|
Common Quality EnumerationA Community-Developed Dictionary of Quality Issues |
Mapping-Friendly:
9001 - Default Graph
Ch
CharacteristicMaintainability - (9034)Maintainability is a Quality_Characteristic describing the
effort required to modify an entity.
Ch
CharacteristicAnalyzability - (9012)Analyzability is a Quality_Characteristic describing how easily
an entity can be examined.
Ch
CharacteristicLegibility - (9066)Legibility is a Quality_Characteristic describing how easily an
entity can be read.
Is
IssueInappropriate Comment Style - (9214)The source code uses comment styles or formats that are
inconsistent or do not follow expected standards for the
product.
Is
IssueSource Code Element without Standard Prologue - (9216)The source code contains elements such as source files or
callables that do not consistently follow a prologue or header that has been
standardized for the project.
Is
IssueArchitecture with Number of Horizontal Layers Outside of Expected Range - (9007)The software architecture contains too many - or too few -
horizontal layers.
Is
IssueCallable and Method Control Element Number of Outward Calls - (9024)This pattern identifies situations where the named callable
control element or method control element has a Fan-Out value that
is too large, based on its number of references to other objects within the
application which exceeds the threshold value; the application determines the
scope of the search for the referenced objects. Default value for threshold
value is 5.
Is
IssueCallable with Insufficient Behavioral Summary - (9218)The code contains a callable whose signature and/or associated
documentation does not sufficiently describe the callable's inputs, outputs,
side effects, assumptions, or return codes.
Ch
CharacteristicChangeability/Modifiability - (9029)Changeability is a Quality_Characteristic describing how easily
an entity can be changed or modified.
Is
IssueClass with Excessive Number of Child Classes - (9165)A class contains an unnecessarily large number of
children.
Is
IssueClass with an Excessive Inheritance Level - (9123)The inheritance level of a class is excessively high, i.e., it
has a large number of ancestors.
Is
IssueCompilation with Insufficient Warnings or Errors - (9228)The code is compiled without sufficient warnings enabled, which
may prevent the detection of subtle bugs or quality
issues.
Is
IssueData Element Declared Public - (9153)The software contains a data element that has been declared
public.
Is
IssueDeclaration of Variable with Unnecessarily Wide Scope - (9227)The source code declares a variable in one scope, but the
variable is only used within a narrower scope.
Is
IssueExcessive Code Complexity - (9221)The code is too complex, as calculated using a well-defined,
quantitative measure.
Is
IssueExcessive Attack Surface - (9226)The product has an attack surface whose quantitative
measurement exceeds a desirable maximum.
Is
IssueExcessive Cyclomatic Complexity - (9222)The code contains McCabe cyclomatic complexity that exceeds a
desirable maximum.
Is
IssueExcessive Cyclomatic Complexity Within an Invokable Control Element - (9185)A named callable or method control element contains control
flow that exceeds the desired cyclomatic complexity.
Is
IssueExcessive Halstead Complexity - (9223)The code is structured in a way that a Halstead complexity
measure exceeds a desirable maximum.
Is
IssueExcessively Deep Nesting - (9225)The code contains a callable or other code grouping in which
the nesting / branching is too deep.
Is
IssueExcessive Cyclomatic Complexity Within an Invokable Control Element - (9185)A named callable or method control element contains control
flow that exceeds the desired cyclomatic complexity.
Is
IssueExcessive Halstead Complexity - (9223)The code is structured in a way that a Halstead complexity
measure exceeds a desirable maximum.
Is
IssueExcessive Reliance on Global Variables - (9209)The code is structured in a way that relies too much on using
or setting global variables throughout various points in the code, instead of
preserving the associated information in a narrower, more local
context.
Is
IssueExcessive Use of Hard-Coded Literals in Initialization - (9046)The software initializes a data element using a hard-coded
literal.
Is
IssueExcessive Use of Unconditional Branching - (9220)The code uses too many unconditional branches (such as
"goto").
Is
IssueExcessive Volume of Commented-out Code - (9161)The software contains an excessive amount of code that has been
commented out.
Is
IssueExcessively Deep Nesting - (9225)The code contains a callable or other code grouping in which
the nesting / branching is too deep.
Is
IssueIncomplete Documentation - (9073)The documentation, whether on paper or in electronic form, does
not contain descriptions of all the relevant elements of the product, such as
its usage, structure, interfaces, design, implementation, configuration,
operation, etc.
Is
IssueIncomplete Design Documentation - (9211)The product's design documentation does not adequately describe
control flow, data flow, system initialization, relationships between tasks,
components, rationales, or other important aspects of the
design.
Is
IssueIncomplete Documentation of Program Execution - (9213)The document does not fully define all mechanisms that are used
to control or influence how product-specific programs are
executed.
Is
IssueIncomplete I/O Documentation - (9212)The product's documentation does not adequately define inputs,
outputs, or system/software interfaces.
Is
IssueInsufficient Documentation of Error Handling Techniques - (9219)The documentation does not sufficiently describe the techniques
that are used for error handling, exception processing, or similar
mechanisms.
Is
IssueMissing Design Representation Documentation - (9050)The documentation does not contain a representation of the
product's design.
Is
IssueInsufficient Adherence to Conventions - (9135)The product, architecture, source code, design, documentation,
or other artifact does not follow required conventions.
Is
IssueInappropriate Source Code Style or Formatting - (9139)The source code does not follow
desired style or formatting for indentation, white
space, comments, etc.
Is
IssueInappropriate Comment Style - (9214)The source code uses comment styles or formats that are
inconsistent or do not follow expected standards for the
product.
Is
IssueInappropriate Whitespace Style - (9215)The source code contains whitespace that is inconsistent across
the code or does not follow expected standards for the
product.
Is
IssueSource Code Element without Standard Prologue - (9216)The source code contains elements such as source files or
callables that do not consistently follow a prologue or header that has been
standardized for the project.
Is
IssueInsufficient Encapsulation of Machine-Dependent Functionality - (9206)The product or code uses machine-dependent functionality, but
it does not sufficiently encapsulate or isolate this functionality from
machine-independent functionality.
Is
IssueInsufficient Isolation of Symbolic Constant Definitions - (9208)The source code uses symbolic constants, but it does not
sufficiently place the definitions of these constants into a more centralized or
isolated location.
Is
IssueInsufficient Isolation of System-Dependent Functions - (9201)The product or code does not isolate system-dependent
functionality into separate standalone modules.
