Page tree

Error rendering macro 'redirect'

Invalid URL: "CISQ - CWE - OWASP rules". Please provide a valid URL to redirect to.

This page presents the CISQ/OMG Quality Measurement Rules at unit-level for applications based on Web / JEE technology and Oracle SQL supported by CAST AIP. Web / JEE and Oracle SQL is an example of a common technology stack used in many applications. If necessary, CAST can help create overview of CISQ coverage for other combinations of technologies.

OMG CharacteristicsOMG Rule Id and NameLevelsAIP QR IdAIP QR NameDescriptionSource Techno
MaintainabilityASCMM-MNT-01: Control Flow Transfer Control Element outside Switch BlockUnit7910Never exit a finally block with a return, break, continue, or throwJava try/catch/finally blocks can be considered as conditional control structures, albeit based on exception instead of stored variables. This rule checks for unconditional transfer of control in the "finally" block.JEE
MaintainabilityASCMM-MNT-01: Control Flow Transfer Control Element outside Switch BlockUnit8032Avoid using a break statement in 'for' loopsOMG rule applied to the case of "break" in "for" loop. JEE / Web
MaintainabilityASCMM-MNT-01: Control Flow Transfer Control Element outside Switch BlockUnit1020068Avoid return statement in finally block Web
MaintainabilityASCMM-MNT-01: Control Flow Transfer Control Element outside Switch BlockUnit8028Avoid missing default in switch statements Web
MaintainabilityASCMM-MNT-01: Control Flow Transfer Control Element outside Switch BlockUnit7816Avoid using GOTO statement

The rule will lists all Functions and Procedures using "GOTO" statements in the participating database.

 

SQL
MaintainabilityASCMM-MNT-03: Storable and Member Data Element Initialization with Hard-Coded LiteralsUnit-  JEE / Web / SQL
MaintainabilityASCMM-MNT-05: Loop Value Update within the LoopUnit-  JEE / SQL
MaintainabilityASCMM-MNT-05: Loop Value Update within the LoopUnit1020038Avoid defining function inside loopsPartially contributes to the ruleWeb
MaintainabilityASCMM-MNT-06: Commented Code Element Excessive VolumeUnit7126Avoid Artifacts with high Commented-out Code Lines/Code Lines ratioDirect implementation of the rule.JEE / SQL
MaintainabilityASCMM-MNT-06: Commented Code Element Excessive VolumeUnit   Web
MaintainabilityASCMM-MNT-08: Source Element Excessive SizeUnit7842Avoid large Artifacts - too many Lines of Code

Direct implementation of the rule.

However, OMG mandates a default value of 1000 for the maximum number of lines. The default in AIP is technology dependent, 100 in the case of JEE

JEE
MaintainabilityASCMM-MNT-08: Source Element Excessive SizeUnit7842Avoid large Artifacts - too many Lines of CodeDirect implementation of the rule.SQL / Web
MaintainabilityASCMM-MNT-11: Callable and Method Control Element Excessive Cyclomatic Complexity ValueUnit7766Avoid Artifacts with High Cyclomatic ComplexityDirect implementation of the rule.JEE / Web / SQL
MaintainabilityASCMM-MNT-13: Callable and Method Control Element Excessive Number of Parameters Unit7770Avoid Artifacts with too many parametersDirect implementation of the rule.JEE / SQL
MaintainabilityASCMM-MNT-13: Callable and Method Control Element Excessive Number of Parameters Unit1020076Avoid Artifacts with too many parametersDirect implementation of the rule.Web
MaintainabilityASCMM-MNT-14: Callable and Method Control Element Excessive Number of Control Elements involving Data Element from Data Manager or File Resource Unit-  JEE / Web / SQL
MaintainabilityASCMM-MNT-15: Public Member ElementUnit4568Avoid declaring Public Instance VariablesDirect implementation of the rule.JEE
MaintainabilityASCMM-MNT-15: Public Member ElementUnitN/A  Web / SQL
MaintainabilityASCMM-MNT-16: Method Control Element Usage of Member Element from other Class ElementUnit4602Avoid using Fields (non static final) from other ClassesDirect implementation of the rule.JEE
MaintainabilityASCMM-MNT-16: Method Control Element Usage of Member Element from other Class ElementUnitN/A Not applicable in the context of database technologies.SQL
MaintainabilityASCMM-MNT-16: Method Control Element Usage of Member Element from other Class ElementUnit-  Web
MaintainabilityASCMM-MNT-19: Named Callable and Method Control Element Excessive SimilarityUnit7156Avoid Too Many Copy Pasted ArtifactsElement similarity is addressed by the copy/paste ratio measured by the AIP rule.JEE / SQL
MaintainabilityASCMM-MNT-19: Named Callable and Method Control Element Excessive SimilarityUnit-  Web
Performance EfficiencyASCPEM-PRF-01: Static Block Element containing Class Instance Creation Control ElementUnit-  JEE / Web / SQL
Performance EfficiencyASCPEM-PRF-02: Immutable Storable and Member Data Element CreationUnit7200Avoid String concatenation in loopsOMG rule implemented for the case of concatenation inside loopsJEE
Performance EfficiencyASCPEM-PRF-02: Immutable Storable and Member Data Element CreationUnit7954Avoid indirect String concatenation inside loopsOMG rule implemented for the case of concatenation inside functions/methods called inside loopsJEE
Performance EfficiencyASCPEM-PRF-02: Immutable Storable and Member Data Element CreationUnit

