the rule. | Web |
Maintainability | ASCMM-MNT-20: Unreachable Named Callable or Method Control Element | System / Technology | 1020538 | Avoid wrapping angular.element objects with jQuery or $ | Partially contributes to the rule. | Web |
Performance Efficiency | ASCPEM-PRF-04: Data Resource Read and Write Access Excessive Complexity | System / Technology / Unit | 7808 | Avoid Artifacts with SQL statement including subqueries | Sub-queries contribute to SQL query complexity. This AIP rule checks for nested SQL queries. | JEE / SQL |
Performance Efficiency | ASCPEM-PRF-04: Data Resource Read and Write Access Excessive Complexity | System / Technology / Unit | 7130 | Avoid Artifacts with High Depth of Nested Subqueries | Nested sub-queries contribute to SQL query complexity. This AIP rule checks for nested SQL queries. | JEE |
Performance Efficiency | ASCPEM-PRF-04: Data Resource Read and Write Access Excessive Complexity | System / Technology / Unit | 1020004 | Avoid to use querySelectorAll | Contributes to the rule | Web |
Performance Efficiency | ASCPEM-PRF-04: Data Resource Read and Write Access Excessive Complexity | System / Technology / Unit | 1020006 | Avoid to call a function in a termination loop | Partially contributes to the rule | Web |
Performance Efficiency | ASCPEM-PRF-04: Data Resource Read and Write Access Excessive Complexity | System / Technology / Unit | 1020314 | Avoid using css() of many elements | Web | |
Performance Efficiency | ASCPEM-PRF-04: Data Resource Read and Write Access Excessive Complexity | System / Technology / Unit | 1020306 | Always use find for Id->Child nested selectors | Web | |
Performance Efficiency | ASCPEM-PRF-04: Data Resource Read and Write Access Excessive Complexity | System / Technology / Unit | 1020302 | Avoid using element type in jQuery | Web | |
Performance Efficiency | ASCPEM-PRF-04: Data Resource Read and Write Access Excessive Complexity | System / Technology / Unit | 1020308 | Always cache the returned objects in variables to be reused | Web | |
Performance Efficiency | ASCPEM-PRF-05: Data Resource Read Access Unsupported by Index Element | System / Technology / Unit | - | JEE / Web | ||
Performance Efficiency | ASCPEM-PRF-05: Data Resource Read Access Unsupported by Index Element | System / Technology / Unit | 7902 | Avoid SQL queries that no index can support | Direct implementation of the rule. | SQL |
Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7206 | Avoid the use of InstanceOf inside loops | OMG rule applied to the case of type checking inside loops | JEE |
Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7200 | Avoid String concatenation in loops | OMG rule implemented for the case of concatenation inside loops | JEE |
Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7210 | Avoid instantiations inside loops | OMG rule implemented for the case of Class instantiation inside a loop | JEE |
Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7954 | Avoid indirect String concatenation inside loops | OMG rule implemented for the case of concatenation inside functions called in loops | JEE |
Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7204 | Avoid method invocation in a loop termination expression | OMG rule implemented for the case of method invocation in loop condition. | JEE |
Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7424 | Avoid using SQL queries inside a loop | SQL queries can be expensive in terms of resources. This AIP rule checks for queries executed inside loops. | JEE / SQL |
Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 7962 | Avoid direct or indirect remote calls inside a loop | OMG rule implemented for the case of EJB or SAL call inside a loop | JEE |
Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 1020504 | Avoid using the call of web service with AngularJS $http inside a loop | Direct implementation of the rule. | Web |
Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 1018534 | Avoid using a web service with AngularJS $resource inside a loop | Direct implementation of the rule. | Web |
Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 1020038 | Avoid defining and calling functions inside loops | Direct implementation of the rule. | Web |
Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 1020014 | Avoid using a web service with XMLHttpRequest inside a loop | Direct implementation of the rule. | Web |
Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 1020012 | Avoid using a web service with WebSocket inside a loop | Direct implementation of the rule. | Web |
Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 1020300 | Avoid using the call of web service $.ajax inside a loop | Direct implementation of the rule. | Web |
Performance Efficiency | ASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop Block | System / Technology / Unit | 1020056 | Avoid using Javascript Document.all collection | Direct implementation of the rule. | Web |
Performance Efficiency | ASCPEM-PRF-09: Non-Stored SQL Callable Control Element with Excessive Number of Data Resource Access | Technology / Unit | 7914 | Avoid direct access to Database Tables | Strict implementation of the OMG rule: forbids use of non-stored SQL procedures in Java Code | JEE |
