This page presents the CISQ/OMG Quality Measurement Rules at unit-level for applications based on Web / JEE technology and Oracle SQL supported by CAST AIP. Web / JEE and Oracle SQL is an example of a common technology stack used in many applications. If necessary, CAST can help create overview of CISQ coverage for other combinations of technologies.
| OMG Characteristics | OMG Rule Id and Name | Levels | AIP QR Id | AIP QR Name | Description | Source Techno |
|---|---|---|---|---|---|---|
| Maintainability | ASCMM-MNT-01: Control Flow Transfer Control Element outside Switch Block | Unit | 7910 | Never exit a finally block with a return, break, continue, or throw | Java try/catch/finally blocks can be considered as conditional control structures, albeit based on exception instead of stored variables. This rule checks for unconditional transfer of control in the "finally" block. | JEE |
| Maintainability | ASCMM-MNT-01: Control Flow Transfer Control Element outside Switch Block | Unit | 8032 | Avoid using a break statement in 'for' loops | OMG rule applied to the case of "break" in "for" loop. | JEE / Web |
| Maintainability | ASCMM-MNT-01: Control Flow Transfer Control Element outside Switch Block | Unit | 1020068 | Avoid return statement in finally block | Web | |
| Maintainability | ASCMM-MNT-01: Control Flow Transfer Control Element outside Switch Block | Unit | 8028 | Avoid missing default in switch statements | Web | |
| Maintainability | ASCMM-MNT-01: Control Flow Transfer Control Element outside Switch Block | Unit | 7816 | Avoid using GOTO statement | The rule will lists all Functions and Procedures using "GOTO" statements in the participating database.
| SQL |
| Maintainability | ASCMM-MNT-03: Storable and Member Data Element Initialization with Hard-Coded Literals | Unit | - | JEE / Web / SQL | ||
| Maintainability | ASCMM-MNT-05: Loop Value Update within the Loop | Unit | - | JEE / SQL | ||
| Maintainability | ASCMM-MNT-05: Loop Value Update within the Loop | Unit | 1020038 | Avoid defining function inside loops | Partially contributes to the rule | Web |
| Maintainability | ASCMM-MNT-06: Commented Code Element Excessive Volume | Unit | 7126 | Avoid Artifacts with high Commented-out Code Lines/Code Lines ratio | Direct implementation of the rule. | JEE / SQL |
| Maintainability | ASCMM-MNT-06: Commented Code Element Excessive Volume | Unit | Web | |||
| Maintainability | ASCMM-MNT-08: Source Element Excessive Size | Unit | 7842 | Avoid large Artifacts - too many Lines of Code | Direct implementation of the rule. However, OMG mandates a default value of 1000 for the maximum number of lines. The default in AIP is technology dependent, 100 in the case of JEE | JEE |
| Maintainability | ASCMM-MNT-08: Source Element Excessive Size | Unit | 7842 | Avoid large Artifacts - too many Lines of Code | Direct implementation of the rule. | SQL / Web |
| Maintainability | ASCMM-MNT-11: Callable and Method Control Element Excessive Cyclomatic Complexity Value | Unit | 7766 | Avoid Artifacts with High Cyclomatic Complexity | Direct implementation of the rule. | JEE / Web / SQL |
| Maintainability | ASCMM-MNT-13: Callable and Method Control Element Excessive Number of Parameters | Unit | 7770 | Avoid Artifacts with too many parameters | Direct implementation of the rule. | JEE / SQL |
| Maintainability | ASCMM-MNT-13: Callable and Method Control Element Excessive Number of Parameters | Unit | 1020076 | Avoid Artifacts with too many parameters | Direct implementation of the rule. | Web |
| Maintainability | ASCMM-MNT-14: Callable and Method Control Element Excessive Number of Control Elements involving Data Element from Data Manager or File Resource | Unit | - | JEE / Web / SQL | ||
| Maintainability | ASCMM-MNT-15: Public Member Element | Unit | 4568 | Avoid declaring Public Instance Variables | Direct implementation of the rule. | JEE |
| Maintainability | ASCMM-MNT-15: Public Member Element | Unit | N/A | Web / SQL | ||
| Maintainability | ASCMM-MNT-16: Method Control Element Usage of Member Element from other Class Element | Unit | 4602 | Avoid using Fields (non static final) from other Classes | Direct implementation of the rule. | JEE |
| Maintainability | ASCMM-MNT-16: Method Control Element Usage of Member Element from other Class Element | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Maintainability | ASCMM-MNT-16: Method Control Element Usage of Member Element from other Class Element | Unit | - | Web | ||
| Maintainability | ASCMM-MNT-19: Named Callable and Method Control Element Excessive Similarity | Unit | 7156 | Avoid Too Many Copy Pasted Artifacts | Element similarity is addressed by the copy/paste ratio measured by the AIP rule. | JEE / SQL |
| Maintainability | ASCMM-MNT-19: Named Callable and Method Control Element Excessive Similarity | Unit | - | Web | ||
