DOC83CN
Page tree
Skip to end of metadata
Go to start of metadata

这个页面展示了CISQ/OMG质量测量规则在系统技术层面上的覆盖,这些应用基于C++技术和CAST AIP支持的Microsoft SQL。C++和Microsoft SQL是许多应用中使用的常见技术堆栈的一个例子。必要时CAST可以帮助为其它技术组合创建CISQ覆盖率的概述。

OMG 特征OMG 规则 Id 和名称级别AIP QR IdAIP QR 名称范围说明源技术
MaintainabilityASCMM-MNT-02: Class Element Excessive Inheritance of Class Elements with Concrete Implementation  Technology578Avoid Classes with multiple inheritance多重继承增加了代码的复杂性。因此维护成本也会增加。C++
MaintainabilityASCMM-MNT-02: Class Element Excessive Inheritance of Class Elements with Concrete Implementation  TechnologyN/A
不适用于数据库技术。关系数据库不处理对象(因此也不处理继承)——它们处理实体和关系。SQL
MaintainabilityASCMM-MNT-04: Callable and Method Control Element Number of Outward CallsSystem / Technology / Unit7778Avoid Artifacts with High Fan-Out直接执行规则。C++ / SQL
MaintainabilityASCMM-MNT-07: Inter-Module Dependency CyclesTechnology-

C++
MaintainabilityASCMM-MNT-07: Inter-Module Dependency CyclesTechnologyN/A
不适用于数据库技术环境。 这些模块通常使用编程语言开发。SQL
MaintainabilityASCMM-MNT-09: Horizontal Layer Excessive NumberSystemACArchitecture Checker在定义架构时,会检测到过多的层。C++
MaintainabilityASCMM-MNT-09: Horizontal Layer Excessive NumberSystemN/A
不适用于DBMS技术。SQL
MaintainabilityASCMM-MNT-10: Named Callable and Method Control Element Multi-Layer SpanSystemACArchitecture Checker在定义架构时,将检测跨多个层的组件。C++
MaintainabilityASCMM-MNT-10: Named Callable and Method Control Element Multi-Layer SpanSystemN/A
不适用于DBMS技术。SQL
MaintainabilityASCMM-MNT-12: Named Callable and Method Control Element with Layer-skipping CallSystemACArchitecture Checker使用架构检查器定义架构并指定层之间的授权链接允许使用跳过层的调用精确定位组件。C++
MaintainabilityASCMM-MNT-12: Named Callable and Method Control Element with Layer-skipping CallSystemN/A
不适用于DBMS技术。SQL
MaintainabilityASCMM-MNT-17: Class Element Excessive Inheritance LevelTechnology7802Avoid Classes with a High Depth of Inheritance Tree直接执行规则。C++
MaintainabilityASCMM-MNT-17: Class Element Excessive Inheritance LevelTechnologyN/A
不适用于数据库技术环境。SQL
MaintainabilityASCMM-MNT-18: Class Element Excessive Number of ChildrenTechnology7792Avoid Classes with a High Number Of Children直接执行规则。C++
MaintainabilityASCMM-MNT-18: Class Element Excessive Number of ChildrenTechnologyN/A
不适用于数据库技术环境。SQL
MaintainabilityASCMM-MNT-20: Unreachable Named Callable or Method Control ElementSystem / Technology7860Avoid unreferenced Functions and Stored Procedures直接执行规则。C++ / SQL
MaintainabilityASCMM-MNT-20: Unreachable Named Callable or Method Control ElementSystem / Technology7908Avoid unreferenced Methods直接执行规则。C++
Performance EfficiencyASCPEM-PRF-04: Data Resource Read and Write Access Excessive ComplexitySystem / Technology / Unit7808Avoid Artifacts with SQL statement including subqueries子查询增加了SQL查询的复杂性。这个AIP规则检查嵌套的SQL查询。C++
Performance EfficiencyASCPEM-PRF-04: Data Resource Read and Write Access Excessive ComplexitySystem / Technology / Unit7808Avoid Artifacts with SQL statement including subqueries子查询增加了SQL查询的复杂性。这个AIP规则检查嵌套的SQL查询。SQL
Performance EfficiencyASCPEM-PRF-05: Data Resource Read Access Unsupported by Index ElementSystem / Technology / Unit-