Is
IssueInsufficient Use of Symbolic Constants - (9207)The source code uses literal constants that may need to change
or evolve over time, instead of using symbolic constants.
Is
IssueInvocation of a Control Element at an Unnecessarily Deep Horizontal Layer - (9052)The code at one architectural layer invokes code that resides
at a deeper layer than the adjacent layer, i.e., the call skips at least one
layer.
Is
IssueInvokable Control Element with Excessive File or Data Access Operations - (9160)A named callable or method control element contains too many
operations that utilize a data manager or file resource.
Is
IssueInvokable Control Element with Signature Containing an Excessive Number of Parameters - (9093)The software contains a named callable or method control
element whose signature has an unnecessarily large number of
parameters.
Is
IssueLoop Condition Value Update within the Loop - (9190)The software uses a loop with a control flow condition based on
a value that is updated within the body of the loop.
Is
IssueMethod Containing Access of a Member Element from Another Class - (9181)A method for a class performs an operation that directly
accesses a member element from another class.
Ch
CharacteristicModularity - (9064)Modularity is a Quality_Characteristic describing the
component's ability to be decomposed and matched in other ways (loosely
coupled).
Is
IssueModules with Circular Dependencies - (9018)The software contains modules with circular
dependencies.
Is
IssueMultiple Inheritance from Concrete Classes - (9060)The software contains a class with inheritance from more than
one concrete class.
Is
IssueReliance on Machine-Dependent Data Representation - (9203)The code uses a data representation that relies on low-level
data representation or constructs that may vary across different processors,
physical machines, OSes, or other physical components.
Is
IssueReliance on Runtime Component in Generated Code - (9202)The product uses automatically-generated code that cannot be
executed without a specific runtime support component.
Ch
CharacteristicReusability - (9055)Reusability is a Quality_Characteristic describing how
efficiently an entity can be used in new applications.
Is
IssueSource Code File with Excessive Number of Lines of Code - (9151)A source code file has too many lines of
code.
Is
IssueUnconditional Control Flow Transfer outside of Switch Block - (9134)The software performs unconditional control transfer (such as a
"goto") in code outside of a branching structure such as a switch
block.
Is
IssueUnreachable Invokable Control Element - (9079)The software contains a named callable or method control
element that is not reachable by other code, i.e. is dead
code.
Ch
CharacteristicUsability - (9174)Usability is a Quality_Characteristic describing how much
effort is needed to learn, operate, and interpret outputs of an
entity.
Ch
CharacteristicAccessibility - (9033)Accessibility is a Quality_Characteristic describing the degree
to which a wide variety of users can use the entity.
Ch
CharacteristicAvailability - (9092)Availability is a Quality_Characteristic describing the degree
to which an entity will operate satisfactorily.
Ch
CharacteristicLearnability - (9171)Learnability is a Quality_Characteristic describing how easily
a human can become familiar with an entity.
Ch
CharacteristicOperability - (9015)Operability is a Quality_Characteristic describing how fit or
ready an entity is for use.
Ch
CharacteristicUnderstandability - (9084)Understandability is a Quality_Characteristic describing how
easily an entity can be comprehended.
Ch
CharacteristicAnalyzability - (9012)Analyzability is a Quality_Characteristic describing how easily
an entity can be examined.
Ch
CharacteristicLegibility - (9066)Legibility is a Quality_Characteristic describing how easily an
entity can be read.
Is
IssueInappropriate Comment Style - (9214)The source code uses comment styles or formats that are
inconsistent or do not follow expected standards for the
product.
Is
IssueSource Code Element without Standard Prologue - (9216)The source code contains elements such as source files or
callables that do not consistently follow a prologue or header that has been
standardized for the project.
Ch
CharacteristicCommunicativeness - (9149)Communicativeness is a Quality_Characteristic describing how
well an entity shares an idea.
Ch
CharacteristicConciseness - (9056)Conciseness is a Quality_Characteristic describing how briefly
and accurately an idea can be conveyed.
Is
IssueUse of Inaccurate Comments - (9217)The source code contains comments that do not accurately
describe or explain aspects of the portion of the code with which the comment is
associated.
Is
IssueUse of Platform-Dependent Third Party Components - (9204)The product relies on third-party software components that do
not provide equivalent functionality across all desirable
platforms.
Is
IssueUse of Redundant Code - (9011)The software has two or more invokable control elements that
contain the same code.
Is
IssueUse of Same Invokable Control Element in Multiple Architectural Layers - (9184)The software uses the same control element across multiple
architectural layers.
Is
IssueUse of Same Variable for Multiple Purposes - (9210)The code contains a callable, block, or other code element in
which the same variable is used to control more than one unique task or store
more than one instance of data.
Is
IssueUse of Unmaintained Third Party Components - (9205)The product relies on third-party components that are not
actively supported or maintained by the original developer or a trusted proxy
for the original developer.
Ch
CharacteristicPerformance - (9169)Performance is a Quality_Characteristic describing how an
entity executes its required functions.
Is
IssueAllocation of Memory without Associated Release - (9112)The software allocates memory for a data element, but it does
not release the associated memory at a later time.
Ch
CharacteristicAvailability - (9092)Availability is a Quality_Characteristic describing the degree
to which an entity will operate satisfactorily.
Ch
CharacteristicCo-existence - (9188)Co-existence is a Quality_Characteristic describing how well
elements are shared between entities.
Is
IssueCreation of Immutable Text Using String Concatenation - (9014)The software creates an immutable text string using string
concatenation operations.
Is
IssueData Access Operations Outside of Expected Data Manager Component - (9069)The software performs data-access operations that do not use a
dedicated, central data manager component.
Is
IssueData Element Aggregating an Excessively Large Number of Non-Primitive Elements - (9005)The software uses a data element that has an excessively large
number of sub-elements with non-primitive data types (i.e., aggregated objects).
Is
IssueData Resource Access without Use of Connection Pooling - (9116)The software accesses a data resource without using a
connection pooling capability.
Ch
CharacteristicDurability - (9186)Durability is a Quality_Characteristic describing how well an
entity survives over its lifetime.
Ch
CharacteristicEfficiency - (9074)Efficiency is a Quality_Characteristic describing how an entity
performs in relation to the amount of energy (work) required to
perform.
Ch
CharacteristicCapacity/Allocation - (9101)Capacity/Allocation is a Quality_Characteristic describing how
well limited resources are managed.
Ch
CharacteristicConciseness - (9056)Conciseness is a Quality_Characteristic describing how briefly
and accurately an idea can be conveyed.