Performance Efficiency | ASCPEM-PRF-09: Non-Stored SQL Callable Control Element with Excessive Number of Data Resource Access | Technology / Unit | 1020072 | Avoid direct access to Database Tables in Javascript | Web | |
Performance Efficiency | ASCPEM-PRF-09: Non-Stored SQL Callable Control Element with Excessive Number of Data Resource Access | Technology / Unit | - | SQL | ||
Performance Efficiency | ASCPEM-PRF-10: Non-SQL Named Callable and Method Control Element with Excessive Number of Data Resource Access | System | 8110 | Use dedicated stored procedures when multiple data accesses are needed | OMG rule implemented for SQL calls in Java code. It takes into account any database access, via explicit SQL command and via stored procedure. | JEE |
Performance Efficiency | ASCPEM-PRF-10: Non-SQL Named Callable and Method Control Element with Excessive Number of Data Resource Access | System | - | Web /SQL | ||
Performance Efficiency | ASCPEM-PRF-11: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | AC | Architecture Checker | Defining the architecture with Architecture Checker and specifying the authorized links between the layers allow to pinpoint the components with layer-skipping calls. | JEE / Web |
Performance Efficiency | ASCPEM-PRF-11: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | N/A | Not applicable to DBMS technologies | SQL | |
Performance Efficiency | ASCPEM-PRF-12: Storable and Member Data Element Excessive Number of Aggregated Storable and Member Data Elements | Technology / Unit | 7424 | Avoid using SQL queries inside a loop | SQL queries can be expensive in terms of resources. This AIP rule checks for queries executed inside loops. | JEE |
Performance Efficiency | ASCPEM-PRF-12: Storable and Member Data Element Excessive Number of Aggregated Storable and Member Data Elements | Technology / Unit | - | Web | ||
Performance Efficiency | ASCPEM-PRF-12: Storable and Member Data Element Excessive Number of Aggregated Storable and Member Data Elements | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
Performance Efficiency | ASCPEM-PRF-14: Storable and Member Data Element Memory Allocation Missing De-Allocation Control Element | Technology / Unit | N/A | Not applicable in the Java context, where memory is fully managed. | JEE / SQL | |
Performance Efficiency | ASCPEM-PRF-14: Storable and Member Data Element Memory Allocation Missing De-Allocation Control Element | Technology / Unit | - | Web | ||
Performance Efficiency | ASCPEM-PRF-15: Storable and Member Data Element Reference Missing De-Referencing Control Element | Technology / Unit | 7562 | Avoid static Field of type collection | OMG rule implemented for static collection variables, which are storage structures with potentially increasing memory, and are created from the lifetime of the application without the possibility of being dereferenced. | JEE |
Performance Efficiency | ASCPEM-PRF-15: Storable and Member Data Element Reference Missing De-Referencing Control Element | Technology / Unit | - | Web | ||
Performance Efficiency | ASCPEM-PRF-15: Storable and Member Data Element Reference Missing De-Referencing Control Element | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
Reliability | ASCRM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | - | JEE / SQL | ||
Reliability | ASCRM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | N/A | Javascript is a dynamic language | Web | |
Reliability | ASCRM-CWE-252-data: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Data Resource | System / Technology / Unit | 8112 | Avoid improper processing of the execution status of data handling operation | Implementation of the OMG rule in the Java context, by checking proper handling of exceptions triggers durting data access operations | JEE |
Reliability | ASCRM-CWE-252-data: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Data Resource | System / Technology / Unit | - | SQL | ||
Reliability | ASCRM-CWE-252-data: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Data Resource | System / Technology / Unit | 1020502 | Avoid the use of JSON.parse and JSON.stringify in AngularJS web app | Using the official AngularJS function will check the returned parameter value and will contribute to the coverage of the CISQ rule. | Web |
Reliability | ASCRM-CWE-704: Incorrect Type Conversion or Cast | Technology / Unit | - | JEE / SQL | ||
Reliability | ASCRM-CWE-704: Incorrect Type Conversion or Cast | Technology / Unit | 1020522 | Avoid using Javascript String typecheck in AngularJS application | Partially contributes to the rule. | Web |
Reliability | ASCRM-CWE-704: Incorrect Type Conversion or Cast | Technology / Unit | 1020528 | Avoid using Javascript Regexp typecheck in AngularJS application | Partially contributes to the rule. | Web |
Reliability | ASCRM-CWE-704: Incorrect Type Conversion or Cast | Technology / Unit | 1020524 | Avoid using Javascript Object typecheck in AngularJS application | Partially contributes to the rule. | Web |