.C++
Performance EfficiencyASCPEM-PRF-05: Data Resource Read Access Unsupported by Index ElementSystem / Technology / Unit7902Avoid SQL queries that no index can support直接执行规则。SQL
Performance EfficiencyASCPEM-PRF-08: Control Elements Requiring Significant Resource Element within Control Flow Loop BlockSystem / Technology / Unit7424Avoid using SQL queries inside a loopSQL查询在资源方面可能很昂贵。这个AIP规则检查在循环中执行的查询。C++ / SQL
Performance EfficiencyASCPEM-PRF-09: Non-Stored SQL Callable Control Element with Excessive Number of Data Resource AccessTechnology / Unit-

C++ / SQL
Performance EfficiencyASCPEM-PRF-10: Non-SQL Named Callable and Method Control Element with Excessive Number of Data Resource AccessSystem-

C++ / SQL
Performance EfficiencyASCPEM-PRF-11: Data Access Control Element from Outside Designated Data Manager ComponentSystem / TechnologyACArchitecture Checker使用架构检查器定义架构并指定层之间的授权链接允许使用跳过层的调用精确定位组件。C++
Performance EfficiencyASCPEM-PRF-11: Data Access Control Element from Outside Designated Data Manager ComponentSystem / TechnologyN/A
不适用于DBMS技术。SQL
Performance EfficiencyASCPEM-PRF-12: Storable and Member Data Element Excessive Number of Aggregated Storable and Member Data ElementsTechnology / Unit-

C++
Performance EfficiencyASCPEM-PRF-12: Storable and Member Data Element Excessive Number of Aggregated Storable and Member Data ElementsTechnology / UnitN/A
不适用于数据库技术环境。SQL
Performance EfficiencyASCPEM-PRF-14: Storable and Member Data Element Memory Allocation Missing De-Allocation Control ElementTechnology / Unit-

C++ / SQL
Performance EfficiencyASCPEM-PRF-15: Storable and Member Data Element Reference Missing De-Referencing Control ElementTechnology / Unit-

C++
Performance EfficiencyASCPEM-PRF-15: Storable and Member Data Element Reference Missing De-Referencing Control ElementTechnology / UnitN/A
不适用于数据库技术环境。SQL
ReliabilityASCRM-CWE-120: Buffer Copy without Checking Size of InputTechnology / Unit-

C++ / SQL
ReliabilityASCRM-CWE-252-data: Unchecked Return Parameter Value of named Callable and Method Control Element with Read, Write, and Manage Access to Data ResourceSystem / Technology / Unit-

C++ / SQL
ReliabilityASCRM-CWE-704: Incorrect Type Conversion or CastTechnology / Unit-

C++ / SQL
ReliabilityASCRM-CWE-772: Missing Release of Resource after Effective LifetimeTechnology / Unit-

C++ / SQL
ReliabilityASCRM-CWE-788: Memory Location Access After End of BufferTechnology / Unit-

C++ / SQL
ReliabilityASCRM-RLB-02: Serializable  Storable Data Element without Serialization Control ElementTechnology / Unit-

C++
ReliabilityASCRM-RLB-02: Serializable  Storable Data Element without Serialization Control ElementTechnology / UnitN/A
不适用于数据库技术环境。SQL
ReliabilityASCRM-RLB-03: Serializable Storable Data Element with non-Serializable Item ElementsTechnology / Unit-