Ch
CharacteristicModularity - (9064)Modularity is a Quality_Characteristic describing the
component's ability to be decomposed and matched in other ways (loosely
coupled).
Is
IssueModules with Circular Dependencies - (9018)The software contains modules with circular
dependencies.
Ch
CharacteristicReusability - (9055)Reusability is a Quality_Characteristic describing how
efficiently an entity can be used in new applications.
Is
IssueExcessive Code Complexity - (9221)The code is too complex, as calculated using a well-defined,
quantitative measure.
Is
IssueExcessive Attack Surface - (9226)The product has an attack surface whose quantitative
measurement exceeds a desirable maximum.
Is
IssueExcessive Cyclomatic Complexity - (9222)The code contains McCabe cyclomatic complexity that exceeds a
desirable maximum.
Is
IssueExcessive Cyclomatic Complexity Within an Invokable Control Element - (9185)A named callable or method control element contains control
flow that exceeds the desired cyclomatic complexity.
Is
IssueExcessive Halstead Complexity - (9223)The code is structured in a way that a Halstead complexity
measure exceeds a desirable maximum.
Is
IssueExcessively Deep Nesting - (9225)The code contains a callable or other code grouping in which
the nesting / branching is too deep.
Is
IssueExcessive Data Query Operations in a Large Data Table - (9027)The software performs a data query with a large number of joins
and sub-queries on a large data table.
Is
IssueExcessive Execution of Sequential Searches of Data Resource - (9103)The software contains a data query against an SQL table or view
that is configured in a way that does not utilize an index and may cause
sequential searches to be performed.
Is
IssueExcessive Index Range Scan for a Data Resource - (9187)The software contains an index range scan for a data resource,
but the scan can cover a large number of rows.
Is
IssueExcessive Number of Data Accesses using Inefficient Procedures - (9077)The software does not use efficient data-processing
capabilities (such as stored procedures) when accessing
data.
Is
IssueExcessive Number of Indices for a Large Data Table - (9175)The software uses a data table that contains a large number of
indices.
Is
IssueExcessive Platform Resource Consumption within a Loop - (9041)The software contains a loop or loop condition that directly or
indirectly consumes platform resources, e.g. sessions or file
descriptors.
Ch
CharacteristicFunctionality - (9091)Functionality is a Quality_Characteristic describing how well
an entity performs as designed.
Ch
CharacteristicCompliance - (9098)Compliance is a Quality_Characteristic describing how well an
entity conforms to a defined standard.
Ch
CharacteristicConsistency - (9065)Consistency is a Quality_Characteristic describing how well an
entity conforms to an undefined convention.
Is
IssueInconsistency Between Implementation and Documented Design - (9107)The implementation of the product is not consistent with the
design as described within the relevant documentation.
Is
IssueInconsistent Naming Conventions for Identifiers - (9200)The product's code, documentation, or other artifacts do not
consistently use the same naming conventions for variables, callables, groups of
related callables, I/O capabilities, data types, file names, or similar types of
elements.
Ch
CharacteristicPerceived Value - (9150)Perceived Value is a Quality_Characteristic describing cost to
benefit analysis when compared to a similar entity.
Ch
CharacteristicPortability - (9048)Portability is a Quality_Characteristic describing the effort
required to adapt or translate to other environments.
Ch
CharacteristicSecurity - (9115)A Quality_Characteristic describing safeguarding sensitive data
from unintended actors.
Is
IssueArray Index Improper Input Neutralization - (129)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the read or write action to access the array; none
of the callable or method control element of the transformation sequence being a
range check callable and method control element with regards to the array index.
Ch
CharacteristicAuthentication - (9133)Authentication is a Quality_Characteristic describing whether
an entity is what it is said to be.
Is
IssueBroken or Risky Cryptographic Algorithm Usage - (327)This pattern identifies situations where the application uses
the cryptographic deployed component while it is
not part of the list of vetted cryptographic deployed components. As an example,
FIPS 140-2 features a list of validated implementations.
Is
IssueBuffer Copy without Checking Size of Input - (120)This pattern identifies situations where two buffer storable
elements or member elements are allocated
with specific sizes in the source buffer allocation statement and target buffer
allocation statement, transformed within the
application via transformation sequences composed of ActionElements with
DataRelations relations, some of
which being part of named callable and method control elements,
then ultimately used by the application to move the content of the first buffer
onto the content of the second buffer through the
move buffer statement, while the size of the first buffer is greater than the
size of the second buffer.
Ch
CharacteristicCompliance - (9098)Compliance is a Quality_Characteristic describing how well an
entity conforms to a defined standard.
Ch
CharacteristicConsistency - (9065)Consistency is a Quality_Characteristic describing how well an
entity conforms to an undefined convention.
Is
IssueInconsistency Between Implementation and Documented Design - (9107)The implementation of the product is not consistent with the
design as described within the relevant documentation.
Is
IssueInconsistent Naming Conventions for Identifiers - (9200)The product's code, documentation, or other artifacts do not
consistently use the same naming conventions for variables, callables, groups of
related callables, I/O capabilities, data types, file names, or similar types of
elements.
Ch
CharacteristicConfidentiality - (9025)A Quality_Characteristic describing the level of protection
used to safeguard sensitive data.
Is
IssueCross-site Scripting Improper Input Neutralization - (79)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the user interface WritesUI action; none of the callable or
method control element of the transformation sequence being a vetted
sanitization control element from the list of vetted sanitization control
elements.
Is
IssueDeclaration of Catch for Generic Exception - (396)This pattern identifies situations where the named callable
control element or method control element contains the catch unit
which declares to catch the exception parameter whose datatype
is part of the list of overly broad exception datatypes. With
Java, an example is {'java.lang.Exception'}.
Is
IssueDeclaration of Throws for Generic Exception - (397)This pattern identifies situations where the named callable
control element or method control element throws with the Throws
action the exception parameter whose datatype is part of the
list of overly broad exception datatypes. In Java, one example from this list is
{'java.lang.Exception'}.
Is
IssueExcessive Attack Surface - (9226)The product has an attack surface whose quantitative
measurement exceeds a desirable maximum.
Is
IssueExpired or Released Resource Usage - (672)This pattern
identifies situations where the platform resource is
deallocated in the manages action using its unique
resource handler value which is transported throughout the application via the
transport sequence composed of ActionElements with
DataRelations relations, some of
which being part of named callable and method control elements,
then used later within the application to try and access the resource in the
read or write action.