7790

 

Avoid Cursors inside a loopThis rule lists all SQL Artifacts (except table and view) accessing a cursor inside a loop.SQL
Performance EfficiencyASCPEM-PRF-02: Immutable Storable and Member Data Element CreationUnit-  Web
Performance EfficiencyASCPEM-PRF-03: Static Member Data Element outside of a Singleton Class ElementUnit7562Avoid static Field of type collectionOMG rule implemented for the case of static collection fields.
There is no exception for Singleton classes in that case, since the memory issues cause by static collections also apply to their case.
JEE
Performance EfficiencyASCPEM-PRF-03: Static Member Data Element outside of a Singleton Class ElementUnit7704Avoid static Fields that are not finalOMG rule applied to the case of EJBJEE
Performance EfficiencyASCPEM-PRF-03: Static Member Data Element outside of a Singleton Class ElementUnitN/A Not applicable in the context of database technologies.SQL
Performance EfficiencyASCPEM-PRF-03: Static Member Data Element outside of a Singleton Class ElementUnit1020532Use Angular factory() instead of service()Partially contributes to the ruleWeb
Performance EfficiencyASCPEM-PRF-06: Large Data Resource ColumnSet Excessive Number of Index ElementsUnit7348Avoid too many Indexes on one TableDirect implementation of the rule.JEE
Performance EfficiencyASCPEM-PRF-06: Large Data Resource ColumnSet Excessive Number of Index ElementsUnit-  Web / SQL
Performance EfficiencyASCPEM-PRF-07: Large Data Resource ColumnSet with Index Element of  Excessive SizeUnit7350Avoid Tables having Indexes with a too large Index definitionDirect implementation of the rule.JEE
Performance EfficiencyASCPEM-PRF-07: Large Data Resource ColumnSet with Index Element of  Excessive SizeUnit-  Web / SQL
Performance EfficiencyASCPEM-PRF-13: Data Resource Access not using Connection Pooling capabilityUnit7638Avoid using DriverManagerOMG rule implemented for Java, where Driver manager creates basic, non-pooled DB connection.JEE
Performance EfficiencyASCPEM-PRF-13: Data Resource Access not using Connection Pooling capabilityUnitN/A Not applicable in the context of database technologies.SQL
Performance EfficiencyASCPEM-PRF-13: Data Resource Access not using Connection Pooling capabilityUnit- .Web
ReliabilityASCRM-CWE-252-resource: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Platform ResourceUnitN/A In Java, errors in the handling of system resources are reported via exceptions, which cannot go undetected. If not handled, the program will stopJEE / SQL
ReliabilityASCRM-CWE-252-data: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Data ResourceSystem / Technology / Unit1020502Avoid the use of JSON.parse and JSON.stringify in AngularJS web appUsing the official AngularJS function will check the returned parameter value and will contribute to the coverage of the CISQ rule.Web
ReliabilityASCRM-CWE-396: Declaration of Catch for Generic ExceptionUnit7862Avoid catching an exception of type Exception, RuntimeException, or ThrowableImplementation of the OMG rule in the Java context, for all the basic Exception typesJEE
ReliabilityASCRM-CWE-396: Declaration of Catch for Generic ExceptionUnit-  SQL
ReliabilityASCRM-CWE-396: Declaration of Catch for Generic ExceptionUnit1020700Avoid the lack of error handling in the Node.js callbackDirect implementation of the rule in the Node.js context.Web
 Reliability ASCRM-CWE-396: Declaration of Catch for Generic Exception Unit1020304Implement success and error callbacks when using $.ajax interfaceContributes to the ruleWeb
Reliability ASCRM-CWE-396: Declaration of Catch for Generic Exception Unit1020540Avoid using $http success and error function Web
ReliabilityASCRM-CWE-397: Declaration of Throws for Generic ExceptionUnit7824The exception Exception should never been thrown. Always Subclass Exception and throw the subclassed Classes.Direct implementation of the rule.JEE
ReliabilityASCRM-CWE-397: Declaration of Throws for Generic ExceptionUnit-  SQL
ReliabilityASCRM-CWE-397: Declaration of Throws for Generic ExceptionUnit1020700Avoid the lack of error handling in the Node.js callbackDirect implementation of the rule in the Node.js context.Web
Reliability ASCRM-CWE-397: Declaration of Throws for Generic Exception Unit1020304Implement success and error callbacks when using $.ajax interfaceContributes to the ruleWeb
ReliabilityASCRM-CWE-397: Declaration of Throws for Generic Exception Unit1020540Avoid using $http success and error function Web
ReliabilityASCRM-CWE-456: Storable and Member Data Element Missing InitializationUnitN/A In Java, member variables are always given a default value when an object is instantiated, even if the constructor does not explicitly assign one.JEE / SQL
ReliabilityASCRM-CWE-456: Storable and Member Data Element Missing InitializationUnit-  Web
ReliabilityASCRM-CWE-674:Uncontrolled RecursionUnit7388Avoid artifacts having recursive callsDirect implementation of the rule.JEE / Web / SQL
ReliabilityASCRM-RLB-01: Empty Exception BlockUnit7782Avoid empty finally blocksFinally blocks must be used to execute the code that is needed after either the try and/or the catch block have been executed.JEE / Web
ReliabilityASCRM-RLB-01: Empty Exception BlockUnit7788Avoid empty catch blocksDirect implementation of the rule.JEE / Web
ReliabilityASCRM-RLB-01: Empty Exception BlockUnitN/A Not applicable in the context of database technologies.SQL
Reliability ASCRM-RLB-01: Empty Exception BlockUnit1020304Implement success and error callbacks when using $.ajax interfacePartially contributes to the rule.Web
Reliability ASCRM-RLB-01: Empty Exception BlockUnit1020540Avoid using $http success and error functionPartially contributes to the rule.Web
ReliabilityASCRM-RLB-01: Empty Exception BlockUnit1020700Avoid the lack of error handling in the Node.js callbackDirect implementation of the rule in the Node.js contextWeb
ReliabilityASCRM-RLB-06: Storable or Member Data Element containing Pointer Item Element without Proper Copy Control ElementUnitN/A 