Reliability | ASCRM-CWE-704: Incorrect Type Conversion or Cast | Technology / Unit | 1020526 | Avoid using Javascript Number typecheck in AngularJS application | Partially contributes to the rule. | Web |
Reliability | ASCRM-CWE-704: Incorrect Type Conversion or Cast | Technology / Unit | 1020520 | Avoid using Javascript Function typecheck in AngularJS application | Web | |
Reliability | ASCRM-CWE-704: Incorrect Type Conversion or Cast | Technology / Unit | 1020518 | Avoid using Javascript Date typecheck in AngularJS application | Web | |
Reliability | ASCRM-CWE-704: Incorrect Type Conversion or Cast | Technology / Unit | 1020516 | Avoid using Javascript Array typecheck in AngularJS application | Web | |
Reliability | ASCRM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | 8108 | Close the outermost stream ASAP | OMG rule implemented in the case of Java streams | JEE |
Reliability | ASCRM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | 8104 | Close database resources ASAP | OMG rule implemented for Java DB accesses (JDBC, JPA and Hibernate) | JEE |
Reliability | ASCRM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | 1020730 | Ensure Node.js filesystem are closed | Web | |
Reliability | ASCRM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | - | SQL | ||
Reliability | ASCRM-CWE-788: Memory Location Access After End of Buffer | Technology / Unit | N/A | In Java, out of bound access is detected by the language, and will throw an exception | JEE / SQL | |
Reliability | ASCRM-CWE-788: Memory Location Access After End of Buffer | Technology / Unit | N/A | Javascript is a dynamic language | Web | |
Reliability | ASCRM-RLB-02: Serializable Storable Data Element without Serialization Control Element | Technology / Unit | - | Not applicable in the context of database technologies. | JEE / Web / SQL | |
Reliability | ASCRM-RLB-03: Serializable Storable Data Element with non-Serializable Item Elements | Technology / Unit | 7650 | All types of a serializable Class must be serializable | Direct implementation of the rule. | JEE |
Reliability | ASCRM-RLB-03: Serializable Storable Data Element with non-Serializable Item Elements | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
Reliability | ASCRM-RLB-03: Serializable Storable Data Element with non-Serializable Item Elements | Technology / Unit | - | Web | ||
Reliability | ASCRM-RLB-04: Persistant Storable Data Element without Proper Comparison Control Element | Technology / Unit | 7504 | Persistent classes should Implement hashCode() and equals() | OMG rule implemented in the case of Hibernate persistence. | JEE |
Reliability | ASCRM-RLB-04: Persistant Storable Data Element without Proper Comparison Control Element | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
Reliability | ASCRM-RLB-04: Persistant Storable Data Element without Proper Comparison Control Element | Technology / Unit | - | Web | ||
Reliability | ASCRM-RLB-05: Runtime Resource Management Control Element in a Component Built to Run on Application Servers | Technology / Unit | 7728 | Avoid thread creation for application running on application server | OMG rule implemented for forbidding thread creations | JEE |
Reliability | ASCRM-RLB-05: Runtime Resource Management Control Element in a Component Built to Run on Application Servers | Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
Reliability | ASCRM-RLB-05: Runtime Resource Management Control Element in a Component Built to Run on Application Servers | Technology / Unit | - | Web | ||
Reliability | ASCRM-RLB-10: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | AC | Architecture Checker | Defining the architecture with Architecture Checker and specifying the authorized links between the layers allow to pinpoint the components with layer-skipping calls. | JEE / Web |
Reliability | ASCRM-RLB-10: Data Access Control Element from Outside Designated Data Manager Component | System / Technology | N/A | Not applicable to DBMS technologies | SQL | |
Reliability | ASCRM-RLB-11: Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | Technology | 7154 | Avoid Fields in Action Classes that are not final static | OMG rule implemented in the case of multi-threading implemented using Struts actions. | JEE |
Reliability | ASCRM-RLB-11: Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
Reliability | ASCRM-RLB-11: Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | Technology | - | Web | ||
Reliability | ASCRM-RLB-13: Inter-Module Dependency Cycles | Technology | 7292 | Avoid cyclical calls and inheritances between packages | Direct implementation of the rule. | JEE |
Reliability | ASCRM-RLB-13: Inter-Module Dependency Cycles | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
Reliability | ASCRM-RLB-13: Inter-Module Dependency Cycles | Technology | - | Web | ||
Reliability | ASCRM-RLB-14: Parent Class Element with References to Child Class Element | Technology | 7934 | Avoid Superclass (or Interface) knowing Subclass (or Interface) | Direct implementation of the rule. | JEE |
Reliability | ASCRM-RLB-14: Parent Class Element with References to Child Class Element | Technology | N/A | Not applicable in the context of database technologies. | SQL | |