Is
IssueFile Upload Improper Input Neutralization - (434)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the file upload action; none of the callable or method control element of the
transformation sequence being a vetted sanitization callable and method control
element from the list of vetted sanitization callable and method control
elements.
Is
IssueFormat String Improper Input Neutralization - (134)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the formatting statement; none of the callable or method control element of
the transformation sequence being a vetted sanitization control element from the
list of vetted sanitization control elements.
Is
IssueHard-Coded Credentials Usage for Remote Authentication - (798)This pattern identifies situations where a literal value
is hard-coded in the application via the Write action,
transported throughout the application along the sequence
composed of ActionElements with DataRelations, some of which being part of named callable and
method control elements, and ultimately used in
the remote resource management action; the transport sequence is composed of assignment
operations as updates to the value would not be considered as hard-coded
(literal) any more.
Ch
CharacteristicIntegrity - (9148)Integrity is a Quality_Characteristic describing whether data
has been corrupted in transmission.
Is
IssueLoop with Unreachable Exit Condition ('Infinite Loop') - (835)This pattern identifies situations where the named callable
control element or method control element features the execution
path whose entry element
is found again in the path, while it has no path whatsoever
to not return to itself and exit the recursion.
Is
IssueMissing Release of Resource after Effective Lifetime - (772)This pattern identifies situations where the platform resource
is allocated and assigned a unique resource handler
value via the ManagesResource action, its unique
resource handler value is used throughout the application, along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, none of which being
a resource release statement.
Is
IssueName or Reference Resolution Improper Input Neutralization - (99)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the platform action to access a resource by its name; none of the callable or method control
element of the transformation sequence being a vetted sanitization callable and
method control elements from the list of vetted sanitization callable and method
control elements.
Ch
CharacteristicNon-repudiation - (9009)Non-repudiation is a Quality_Characteristic describing whether
data has been verified against its source.
Is
IssueNumeric Types Incorrect Conversion - (681)This pattern identifies situations where the storable element
or member element is declared with the
numerical datatype in
the Create action, then updated with a value which is cast via
the type cast action into the second numerical datatype, which is incompatible with the
first one.
Is
IssueOS Command Injection Improper Input Neutralization - (78)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the platform action to be executed by the
execution environment; none of the callable or
method control element of the transformation sequence being a vetted
sanitization callable and method control element from the list of vetted
sanitization callable and method control elements.
Is
IssuePath Traversal Improper Input Neutralization - (22)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the file path creation statement; none of the
callable or method control element of the transformation sequence being a vetted
sanitization callable and method control element from the
list of vetted sanitization control elements.
Is
IssueSQL Injection Improper Input Neutralization - (89)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the SQL compilation statement; none of the callable or method control element of the
transformation sequence being a vetted sanitization callable and method control
elements from the list of vetted sanitization control
elements.
Is
IssueShared Resource Improper Locking - (667)This pattern identifies situations where the shared
storable data element or member
data element, declared with the Create action, is accessed outside a critical section of
the application via the Read or Write action.
The critical nature of the section is technology and platform dependent. As
examples, in C/C++, critical nature comes from the use of 'mtx_lock' and
'mtx_unlock' from the 'threads.h' standard C language API,
or from the use of 'pthread_mutex_lock' and 'pthread_mutex_unlock' from the
'pthreads.h' C/C++ POSIX API, or from the use of 'EnterCriticalSection' and 'LeaveCriticalSection' from the
'windows.h' C/C++ Win32 API. As other examples, in Java, critical nature comes
from the use of the 'synchronized' keyword, and in C#, critical nature comes
from the use of the 'lock' keyword.
Is
IssueStorable and Member Data Element Missing Initialization - (456)The software contains a storable or member data element that is
not initialized before it is used.
Ch
CharacteristicStructuredness - (9099)Structuredness is a Quality_Characteristic describing how well
an entity conforms to a given arrangement or partition.
Ch
CharacteristicConsistency - (9065)Consistency is a Quality_Characteristic describing how well an
entity conforms to an undefined convention.
Is
IssueInconsistency Between Implementation and Documented Design - (9107)The implementation of the product is not consistent with the
design as described within the relevant documentation.
Is
IssueInconsistent Naming Conventions for Identifiers - (9200)The product's code, documentation, or other artifacts do not
consistently use the same naming conventions for variables, callables, groups of
related callables, I/O capabilities, data types, file names, or similar types of
elements.
Is
IssueUnchecked Input for Loop Condition - (606)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the loop condition statement; none of the callable or method
control element of the transformation sequence being a range check control
element
Is
IssueUnchecked Return Parameter Value of Invokable Control Element with Read, Write, and Manage Access to Platform or Data Resource - (252)A named callable control element
or method control element performs an action that
reads, writes, or manages access to a data or platform
resource, but it does not check the return parameter
from the action.
Is
IssueUncontrolled Memory Allocation - (789)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
as an index element to access a storable or member data element
in the buffer Read or Write access action; none of the callable or method
control element of the transformation sequence being a range check with regards
to the 'Buffer' buffer that whose maximum size was defined in the buffer
creation action.
Ch
CharacteristicSelf-Containedness - (9128)Self-Containedness is a Quality_Characteristic describing how
well an element operates independently.
Ch
CharacteristicStructuredness - (9099)Structuredness is a Quality_Characteristic describing how well
an entity conforms to a given arrangement or partition.
Ch
CharacteristicConsistency - (9065)Consistency is a Quality_Characteristic describing how well an
entity conforms to an undefined convention.
Is
IssueInconsistency Between Implementation and Documented Design - (9107)The implementation of the product is not consistent with the
design as described within the relevant documentation.
Is
IssueInconsistent Naming Conventions for Identifiers - (9200)The product's code, documentation, or other artifacts do not
consistently use the same naming conventions for variables, callables, groups of
related callables, I/O capabilities, data types, file names, or similar types of
elements.
Ch
CharacteristicSuitability - (9119)Suitability is a Quality_Characteristic describing how well an
entity meets objectives and requirements for a situation.
Ch
CharacteristicUsability - (9174)Usability is a Quality_Characteristic describing how much
effort is needed to learn, operate, and interpret outputs of an
entity.
Ch
CharacteristicAccessibility - (9033)Accessibility is a Quality_Characteristic describing the degree
to which a wide variety of users can use the entity.
Ch
CharacteristicAvailability - (9092)Availability is a Quality_Characteristic describing the degree
to which an entity will operate satisfactorily.
Ch
CharacteristicLearnability - (9171)Learnability is a Quality_Characteristic describing how easily
a human can become familiar with an entity.