Not applicable in the Java context, where there is no pointer.

Not applicable in the context of database technologies.

JEE / SQL
ReliabilityASCRM-RLB-06: Storable or Member Data Element containing Pointer Item Element without Proper Copy Control ElementUnit-  Web
ReliabilityASCRM-RLB-07: Class Instance Self Destruction Control ElementUnitN/A 

Not applicable in the Java context, where there is no explicit destruction of objects

Not applicable in the context of database technologies.

JEE / SQL
ReliabilityASCRM-RLB-07: Class Instance Self Destruction Control ElementUnit-  Web
ReliabilityASCRM-RLB-08: Named Callable and Method Control Elements with Variadic Parameter ElementUnit- 

Not applicable in the Java context.

Not applicable in the context of database technologies.

JEE / SQL
ReliabilityASCRM-RLB-08: Named Callable and Method Control Elements with Variadic Parameter ElementUnit-  Web
ReliabilityASCRM-RLB-09: Float Type Storable and Member Data Element Comparison with Equality OperatorUnit8096Avoid testing floating point numbers for equalityOMG rule implemented in the case of float to float comparisonJEE
ReliabilityASCRM-RLB-09: Float Type Storable and Member Data Element Comparison with Equality OperatorUnit-  Web / SQL
ReliabilityASCRM-RLB-12: Singleton Class Instance Creation without Proper Lock Element ManagementUnit7438Avoid non thread safe singletonDirect implementation of the rule.JEE
ReliabilityASCRM-RLB-12: Singleton Class Instance Creation without Proper Lock Element ManagementUnitN/A Not applicable in the context of database technologies. SQL
ReliabilityASCRM-RLB-12: Singleton Class Instance Creation without Proper Lock Element ManagementUnit1020062Avoid using non thread-safe Javascript singleton pattern  Web
ReliabilityASCRM-RLB-15: Class Element with Virtual Method Element wihout Virtual DestructorUnitN/A 

Not applicable in the Java context, where there is no explicit destruction of objects

Not applicable in the context of database technologies.