Reliability | ASCRM-RLB-14: Parent Class Element with References to Child Class Element | Technology | 1020064 | Avoid Superclass knowing Subclass in Javascript | Web | |
Security | ASCSM-CWE-22: Path Traversal Improper Input Neutralization | System / Technology | 7752 | Avoid file path manipulation vulnerabilities ( CWE-73 ) | Direct implementation of the rule. | JEE |
Security | ASCSM-CWE-22: Path Traversal Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
Security | ASCSM-CWE-22: Path Traversal Improper Input Neutralization | System / Technology | - | Web | ||
Security | ASCSM-CWE-78: OS Command Injection Improper Input Neutralization | System / Technology | 7748 | Avoid OS command injection vulnerabilities ( CWE-78 ) | Direct implementation of the rule. | JEE |
Security | ASCSM-CWE-78: OS Command Injection Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
Security | ASCSM-CWE-78: OS Command Injection Improper Input Neutralization | System / Technology | 1020058 | Avoid using eval() | Web | |
Security | ASCSM-CWE-78: OS Command Injection Improper Input Neutralization | System / Technology | 1020078 | Avoid using setTimeout() | Web | |
Security | ASCSM-CWE-78: OS Command Injection Improper Input Neutralization | System / Technology | 1020080 | Avoid using setInterval() | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 7740 | Avoid cross-site scripting DOM vulnerabilities ( CWE-79 ) | Direct implementation of the rule. | JEE |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020030 | Avoid using javascript or expression in the CSS file | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020022 | Avoid using submitted markup containing "form" and "formaction" attributes | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020024 | Avoid "id" attributes for forms as well as submit | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020026 | Avoid using autofocus and onfocus in submitted markup | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020028 | Avoid using autofocus and onblur in submitted markup | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020032 | Avoid using video poster attributes in combination with javascript | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020034 | Avoid hosting HTML code in iframe srcdoc | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020042 | Avoid having iframe inside a tag | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020044 | Avoid using setData in ondragstart with attribute draggable set to true. | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020048 | Avoid using source tag in video/audio with event handler | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020046 | Avoid using oninput in body containing input autofocus | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020050 | Avoid white-listing the "dirname" attribute in user generated content | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020052 | Avoid using import with external URI | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020074 | Avoid enabling autocomplete "on" for inputs/forms | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020542 | Enable Content Security Policy when creating an AngularJS application | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020544 | Avoid disabling Strict Contextual Escaping (SCE) when created. | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020546 | Avoid using unsanitized AngularJS application | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020548 | Avoid disabling withCredentials option for the httpProvider | Web | |
Security | ASCSM-CWE-79: Cross-site Scripting Improper Input Neutralization | System / Technology | 1020718 | Ensure that browser cannot cache or store a page | Web | |
Security | ASCSM-CWE-89: SQL Injection Improper Input Neutralization | System / Technology | 7742 | Avoid SQL injection vulnerabilities ( CWE-89 ) | Direct implementation of the rule. | JEE |
Security | ASCSM-CWE-89: SQL Injection Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
Security | ASCSM-CWE-89: SQL Injection Improper Input Neutralization | System / Technology | - | Web | ||
Security | ASCSM-CWE-99: Name or Reference Resolution Improper Input Neutralization | System / Technology / Unit | 7732 | Avoid non validated inputs | Checks inputs validation in the JSP context | JEE |
Security | ASCSM-CWE-99: Name or Reference Resolution Improper Input Neutralization | System / Technology / Unit | N/A | Not applicable in the context of database technologies. | SQL | |
Security | ASCSM-CWE-99: Name or Reference Resolution Improper Input Neutralization | System / Technology / Unit | - | Web | ||
Security | ASCSM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | - | JEE / SQL | ||
Security | ASCSM-CWE-120: Buffer Copy without Checking Size of Input | Technology / Unit | N/A | Javascript is a dynamic language | Web | |
Security | ASCSM-CWE-129: Array Index Improper Input Neutralization | System / Technology | - | Not applicable in the context of database technologies.