Ch
CharacteristicOperability - (9015)Operability is a Quality_Characteristic describing how fit or
ready an entity is for use.
Ch
CharacteristicUnderstandability - (9084)Understandability is a Quality_Characteristic describing how
easily an entity can be comprehended.
Ch
CharacteristicAnalyzability - (9012)Analyzability is a Quality_Characteristic describing how easily
an entity can be examined.
Ch
CharacteristicLegibility - (9066)Legibility is a Quality_Characteristic describing how easily an
entity can be read.
Is
IssueInappropriate Comment Style - (9214)The source code uses comment styles or formats that are
inconsistent or do not follow expected standards for the
product.
Is
IssueSource Code Element without Standard Prologue - (9216)The source code contains elements such as source files or
callables that do not consistently follow a prologue or header that has been
standardized for the project.
Ch
CharacteristicCommunicativeness - (9149)Communicativeness is a Quality_Characteristic describing how
well an entity shares an idea.
Ch
CharacteristicConciseness - (9056)Conciseness is a Quality_Characteristic describing how briefly
and accurately an idea can be conveyed.
Is
IssueInitialization within a Static Code Block - (9090)A code block that has been declared static performs
initialization of data.
Is
IssueNon-SQL Named Callable and Method Control Element with Excessive Number of Data Resource Access - (9122)This pattern identifies situations where the client-side named
callable and method control elements, not in any data manager
resource, embeds a number of accesses to a data resource, which is considered too large
because it exceeds the default threshold value of 2.
Ch
CharacteristicReliability - (9120)Reliability is a Quality_Characteristic describing how
dependably an entity performs.
Ch
CharacteristicAccountability - (9053)Accountability is a Quality_Characteristic describing how well
an entity records its actions.
Ch
CharacteristicAccuracy - (9008)Accuracy is a Quality_Characteristic describing how precise an
entity's outputs are.
Ch
CharacteristicCompleteness - (9020)Completeness is a Quality_Characteristic describing how
thorough an entity is.
Is
IssueBuffer Copy without Checking Size of Input - (120)This pattern identifies situations where two buffer storable
elements or member elements are allocated
with specific sizes in the source buffer allocation statement and target buffer
allocation statement, transformed within the
application via transformation sequences composed of ActionElements with
DataRelations relations, some of
which being part of named callable and method control elements,
then ultimately used by the application to move the content of the first buffer
onto the content of the second buffer through the
move buffer statement, while the size of the first buffer is greater than the
size of the second buffer.
Is
IssueChild Class Element without Virtual Destructor unlike its Parent Class Element - (9013)This pattern identifies situations where, with languages where
custom destructors can be written, the child class element
used in the 'from' association of an Extends class
relation whose parent class element that is used in the 'to' association of the
Extends class relation, directly or indirectly through parent and child class
element, has the parent virtual destructor, that lack its own virtual destructor.
Is
IssueClass Element with Virtual Method Element without Virtual Destructor - (9166)This pattern identifies situations where the class element
contains the virtual method
element yet without declaring
any virtual destructor.
Is
IssueClass Instance Self Destruction Control Element - (9156)This pattern identifies situations where the class element
executes the control element to destroy itself. As an example of
self-destruction control element in C++, the 'delete this' control
element.
Ch
CharacteristicCo-existence - (9188)Co-existence is a Quality_Characteristic describing how well
elements are shared between entities.
Is
IssueData Access Control Element from Outside Designated Data Manager Component - (9159)This pattern identifies situations where named callable control
element or method control element executes the data action
statement although it is not part of a component
identified as one of the dedicated data access components
from the data access component list. The data access component can be either
client-side or server-side, which means that data access components can be
developed using non-SQL languages. The pattern simply identifies situations
where the implementation does not follow the intended design, regardless of the
design.
Is
IssueDeclaration of Catch for Generic Exception - (396)This pattern identifies situations where the named callable
control element or method control element contains the catch unit
which declares to catch the exception parameter whose datatype
is part of the list of overly broad exception datatypes. With
Java, an example is {'java.lang.Exception'}.
Is
IssueDeclaration of Throws for Generic Exception - (397)This pattern identifies situations where the named callable
control element or method control element throws with the Throws
action the exception parameter whose datatype is part of the
list of overly broad exception datatypes. In Java, one example from this list is
{'java.lang.Exception'}.
Is
IssueEmpty Exception Block - (9108)An invokable code block contains an exception handling block
that is empty.
Is
IssueFloat Type Storable and Member Data Element Comparison with Equality Operator - (9138)This pattern identifies situations where the floating value 1
and floating value 2 of storable or member data elements
of float types, are tested for equality with regular comparison operators in
the comparison control element.
Is
IssueIncorrect Type Conversion or Cast - (704)This pattern identifies situations where the storable element
or member element is declared with the
datatype in the Create action, then updated
with a value that is cast via the type cast action into the second datatype, which is
incompatible with the first one.
Is
IssueInitialization with Hard-Coded Network Resource Configuration Data - (9042)The software initializes data using hard-coded values related
to network configuration.
Is
IssueInvokable Control Element with Variadic Parameter Element - (9062)A named-callable or method control element has a signature that
supports a variable number of parameters.
Ch
CharacteristicMaturity - (9114)Maturity is a Quality_Characteristic describing how well an
entity's behaviors can reliably and sustainably produce required
outcomes.
Is
IssueMemory Location Access After End of Buffer - (788)This pattern identifies situations where the value element
is transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
as an index element to access a storable or member data element
in the buffer Read or Write access action; none of the callable or method
control element of the transformation sequence being a range check with regards
to the buffer whose maximum size was defined in the buffer creation action.
Is
IssueMissing Release of Resource after Effective Lifetime - (772)This pattern identifies situations where the platform resource
is allocated and assigned a unique resource handler
value via the ManagesResource action, its unique
resource handler value is used throughout the application, along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, none of which being
a resource release statement.
Is
IssueMissing Serialization Control Element - (9102)The software contains a serializable data element that does not
have an associated serialization method.
Is
IssueModules with Circular Dependencies - (9018)The software contains modules with circular
dependencies.
Is
IssueNamed Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element - (9070)This pattern identifies situations where the named callable
control element or method control element owns unsafe non-final
static storable or member data element while it
operates in a multi-threaded environment.
Is
IssueParent Class Element with References to Child Class Element - (9087)This pattern identifies situations where the parent class
element that is used in the
'to' association of the Extends class relation, references the child class
element used in the 'from'
association of the Extends class relation, directly or indirectly
through parent and child class element, with the callable or data relations.
