CQE-252: Unchecked Return Parameter Value of Invokable Control Element with Read, Write, and Manage Access to Platform or Data Resource

 
Unchecked Return Parameter Value of Invokable Control Element with Read, Write, and Manage Access to Platform or Data Resource
[an error occurred while processing this directive] Definition in a New Window Definition in a New Window
Quality Issue ID: 252 Maturity: Preliminary
+ Description

Description Summary

A named callable control element or method control element performs an action that reads, writes, or manages access to a data or platform resource, but it does not check the return parameter from the action.

Extended Description

For data resources managed using SQL, this pattern identifies situations where the invokable control element executes a CRUD SQL statement with the execute SQL statement action, yet the value of the return parameter from the action is not used by any check control element.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains to
View
ChildOf
Pr
Practice		9010Execution Status Control
Quality Issues Organized by Practices (primary)9002
ChildOf
Ch
Characteristic		9115Security
Default Graph (primary)9001
ChildOf
Ch
Characteristic		9120Reliability
Default Graph (primary)9001
ChildOf
Pr
Practice		9131Error/Exception Handling
Quality Issues Organized by Practices (primary)9002
ChildOf
Pr
Practice		9176Coding Practices
Quality Issues Organized by Practices (primary)9002
CanPrecede
Co
Consequence		9057Erroneous Behaviors
Default Graph (primary)9001
CanPrecede
Co
Consequence		9145Degraded Comprehension
Default Graph (primary)9001
CanPrecede
Co
Consequence		9154Poisoned Data Usage
Default Graph (primary)9001
CanPrecede
Co
Consequence		9168Unexpected Behaviors
Default Graph (primary)9001

Related Taxonomy Entries

TaxonomyVersionRelated ID
ASCRM1ASCRM-CWE-252-data
ASCRM1ASCRM-CWE-252-resource
ASCSM1ASCSM-CWE-252
CWE2.11252
+ References
"Automated Source Code Security Measure (ASCSM)". ASCSM-CWE-252-resource. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>.
"Automated Source Code Reliability Measure (ASCRM)". ASCRM-CWE-252-resource. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>.
"Automated Source Code Reliability Measure (ASCRM)". ASCRM-CWE-252-data. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>.
Page Last Updated or Reviewed: October 01, 2017