JEE / SQL
ReliabilityASCRM-RLB-15: Class Element with Virtual Method Element wihout Virtual DestructorUnit-  Web
ReliabilityASCRM-RLB-16: Parent Class Element without Virtual Destructor Method ElementUnitN/A 

Not applicable in the Java context, where there is no explicit destruction of objects

Not applicable in the context of database technologies.

 

JEE / SQL
ReliabilityASCRM-RLB-16: Parent Class Element without Virtual Destructor Method ElementUnit-  Web
ReliabilityASCRM-RLB-17: Child Class Element wihout Virtual Destructor unlike its Parent Class Element UnitN/A 

Not applicable in the Java context, where there is no explicit destruction of objects

Not applicable in the context of database technologies.

JEE / SQL
ReliabilityASCRM-RLB-17: Child Class Element wihout Virtual Destructor unlike its Parent Class Element Unit-  Web
ReliabilityASCRM-RLB-18: Storable and Member Data Element Initialization with Hard-Coded Network Resource Configuration DataUnit8102Avoid hard-coded network resource namesDirect implementation of the rule.JEE
ReliabilityASCRM-RLB-18: Storable and Member Data Element Initialization with Hard-Coded Network Resource Configuration DataUnit1020070Avoid hardcoded network resource names in Javascript Web
ReliabilityASCRM-RLB-18: Storable and Member Data Element Initialization with Hard-Coded Network Resource Configuration DataUnit-  SQL
ReliabilityASCRM-RLB-19: Synchronous Call Time-Out AbsenceUnit8100Blocking synchronous calls should have associated timeoutsDirect implementation of the rule.JEE
ReliabilityASCRM-RLB-19: Synchronous Call Time-Out AbsenceUnitN/A Not applicable in the context of database technologies. SQL
ReliabilityASCRM-RLB-19: Synchronous Call Time-Out AbsenceUnit-  Web
SecurityASCSM-CWE-252-resource: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Platform ResourceUnit-  JEE / Web / SQL
SecurityASCSM-CWE-327: Broken or Risky Cryptographic Algorithm UsageUnit- 

Not applicable in the context of database technologies.

Not applicable in the Java context.

JEE / SQL
SecurityASCSM-CWE-327: Broken or Risky Cryptographic Algorithm UsageUnit-  Web
SecurityASCSM-CWE-396: Declaration of Catch for Generic ExceptionUnit7862Avoid catching an exception of type Exception, RuntimeException, or ThrowableImplementation of the OMG rule in the Java context, for all the basic Exception typesJEE
SecurityASCSM-CWE-396: Declaration of Catch for Generic ExceptionUnitN/A Not applicable in the context of database technologies. SQL
SecurityASCSM-CWE-396: Declaration of Catch for Generic ExceptionUnit1020700Avoid the lack of error handling in the Node.js callbackDirect implementation of the rule in the Node.js context.Web
SecurityASCSM-CWE-396: Declaration of Catch for Generic ExceptionUnit1020540Avoid using $http success and error functionPartially contributes to the ruleWeb
SecurityASCSM-CWE-396: Declaration of Catch for Generic ExceptionUnit1020304Implement success and error callbacks when using $.ajax interfacePartially contributes to the ruleWeb
SecurityASCSM-CWE-397: Declaration of Throws for Generic ExceptionUnit7824The exception Exception should never been thrown. Always Subclass Exception and throw the subclassed Classes.Direct implementation of the rule.JEE
SecurityASCSM-CWE-397: Declaration of Throws for Generic ExceptionUnitN/A Not applicable in the context of database technologies. SQL
SecurityASCSM-CWE-397: Declaration of Throws for Generic ExceptionUnit1020700Avoid the lack of error handling in the Node.js callbackDirect implementation of the rule in the Node.js context.Web
SecurityASCSM-CWE-397: Declaration of Throws for Generic ExceptionUnit1020540Avoid using $http success and error functionPartially contributes to the ruleWeb
SecurityASCSM-CWE-397: Declaration of Throws for Generic ExceptionUnit1020304Implement success and error callbacks when using $.ajax interfacePartially contributes to the ruleWeb
SecurityASCSM-CWE-456: Storable and Member Data Element Missing InitializationUnitN/A 

In Java, member variables are always given a default value when an object is instantiated, even if the constructor does not explicitly assign one.

Not applicable in the context of database technologies.

JEE / SQL
SecurityASCSM-CWE-456: Storable and Member Data Element Missing InitializationUnit-  Web
  • No labels