| Performance Efficiency | ASCPEM-PRF-01: Static Block Element containing Class Instance Creation Control Element | Unit | - | JEE / Web / SQL | ||
| Performance Efficiency | ASCPEM-PRF-02: Immutable Storable and Member Data Element Creation | Unit | 7200 | Avoid String concatenation in loops | OMG rule implemented for the case of concatenation inside loops | JEE |
| Performance Efficiency | ASCPEM-PRF-02: Immutable Storable and Member Data Element Creation | Unit | 7954 | Avoid indirect String concatenation inside loops | OMG rule implemented for the case of concatenation inside functions/methods called inside loops | JEE |
| Performance Efficiency | ASCPEM-PRF-02: Immutable Storable and Member Data Element Creation | Unit | 7790
| Avoid Cursors inside a loop | This rule lists all SQL Artifacts (except table and view) accessing a cursor inside a loop. | SQL |
| Performance Efficiency | ASCPEM-PRF-02: Immutable Storable and Member Data Element Creation | Unit | - | Web | ||
| Performance Efficiency | ASCPEM-PRF-03: Static Member Data Element outside of a Singleton Class Element | Unit | 7562 | Avoid static Field of type collection | OMG rule implemented for the case of static collection fields. There is no exception for Singleton classes in that case, since the memory issues cause by static collections also apply to their case. | JEE |
| Performance Efficiency | ASCPEM-PRF-03: Static Member Data Element outside of a Singleton Class Element | Unit | 7704 | Avoid static Fields that are not final | OMG rule applied to the case of EJB | JEE |
| Performance Efficiency | ASCPEM-PRF-03: Static Member Data Element outside of a Singleton Class Element | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Performance Efficiency | ASCPEM-PRF-03: Static Member Data Element outside of a Singleton Class Element | Unit | 1020532 | Use Angular factory() instead of service() | Partially contributes to the rule | Web |
| Performance Efficiency | ASCPEM-PRF-06: Large Data Resource ColumnSet Excessive Number of Index Elements | Unit | 7348 | Avoid too many Indexes on one Table | Direct implementation of the rule. | JEE |
| Performance Efficiency | ASCPEM-PRF-06: Large Data Resource ColumnSet Excessive Number of Index Elements | Unit | - | Web / SQL | ||
| Performance Efficiency | ASCPEM-PRF-07: Large Data Resource ColumnSet with Index Element of Excessive Size | Unit | 7350 | Avoid Tables having Indexes with a too large Index definition | Direct implementation of the rule. | JEE |
| Performance Efficiency | ASCPEM-PRF-07: Large Data Resource ColumnSet with Index Element of Excessive Size | Unit | - | Web / SQL | ||
| Performance Efficiency | ASCPEM-PRF-13: Data Resource Access not using Connection Pooling capability | Unit | 7638 | Avoid using DriverManager | OMG rule implemented for Java, where Driver manager creates basic, non-pooled DB connection. | JEE |
| Performance Efficiency | ASCPEM-PRF-13: Data Resource Access not using Connection Pooling capability | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Performance Efficiency | ASCPEM-PRF-13: Data Resource Access not using Connection Pooling capability | Unit | - | . | Web | |
| Reliability | ASCRM-CWE-252-resource: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Platform Resource | Unit | N/A | In Java, errors in the handling of system resources are reported via exceptions, which cannot go undetected. If not handled, the program will stop | JEE / SQL | |
| Reliability | ASCRM-CWE-252-data: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Data Resource | System / Technology / Unit | 1020502 | Avoid the use of JSON.parse and JSON.stringify in AngularJS web app | Using the official AngularJS function will check the returned parameter value and will contribute to the coverage of the CISQ rule. | Web |
| Reliability | ASCRM-CWE-396: Declaration of Catch for Generic Exception | Unit | 7862 | Avoid catching an exception of type Exception, RuntimeException, or Throwable | Implementation of the OMG rule in the Java context, for all the basic Exception types | JEE |
| Reliability | ASCRM-CWE-396: Declaration of Catch for Generic Exception | Unit | - | SQL | ||
| Reliability | ASCRM-CWE-396: Declaration of Catch for Generic Exception | Unit | 1020700 | Avoid the lack of error handling in the Node.js callback | Direct implementation of the rule in the Node.js context. | Web |
| Reliability | ASCRM-CWE-396: Declaration of Catch for Generic Exception | Unit | 1020304 | Implement success and error callbacks when using $.ajax interface | Contributes to the rule | Web |
| Reliability | ASCRM-CWE-396: Declaration of Catch for Generic Exception | Unit | 1020540 | Avoid using $http success and error function | Web | |
| Reliability | ASCRM-CWE-397: Declaration of Throws for Generic Exception | Unit | 7824 | The exception Exception should never been thrown. Always Subclass Exception and throw the subclassed Classes. | Direct implementation of the rule. | JEE |