The reference statement is
made directly to the child class element or to any one of its own method or
member elements.
Is
IssueParent Class Element without Virtual Destructor Method Element - (9147)This pattern identifies situations where, with languages where
custom destructors can be written, the parent class element of the
child class element via an Extends class
relation has no virtual destructor.
Is
IssuePersistent Storable Data Element without Associated Comparison Control Element - (9193)The software uses a storable data element that does not have
all of the associated control elements that are necessary to support
comparison.
Ch
CharacteristicRecoverability - (9117)Recoverability is a Quality_Characteristic describing how
easily an entity returns to a desired state from unexpected
situations.
Ch
CharacteristicReplaceability - (9051)Replaceability is a Quality_Characteristic describing how
easily an element can be exchanged in a given environment.
Ch
CharacteristicRobustness - (9163)Robustness is a Quality_Characteristic describing how well an
entity can perform given unexpected situations.
Is
IssueRuntime Resource Management Control Element in a Component Built to Run on Application Servers - (9100)This pattern identifies situations where the application uses
deployed component from the platform deployed
component list, yet uses control elements from the list of low-level resource
management API.
Is
IssueSerializable Data Element Containing non-Serializable Item Elements - (9110)The software contains a serializable, storable data element,
but the data element contains item elements that are not
serializable.
Is
IssueSingleton Class Instance Creation without Proper Lock Element Management - (9192)This pattern identifies situations where the singleton class
element, that is, a class
element that can be used only once in the 'to' association of a Create action,
is instantiated with the Creates action element
without any prior locking mechanism activation.
Ch
CharacteristicStability - (9195)Stability is a Quality_Characteristic describing how well an
entity can reliably perform over a period of time.
Is
IssueStorable and Member Data Element Missing Initialization - (456)The software contains a storable or member data element that is
not initialized before it is used.
Is
IssueStorable or Member Data Element containing Pointer Item Element without Proper Copy Control Element - (9194)This pattern identifies situations where the storable data
element or member data element contains
the child pointer data element but has no dedicated copy operation or
copy constructor element.
Is
IssueSynchronous Call Time-Out Absence - (9173)This pattern identifies situations where the synchronous call
instruction is initiated but the time-out argument is not set or set to infinite
time.
Is
IssueUnchecked Return Parameter Value of Invokable Control Element with Read, Write, and Manage Access to Platform or Data Resource - (252)A named callable control element
or method control element performs an action that
reads, writes, or manages access to a data or platform
resource, but it does not check the return parameter
from the action.
Is
IssueUncontrolled Recursion - (674)This pattern identifies situations where the named callable
control element or method control element features the recursive
execution path.
Ch
CharacteristicRobustness - (9163)Robustness is a Quality_Characteristic describing how well an
entity can perform given unexpected situations.
Ch
CharacteristicStability - (9195)Stability is a Quality_Characteristic describing how well an
entity can reliably perform over a period of time.
Is
IssueStatic Member Data Element outside of a Singleton Class Element - (9004)This pattern identifies situations where the static member
element is declared as static but
its parent class element
is not a singleton class, that is, a class element that can be used only once in
the 'to' association of a Create action; it does not take into
account final static fields.
Is
IssueUse of Data Element without Invoking Deconstructor Method - (9182)The software accesses a data element but does not later invoke
its associated finalize method.
Ch
CharacteristicReliability - (9120)Reliability is a Quality_Characteristic describing how
dependably an entity performs.
Ch
CharacteristicAccountability - (9053)Accountability is a Quality_Characteristic describing how well
an entity records its actions.
Ch
CharacteristicAccuracy - (9008)Accuracy is a Quality_Characteristic describing how precise an
entity's outputs are.
Ch
CharacteristicCompleteness - (9020)Completeness is a Quality_Characteristic describing how
thorough an entity is.
Is
IssueBuffer Copy without Checking Size of Input - (120)This pattern identifies situations where two buffer storable
elements or member elements are allocated
with specific sizes in the source buffer allocation statement and target buffer
allocation statement, transformed within the
application via transformation sequences composed of ActionElements with
DataRelations relations, some of
which being part of named callable and method control elements,
then ultimately used by the application to move the content of the first buffer
onto the content of the second buffer through the
move buffer statement, while the size of the first buffer is greater than the
size of the second buffer.
Is
IssueChild Class Element without Virtual Destructor unlike its Parent Class Element - (9013)This pattern identifies situations where, with languages where
custom destructors can be written, the child class element
used in the 'from' association of an Extends class
relation whose parent class element that is used in the 'to' association of the
Extends class relation, directly or indirectly through parent and child class
element, has the parent virtual destructor, that lack its own virtual destructor.
Is
IssueClass Element with Virtual Method Element without Virtual Destructor - (9166)This pattern identifies situations where the class element
contains the virtual method
element yet without declaring
any virtual destructor.
Is
IssueClass Instance Self Destruction Control Element - (9156)This pattern identifies situations where the class element
executes the control element to destroy itself. As an example of
self-destruction control element in C++, the 'delete this' control
element.
Ch
CharacteristicCo-existence - (9188)Co-existence is a Quality_Characteristic describing how well
elements are shared between entities.
Is
IssueData Access Control Element from Outside Designated Data Manager Component - (9159)This pattern identifies situations where named callable control
element or method control element executes the data action
statement although it is not part of a component
identified as one of the dedicated data access components
from the data access component list. The data access component can be either
client-side or server-side, which means that data access components can be
developed using non-SQL languages. The pattern simply identifies situations
where the implementation does not follow the intended design, regardless of the
design.
Is
IssueDeclaration of Catch for Generic Exception - (396)This pattern identifies situations where the named callable
control element or method control element contains the catch unit
which declares to catch the exception parameter whose datatype
is part of the list of overly broad exception datatypes. With
Java, an example is {'java.lang.Exception'}.
Is
IssueDeclaration of Throws for Generic Exception - (397)This pattern identifies situations where the named callable
control element or method control element throws with the Throws
action the exception parameter whose datatype is part of the
list of overly broad exception datatypes. In Java, one example from this list is
{'java.lang.Exception'}.
Is
IssueEmpty Exception Block - (9108)An invokable code block contains an exception handling block
that is empty.
Is
IssueFloat Type Storable and Member Data Element Comparison with Equality Operator - (9138)This pattern identifies situations where the floating value 1
and floating value 2 of storable or member data elements
of float types, are tested for equality with regular comparison operators in
the comparison control element.