C++
ReliabilityASCRM-RLB-03: Serializable Storable Data Element with non-Serializable Item ElementsTechnology / UnitN/A
不适用于数据库技术环境。SQL
ReliabilityASCRM-RLB-04: Persistant  Storable Data Element without Proper Comparison Control ElementTechnology / Unit-

C++
ReliabilityASCRM-RLB-04: Persistant  Storable Data Element without Proper Comparison Control ElementTechnology / UnitN/A
不适用于数据库技术环境。SQL
ReliabilityASCRM-RLB-05: Runtime Resource Management Control Element in a Component Built to Run on Application ServersTechnology / Unit-

C++
ReliabilityASCRM-RLB-05: Runtime Resource Management Control Element in a Component Built to Run on Application ServersTechnology / UnitN/A
不适用于数据库技术环境。SQL
ReliabilityASCRM-RLB-10: Data Access Control Element from Outside Designated Data Manager ComponentSystem / TechnologyACArchitecture Checker使用架构检查器定义架构并指定层之间的授权链接允许使用跳过层的调用精确定位组件。C++
ReliabilityASCRM-RLB-10: Data Access Control Element from Outside Designated Data Manager ComponentSystem / TechnologyN/A
不适用于DBMS技术。SQL
ReliabilityASCRM-RLB-11: Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element Technology-

C++
ReliabilityASCRM-RLB-11: Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element TechnologyN/A
不适用于数据库技术环境。SQL
ReliabilityASCRM-RLB-13: Inter-Module Dependency CyclesTechnology-

C++
ReliabilityASCRM-RLB-13: Inter-Module Dependency CyclesTechnologyN/A
不适用于数据库技术环境。SQL
ReliabilityASCRM-RLB-14: Parent Class Element with References to Child Class ElementTechnology-

C++
ReliabilityASCRM-RLB-14: Parent Class Element with References to Child Class ElementTechnologyN/A
不适用于数据库技术环境。SQL
SecurityASCSM-CWE-022: Path Traversal Improper Input NeutralizationSystem / Technology7990Avoid using realpath() function

根据建议,函数“realpath()”被认为是非常危险的,不能使用它,因为它不能正确指定输出缓冲区的大小。

C++
ecurityASCSM-CWE-022: Path Traversal Improper Input NeutralizationSystem / TechnologyN/A
不适用于数据库技术环境。SQL
SecurityASCSM-CWE-078: OS Command Injection Improper Input NeutralizationSystem / Technology-

C++
SecurityASCSM-CWE-078: OS Command Injection Improper Input NeutralizationSystem / TechnologyN/A
不适用于数据库技术环境。SQL
SecurityASCSM-CWE-079: Cross-site Scripting Improper Input NeutralizationSystem / Technology-

C++
SecurityASCSM-CWE-079: Cross-site Scripting Improper Input NeutralizationSystem / TechnologyN/A
不适用于数据库技术环境。SQL
SecurityASCSM-CWE-089: SQL Injection Improper Input NeutralizationSystem / Technology-

C++
SecurityASCSM-CWE-089: SQL Injection Improper Input NeutralizationSystem / TechnologyN/A
不适用于数据库技术环境。SQL
SecurityASCSM-CWE-99: Name or Reference Resolution Improper Input NeutralizationSystem / Technology / Unit-