| JEE / SQL | |
Security | ASCSM-CWE-129: Array Index Improper Input Neutralization | System / Technology | N/A | Web | ||
Security | ASCSM-CWE-134: Format String Improper Input Neutralization | System / Technology | 8098 | Avoid uncontrolled format string (CWE-134) | Direct implementation of the rule. | JEE |
Security | ASCSM-CWE-134: Format String Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
Security | ASCSM-CWE-134: Format String Improper Input Neutralization | System / Technology | - | Web | ||
Security | ASCSM-CWE-434: File Upload Improper Input Neutralization | System / Technology | 7752 | Avoid file path manipulation vulnerabilities ( CWE-73 ) | Direct implementation of the rule. | JEE |
8218 | CWE-434: Content type should be checked when receiving a HTTP Post | Direct implementation of the rule. | JEE | |||
Security | ASCSM-CWE-434: File Upload Improper Input Neutralization | System / Technology | N/A | Not applicable in the context of database technologies. | SQL | |
Security | ASCSM-CWE-434: File Upload Improper Input Neutralization | System / Technology | - | Web | ||
Security | ASCSM-CWE-606: Unchecked Input for Loop Condition | System / Technology | - | JEE / Web / SQL | ||
Security | ASCSM-CWE-667: Shared Resource Improper Locking | Technology | - | JEE / Web / SQL | ||
Security | ASCSM-CWE-672: Expired or Released Resource Usage | Technology / Unit | 8214 | CWE-672: Expired or Released Resource should not be used | JEE | |
Security | ASCSM-CWE-672: Expired or Released Resource Usage | Technology / Unit | - | Web / SQL | ||
Security | ASCSM-CWE-681: Numeric Types Incorrect Conversion | Technology / Unit | 8216 | CWE-681: Avoid numerical data corruption during incompatible mutation | JEE | |
Security | ASCSM-CWE-681: Numeric Types Incorrect Conversion | Technology / Unit | N/A | Web / SQL | ||
Security | ASCSM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | 8108 | Close the outermost stream ASAP | OMG rule implemented in the case of Java streams | JEE |
Security | ASCSM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | 8104 | Close database resources ASAP | OMG rule implemented for Java DB accesses (JDBC, JPA and Hibernate) | JEE |
Security | ASCSM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | 1020730 | Ensure Node.js filesystem are closed | Web | |
Security | ASCSM-CWE-772: Missing Release of Resource after Effective Lifetime | Technology / Unit | - | SQL | ||
Security | ASCSM-CWE-789: Uncontrolled Memory Allocation | System / Technology | - | JEE / SQL | ||
Security | ASCSM-CWE-789: Uncontrolled Memory Allocation | System / Technology | N/A | Javascript is a dynamic language | Web | |
Security | ASCSM-CWE-798: Hard-Coded Credentials Usage for Remote Authentication | Technology / Unit | 8222 | CWE-798 : Use of Hard-coded Credentials | JEE | |
Security | ASCSM-CWE-798: Hard-Coded Credentials Usage for Remote Authentication | Technology / Unit | - | Web / SQL | ||
Security | ASCSM-CWE-835: Loop with Unreachable Exit Condition (Infinite Loop) | Technology / Unit | 7388 | Avoid artifacts having recursive calls | Direct implementation of the rule. | JEE |
Security | ASCSM-CWE-835: Loop with Unreachable Exit Condition (Infinite Loop) | Technology / Unit | - | SQL | ||
Security | ASCSM-CWE-835: Loop with Unreachable Exit Condition (Infinite Loop) | Technology / Unit | 1020500 | Avoid the use of the default JavaScript implementation [].forEach in AngularJS web app | Using the official AngularJS function will check the loop exit condition value and will contribute to the coverage of the CISQ rule. | Web |
Unit-level CISQ/OMG Quality Measurement Rules for a Web / JEE and Oracle SQL application can be found here: CISQ/OMG Automated Source Code Measurement Standards Coverage for a Web / JEE and Oracle SQL application - Unit-level