Is
IssueIncorrect Type Conversion or Cast - (704)This pattern identifies situations where the storable element
or member element is declared with the
datatype in the Create action, then updated
with a value that is cast via the type cast action into the second datatype, which is
incompatible with the first one.
Is
IssueInitialization with Hard-Coded Network Resource Configuration Data - (9042)The software initializes data using hard-coded values related
to network configuration.
Is
IssueInvokable Control Element with Variadic Parameter Element - (9062)A named-callable or method control element has a signature that
supports a variable number of parameters.
Ch
CharacteristicMaturity - (9114)Maturity is a Quality_Characteristic describing how well an
entity's behaviors can reliably and sustainably produce required
outcomes.
Is
IssueMemory Location Access After End of Buffer - (788)This pattern identifies situations where the value element
is transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
as an index element to access a storable or member data element
in the buffer Read or Write access action; none of the callable or method
control element of the transformation sequence being a range check with regards
to the buffer whose maximum size was defined in the buffer creation action.
Is
IssueMissing Release of Resource after Effective Lifetime - (772)This pattern identifies situations where the platform resource
is allocated and assigned a unique resource handler
value via the ManagesResource action, its unique
resource handler value is used throughout the application, along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, none of which being
a resource release statement.
Is
IssueMissing Serialization Control Element - (9102)The software contains a serializable data element that does not
have an associated serialization method.
Is
IssueModules with Circular Dependencies - (9018)The software contains modules with circular
dependencies.
Is
IssueNamed Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element - (9070)This pattern identifies situations where the named callable
control element or method control element owns unsafe non-final
static storable or member data element while it
operates in a multi-threaded environment.
Is
IssueParent Class Element with References to Child Class Element - (9087)This pattern identifies situations where the parent class
element that is used in the
'to' association of the Extends class relation, references the child class
element used in the 'from'
association of the Extends class relation, directly or indirectly
through parent and child class element, with the callable or data relations.
The reference statement is
made directly to the child class element or to any one of its own method or
member elements.
Is
IssueParent Class Element without Virtual Destructor Method Element - (9147)This pattern identifies situations where, with languages where
custom destructors can be written, the parent class element of the
child class element via an Extends class
relation has no virtual destructor.
Is
IssuePersistent Storable Data Element without Associated Comparison Control Element - (9193)The software uses a storable data element that does not have
all of the associated control elements that are necessary to support
comparison.
Ch
CharacteristicRecoverability - (9117)Recoverability is a Quality_Characteristic describing how
easily an entity returns to a desired state from unexpected
situations.
Ch
CharacteristicReplaceability - (9051)Replaceability is a Quality_Characteristic describing how
easily an element can be exchanged in a given environment.
Ch
CharacteristicRobustness - (9163)Robustness is a Quality_Characteristic describing how well an
entity can perform given unexpected situations.
Is
IssueRuntime Resource Management Control Element in a Component Built to Run on Application Servers - (9100)This pattern identifies situations where the application uses
deployed component from the platform deployed
component list, yet uses control elements from the list of low-level resource
management API.
Is
IssueSerializable Data Element Containing non-Serializable Item Elements - (9110)The software contains a serializable, storable data element,
but the data element contains item elements that are not
serializable.
Is
IssueSingleton Class Instance Creation without Proper Lock Element Management - (9192)This pattern identifies situations where the singleton class
element, that is, a class
element that can be used only once in the 'to' association of a Create action,
is instantiated with the Creates action element
without any prior locking mechanism activation.
Ch
CharacteristicStability - (9195)Stability is a Quality_Characteristic describing how well an
entity can reliably perform over a period of time.
Is
IssueStorable and Member Data Element Missing Initialization - (456)The software contains a storable or member data element that is
not initialized before it is used.
Is
IssueStorable or Member Data Element containing Pointer Item Element without Proper Copy Control Element - (9194)This pattern identifies situations where the storable data
element or member data element contains
the child pointer data element but has no dedicated copy operation or
copy constructor element.
Is
IssueSynchronous Call Time-Out Absence - (9173)This pattern identifies situations where the synchronous call
instruction is initiated but the time-out argument is not set or set to infinite
time.
Is
IssueUnchecked Return Parameter Value of Invokable Control Element with Read, Write, and Manage Access to Platform or Data Resource - (252)A named callable control element
or method control element performs an action that
reads, writes, or manages access to a data or platform
resource, but it does not check the return parameter
from the action.
Is
IssueUncontrolled Recursion - (674)This pattern identifies situations where the named callable
control element or method control element features the recursive
execution path.
Ch
CharacteristicSecurity - (9115)A Quality_Characteristic describing safeguarding sensitive data
from unintended actors.
Is
IssueArray Index Improper Input Neutralization - (129)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the read or write action to access the array; none
of the callable or method control element of the transformation sequence being a
range check callable and method control element with regards to the array index.
Ch
CharacteristicAuthentication - (9133)Authentication is a Quality_Characteristic describing whether
an entity is what it is said to be.
Is
IssueBroken or Risky Cryptographic Algorithm Usage - (327)This pattern identifies situations where the application uses
the cryptographic deployed component while it is
not part of the list of vetted cryptographic deployed components. As an example,
FIPS 140-2 features a list of validated implementations.
Is
IssueBuffer Copy without Checking Size of Input - (120)This pattern identifies situations where two buffer storable
elements or member elements are allocated
with specific sizes in the source buffer allocation statement and target buffer
allocation statement, transformed within the
application via transformation sequences composed of ActionElements with
DataRelations relations, some of
which being part of named callable and method control elements,
then ultimately used by the application to move the content of the first buffer
onto the content of the second buffer through the
move buffer statement, while the size of the first buffer is greater than the
size of the second buffer.
Ch
CharacteristicCompliance - (9098)Compliance is a Quality_Characteristic describing how well an
entity conforms to a defined standard.
Ch
CharacteristicConsistency - (9065)Consistency is a Quality_Characteristic describing how well an
entity conforms to an undefined convention.
Is
IssueInconsistency Between Implementation and Documented Design - (9107)The implementation of the product is not consistent with the
design as described within the relevant documentation.
Is
IssueInconsistent Naming Conventions for Identifiers - (9200)The product's code, documentation, or other artifacts do not
consistently use the same naming conventions for variables, callables, groups of
related callables, I/O capabilities, data types, file names, or similar types of
elements.
Ch
CharacteristicConfidentiality - (9025)A Quality_Characteristic describing the level of protection
used to safeguard sensitive data.