| Reliability | ASCRM-CWE-397: Declaration of Throws for Generic Exception | Unit | - | SQL | ||
| Reliability | ASCRM-CWE-397: Declaration of Throws for Generic Exception | Unit | 1020700 | Avoid the lack of error handling in the Node.js callback | Direct implementation of the rule in the Node.js context. | Web |
| Reliability | ASCRM-CWE-397: Declaration of Throws for Generic Exception | Unit | 1020304 | Implement success and error callbacks when using $.ajax interface | Contributes to the rule | Web |
| Reliability | ASCRM-CWE-397: Declaration of Throws for Generic Exception | Unit | 1020540 | Avoid using $http success and error function | Web | |
| Reliability | ASCRM-CWE-456: Storable and Member Data Element Missing Initialization | Unit | N/A | In Java, member variables are always given a default value when an object is instantiated, even if the constructor does not explicitly assign one. | JEE / SQL | |
| Reliability | ASCRM-CWE-456: Storable and Member Data Element Missing Initialization | Unit | - | Web | ||
| Reliability | ASCRM-CWE-674:Uncontrolled Recursion | Unit | 7388 | Avoid artifacts having recursive calls | Direct implementation of the rule. | JEE / Web / SQL |
| Reliability | ASCRM-RLB-01: Empty Exception Block | Unit | 7782 | Avoid empty finally blocks | Finally blocks must be used to execute the code that is needed after either the try and/or the catch block have been executed. | JEE / Web |
| Reliability | ASCRM-RLB-01: Empty Exception Block | Unit | 7788 | Avoid empty catch blocks | Direct implementation of the rule. | JEE / Web |
| Reliability | ASCRM-RLB-01: Empty Exception Block | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-01: Empty Exception Block | Unit | 1020304 | Implement success and error callbacks when using $.ajax interface | Partially contributes to the rule. | Web |
| Reliability | ASCRM-RLB-01: Empty Exception Block | Unit | 1020540 | Avoid using $http success and error function | Partially contributes to the rule. | Web |
| Reliability | ASCRM-RLB-01: Empty Exception Block | Unit | 1020700 | Avoid the lack of error handling in the Node.js callback | Direct implementation of the rule in the Node.js context | Web |
| Reliability | ASCRM-RLB-06: Storable or Member Data Element containing Pointer Item Element without Proper Copy Control Element | Unit | N/A | Not applicable in the Java context, where there is no pointer. Not applicable in the context of database technologies. | JEE / SQL | |
| Reliability | ASCRM-RLB-06: Storable or Member Data Element containing Pointer Item Element without Proper Copy Control Element | Unit | - | Web | ||
| Reliability | ASCRM-RLB-07: Class Instance Self Destruction Control Element | Unit | N/A | Not applicable in the Java context, where there is no explicit destruction of objects Not applicable in the context of database technologies. | JEE / SQL | |
| Reliability | ASCRM-RLB-07: Class Instance Self Destruction Control Element | Unit | - | Web | ||
| Reliability | ASCRM-RLB-08: Named Callable and Method Control Elements with Variadic Parameter Element | Unit | - | Not applicable in the Java context. Not applicable in the context of database technologies. | JEE / SQL | |
| Reliability | ASCRM-RLB-08: Named Callable and Method Control Elements with Variadic Parameter Element | Unit | - | Web | ||
| Reliability | ASCRM-RLB-09: Float Type Storable and Member Data Element Comparison with Equality Operator | Unit | 8096 | Avoid testing floating point numbers for equality | OMG rule implemented in the case of float to float comparison | JEE |
| Reliability | ASCRM-RLB-09: Float Type Storable and Member Data Element Comparison with Equality Operator | Unit | - | Web / SQL | ||
| Reliability | ASCRM-RLB-12: Singleton Class Instance Creation without Proper Lock Element Management | Unit | 7438 | Avoid non thread safe singleton | Direct implementation of the rule. | JEE |
| Reliability | ASCRM-RLB-12: Singleton Class Instance Creation without Proper Lock Element Management | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-12: Singleton Class Instance Creation without Proper Lock Element Management | Unit | 1020062 | Avoid using non thread-safe Javascript singleton pattern | Web | |
| Reliability | ASCRM-RLB-15: Class Element with Virtual Method Element wihout Virtual Destructor | Unit | N/A | Not applicable in the Java context, where there is no explicit destruction of objects Not applicable in the context of database technologies. | JEE / SQL | |
| Reliability | ASCRM-RLB-15: Class Element with Virtual Method Element wihout Virtual Destructor | Unit | - | Web | ||
| Reliability | ASCRM-RLB-16: Parent Class Element without Virtual Destructor Method Element | Unit | N/A | Not applicable in the Java context, where there is no explicit destruction of objects Not applicable in the context of database technologies.