C++
SecurityASCSM-CWE-99: Name or Reference Resolution Improper Input NeutralizationSystem / Technology / UnitN/A
不适用于数据库技术环境。SQL
SecurityASCSM-CWE-120: Buffer Copy without Checking Size of InputTechnology / Unit7970Never use strcpy() function对建议作出帮助。
 C++
SecurityASCSM-CWE-120: Buffer Copy without Checking Size of InputTechnology / Unit7972Never use sprintf() or vsprintf() functions对建议作出帮助。 C++
SecurityASCSM-CWE-120: Buffer Copy without Checking Size of InputTechnology / Unit7976Never use gets() function对建议作出帮助。 C++
SecurityASCSM-CWE-120: Buffer Copy without Checking Size of InputTechnology / Unit7992Avoid using getpass() function对建议作出帮助。 C++
SecurityASCSM-CWE-120: Buffer Copy without Checking Size of InputTechnology / Unit7988Avoid using snprintf() function family对建议作出帮助。 C++
SecurityASCSM-CWE-120: Buffer Copy without Checking Size of InputTechnology / Unit7986Avoid using streadd() function对建议作出帮助。 C++
SecurityASCSM-CWE-120: Buffer Copy without Checking Size of InputTechnology / Unit7984Avoid using strecpy() function对建议作出帮助。 C++
SecurityASCSM-CWE-120: Buffer Copy without Checking Size of InputTechnology / Unit7982Avoid using strlen() function family对建议作出帮助。 C++
SecurityASCSM-CWE-120: Buffer Copy without Checking Size of InputTechnology / Unit7980Avoid using strtrns() function对建议作出帮助。 C++
SecurityASCSM-CWE-120: Buffer Copy without Checking Size of InputTechnology / Unit7978Avoid using the scanf() function family对建议作出帮助。 C++
SecurityASCSM-CWE-120: Buffer Copy without Checking Size of InputTechnology / Unit-

SQL
SecurityASCSM-CWE-129: Array Index Improper Input NeutralizationSystem / Technology-

C++
SecurityASCSM-CWE-129: Array Index Improper Input NeutralizationSystem / TechnologyN/A
不适用于数据库技术环境。SQL
SecurityASCSM-CWE-134: Format String Improper Input NeutralizationSystem / Technology-

C++
SecurityASCSM-CWE-134: Format String Improper Input NeutralizationSystem / TechnologyN/A
不适用于数据库技术环境。SQL
SecurityASCSM-CWE-434: File Upload Improper Input NeutralizationSystem / Technology-

C++
SecurityASCSM-CWE-434: File Upload Improper Input NeutralizationSystem / TechnologyN/A
不适用于数据库技术环境。SQL
SecurityASCSM-CWE-606: Unchecked Input for Loop ConditionSystem / Technology-

C++ / SQL
SecurityASCSM-CWE-667: Shared Resource Improper LockingTechnology-

C++ / SQL
SecurityASCSM-CWE-672: Expired or Released Resource UsageTechnology / Unit-

C++ / SQL
SecurityASCSM-CWE-681: Numeric Types Incorrect ConversionTechnology / Unit8002Never perform C-style cast between incompatible Class pointers确保在处理不兼容的类指针时使用所需的CAST类型。C++
SecurityASCSM-CWE-681: Numeric Types Incorrect ConversionTechnology / Unit8058A pointer to a derived Class shall only be cast implicitly to a pointer to base Class确保在处理不兼容的类指针时使用所需的CAST类型。C++
SecurityASCSM-CWE-681: Numeric Types Incorrect ConversionTechnology / Unit8060A pointer to a base Class shall only be cast to a pointer to a derived Class by means of 'dynamic_cast'确保在处理不兼容的类指针时使用所需的CAST类型。C++
 SecurityASCSM-CWE-681: Numeric Types Incorrect ConversionTechnology / Unit-

SQL
SecurityASCSM-CWE-772: Missing Release of Resource after Effective LifetimeTechnology / Unit-

C++ / SQL
SecurityASCSM-CWE-789: Uncontrolled Memory AllocationSystem / Technology-

C++ / SQL
SecurityASCSM-CWE-798: Hard-Coded Credentials Usage for Remote AuthenticationTechnology / Unit-

C++ / SQL
SecurityASCSM-CWE-835: Loop with Unreachable Exit Condition (Infinite Loop)Technology / Unit-

C++ / SQL

C++和Microsoft SQL应用单元层的CISQ/OMG质量度量规则详见: CISQ/OMG自动化源代码测量标准覆盖C++和Microsoft SQL应用-单元层

  • No labels