Is
IssueCross-site Scripting Improper Input Neutralization - (79)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the user interface WritesUI action; none of the callable or
method control element of the transformation sequence being a vetted
sanitization control element from the list of vetted sanitization control
elements.
Is
IssueDeclaration of Catch for Generic Exception - (396)This pattern identifies situations where the named callable
control element or method control element contains the catch unit
which declares to catch the exception parameter whose datatype
is part of the list of overly broad exception datatypes. With
Java, an example is {'java.lang.Exception'}.
Is
IssueDeclaration of Throws for Generic Exception - (397)This pattern identifies situations where the named callable
control element or method control element throws with the Throws
action the exception parameter whose datatype is part of the
list of overly broad exception datatypes. In Java, one example from this list is
{'java.lang.Exception'}.
Is
IssueExcessive Attack Surface - (9226)The product has an attack surface whose quantitative
measurement exceeds a desirable maximum.
Is
IssueExpired or Released Resource Usage - (672)This pattern
identifies situations where the platform resource is
deallocated in the manages action using its unique
resource handler value which is transported throughout the application via the
transport sequence composed of ActionElements with
DataRelations relations, some of
which being part of named callable and method control elements,
then used later within the application to try and access the resource in the
read or write action.
Is
IssueFile Upload Improper Input Neutralization - (434)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the file upload action; none of the callable or method control element of the
transformation sequence being a vetted sanitization callable and method control
element from the list of vetted sanitization callable and method control
elements.
Is
IssueFormat String Improper Input Neutralization - (134)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the formatting statement; none of the callable or method control element of
the transformation sequence being a vetted sanitization control element from the
list of vetted sanitization control elements.
Is
IssueHard-Coded Credentials Usage for Remote Authentication - (798)This pattern identifies situations where a literal value
is hard-coded in the application via the Write action,
transported throughout the application along the sequence
composed of ActionElements with DataRelations, some of which being part of named callable and
method control elements, and ultimately used in
the remote resource management action; the transport sequence is composed of assignment
operations as updates to the value would not be considered as hard-coded
(literal) any more.
Ch
CharacteristicIntegrity - (9148)Integrity is a Quality_Characteristic describing whether data
has been corrupted in transmission.
Is
IssueLoop with Unreachable Exit Condition ('Infinite Loop') - (835)This pattern identifies situations where the named callable
control element or method control element features the execution
path whose entry element
is found again in the path, while it has no path whatsoever
to not return to itself and exit the recursion.
Is
IssueMissing Release of Resource after Effective Lifetime - (772)This pattern identifies situations where the platform resource
is allocated and assigned a unique resource handler
value via the ManagesResource action, its unique
resource handler value is used throughout the application, along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, none of which being
a resource release statement.
Is
IssueName or Reference Resolution Improper Input Neutralization - (99)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the platform action to access a resource by its name; none of the callable or method control
element of the transformation sequence being a vetted sanitization callable and
method control elements from the list of vetted sanitization callable and method
control elements.
Ch
CharacteristicNon-repudiation - (9009)Non-repudiation is a Quality_Characteristic describing whether
data has been verified against its source.
Is
IssueNumeric Types Incorrect Conversion - (681)This pattern identifies situations where the storable element
or member element is declared with the
numerical datatype in
the Create action, then updated with a value which is cast via
the type cast action into the second numerical datatype, which is incompatible with the
first one.
Is
IssueOS Command Injection Improper Input Neutralization - (78)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the platform action to be executed by the
execution environment; none of the callable or
method control element of the transformation sequence being a vetted
sanitization callable and method control element from the list of vetted
sanitization callable and method control elements.
Is
IssuePath Traversal Improper Input Neutralization - (22)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the file path creation statement; none of the
callable or method control element of the transformation sequence being a vetted
sanitization callable and method control element from the
list of vetted sanitization control elements.
Is
IssueSQL Injection Improper Input Neutralization - (89)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the SQL compilation statement; none of the callable or method control element of the
transformation sequence being a vetted sanitization callable and method control
elements from the list of vetted sanitization control
elements.
Is
IssueShared Resource Improper Locking - (667)This pattern identifies situations where the shared
storable data element or member
data element, declared with the Create action, is accessed outside a critical section of
the application via the Read or Write action.
The critical nature of the section is technology and platform dependent. As
examples, in C/C++, critical nature comes from the use of 'mtx_lock' and
'mtx_unlock' from the 'threads.h' standard C language API,
or from the use of 'pthread_mutex_lock' and 'pthread_mutex_unlock' from the
'pthreads.h' C/C++ POSIX API, or from the use of 'EnterCriticalSection' and 'LeaveCriticalSection' from the
'windows.h' C/C++ Win32 API. As other examples, in Java, critical nature comes
from the use of the 'synchronized' keyword, and in C#, critical nature comes
from the use of the 'lock' keyword.
Is
IssueStorable and Member Data Element Missing Initialization - (456)The software contains a storable or member data element that is
not initialized before it is used.
Ch
CharacteristicStructuredness - (9099)Structuredness is a Quality_Characteristic describing how well
an entity conforms to a given arrangement or partition.
Ch
CharacteristicConsistency - (9065)Consistency is a Quality_Characteristic describing how well an
entity conforms to an undefined convention.
Is
IssueInconsistency Between Implementation and Documented Design - (9107)The implementation of the product is not consistent with the
design as described within the relevant documentation.
Is
IssueInconsistent Naming Conventions for Identifiers - (9200)The product's code, documentation, or other artifacts do not
consistently use the same naming conventions for variables, callables, groups of
related callables, I/O capabilities, data types, file names, or similar types of
elements.
Is
IssueUnchecked Input for Loop Condition - (606)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
in the loop condition statement; none of the callable or method
control element of the transformation sequence being a range check control
element
Is
IssueUnchecked Return Parameter Value of Invokable Control Element with Read, Write, and Manage Access to Platform or Data Resource - (252)A named callable control element
or method control element performs an action that
reads, writes, or manages access to a data or platform
resource, but it does not check the return parameter
from the action.
Is
IssueUncontrolled Memory Allocation - (789)This pattern identifies situations where an external value is
entered into the application through the user interface ReadsUI action,
transformed throughout the application along the sequence
composed of ActionElements with DataRelations relations, some of which being part of
named callable and method control elements, and ultimately used
as an index element to access a storable or member data element
in the buffer Read or Write access action; none of the callable or method
control element of the transformation sequence being a range check with regards
to the 'Buffer' buffer that whose maximum size was defined in the buffer
creation action.