| JEE / SQL | |
| Reliability | ASCRM-RLB-16: Parent Class Element without Virtual Destructor Method Element | Unit | - | Web | ||
| Reliability | ASCRM-RLB-17: Child Class Element wihout Virtual Destructor unlike its Parent Class Element | Unit | N/A | Not applicable in the Java context, where there is no explicit destruction of objects Not applicable in the context of database technologies. | JEE / SQL | |
| Reliability | ASCRM-RLB-17: Child Class Element wihout Virtual Destructor unlike its Parent Class Element | Unit | - | Web | ||
| Reliability | ASCRM-RLB-18: Storable and Member Data Element Initialization with Hard-Coded Network Resource Configuration Data | Unit | 8102 | Avoid hard-coded network resource names | Direct implementation of the rule. | JEE |
| Reliability | ASCRM-RLB-18: Storable and Member Data Element Initialization with Hard-Coded Network Resource Configuration Data | Unit | 1020070 | Avoid hardcoded network resource names in Javascript | Web | |
| Reliability | ASCRM-RLB-18: Storable and Member Data Element Initialization with Hard-Coded Network Resource Configuration Data | Unit | - | SQL | ||
| Reliability | ASCRM-RLB-19: Synchronous Call Time-Out Absence | Unit | 8100 | Blocking synchronous calls should have associated timeouts | Direct implementation of the rule. | JEE |
| Reliability | ASCRM-RLB-19: Synchronous Call Time-Out Absence | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Reliability | ASCRM-RLB-19: Synchronous Call Time-Out Absence | Unit | - | Web | ||
| Security | ASCSM-CWE-252-resource: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Platform Resource | Unit | - | JEE / Web / SQL | ||
| Security | ASCSM-CWE-327: Broken or Risky Cryptographic Algorithm Usage | Unit | - | Not applicable in the context of database technologies. Not applicable in the Java context. | JEE / SQL | |
| Security | ASCSM-CWE-327: Broken or Risky Cryptographic Algorithm Usage | Unit | - | Web | ||
| Security | ASCSM-CWE-396: Declaration of Catch for Generic Exception | Unit | 7862 | Avoid catching an exception of type Exception, RuntimeException, or Throwable | Implementation of the OMG rule in the Java context, for all the basic Exception types | JEE |
| Security | ASCSM-CWE-396: Declaration of Catch for Generic Exception | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-396: Declaration of Catch for Generic Exception | Unit | 1020700 | Avoid the lack of error handling in the Node.js callback | Direct implementation of the rule in the Node.js context. | Web |
| Security | ASCSM-CWE-396: Declaration of Catch for Generic Exception | Unit | 1020540 | Avoid using $http success and error function | Partially contributes to the rule | Web |
| Security | ASCSM-CWE-396: Declaration of Catch for Generic Exception | Unit | 1020304 | Implement success and error callbacks when using $.ajax interface | Partially contributes to the rule | Web |
| Security | ASCSM-CWE-397: Declaration of Throws for Generic Exception | Unit | 7824 | The exception Exception should never been thrown. Always Subclass Exception and throw the subclassed Classes. | Direct implementation of the rule. | JEE |
| Security | ASCSM-CWE-397: Declaration of Throws for Generic Exception | Unit | N/A | Not applicable in the context of database technologies. | SQL | |
| Security | ASCSM-CWE-397: Declaration of Throws for Generic Exception | Unit | 1020700 | Avoid the lack of error handling in the Node.js callback | Direct implementation of the rule in the Node.js context. | Web |
| Security | ASCSM-CWE-397: Declaration of Throws for Generic Exception | Unit | 1020540 | Avoid using $http success and error function | Partially contributes to the rule | Web |
| Security | ASCSM-CWE-397: Declaration of Throws for Generic Exception | Unit | 1020304 | Implement success and error callbacks when using $.ajax interface | Partially contributes to the rule | Web |
| Security | ASCSM-CWE-456: Storable and Member Data Element Missing Initialization | Unit | N/A | In Java, member variables are always given a default value when an object is instantiated, even if the constructor does not explicitly assign one. Not applicable in the context of database technologies. | JEE / SQL | |
| Security | ASCSM-CWE-456: Storable and Member Data Element Missing Initialization | Unit | - | Web |