935 Rules
| ID | Name | Severity |
|---|---|---|
| 592 | Ensure you provide a user-defined copy constructor or disable copy when a class allocates memory in its constructor |
high
|
| 678 | Never throw an exception from a Destructor |
high
|
| 1072 | Avoid using memory management Functions (free/malloc/realloc) |
medium
|
| 1074 | Avoid using signals management Functions |
medium
|
| 1576 | Use varchar2 instead of char and varchar |
medium
|
| 1578 | Avoid using LONG & LONG RAW datatype for Table Columns |
medium
|
| 1580 | Avoid using execute immediate |
critical
|
| 1588 | Use WHEN OTHERS in exception management |
medium
|
| 1596 | Avoid using "nullable" Columns except in the last position in a Table |
medium
|
| 1598 | Avoid Rule HINT /*+ rule */ or --+ rule in PL/SQL code |
medium
|
| 2230 | DEPRECATED: Use of style sheets (JEE) |
medium
|
| 2232 | Pages should use error handling page |
medium
|
| 2242 | DEPRECATED: Avoid direct definition of JavaScript Functions in a Web page (JEE) |
medium
|
| 2278 | DEPRECATED: Check the use of "foreach" custom tag library |
medium
|
| 2280 | DEPRECATED: Avoid using Document.all collection |
medium
|
| 2564 | Use a single Error Handling Method |
medium
|
| 2590 | Avoid using "On error Resume Next" in the Class event terminate |
medium
|
| 3062 | Use of error handling page |
medium
|
| 3064 | Avoid use of Session variables from Session_OnEnd |
medium
|
| 3612 | Avoid missing release of SQL connection after an effective lifetime (C#, VB.NET) |
critical
|
| 3614 | Avoid using String.Empty for empty string tests |
medium
|
| 4064 | Avoid Procedures using an Insert, Update, Delete, Create Table or Select without including error management |
high
|
| 4066 | Avoid Stored Procedures not returning a status value |
medium
|
| 4070 | Avoid use of "truncate table" |
high
|
| 4084 | Avoid nested Stored Procedures using temporary Tables |
medium
|
| 4598 | Avoid using 'java.lang.Runtime.exec()' |
high
|
| 4600 | Avoid using Exit and Halt Methods on a Web/Application Server |
high
|
| 4604 | Avoid using 'java.lang.Error' |
medium
|
| 4612 | Avoid using native Methods (JNI) |
medium
|
| 4618 | Avoid instantiating a Boolean object |
medium
|
| 4652 | Avoid direct Class inheritance from java.lang.Throwable |
medium
|
| 4656 | Avoid declaring an exception in the method signature and not throwing it |
medium
|
| 4694 | Avoid using 'System.gc' and 'Runtime.gc' |
high
|
| 4696 | DEPRECATED: Avoid using 'System.err' and 'System.out' within a try catch block |
medium
|
| 4698 | DEPRECATED: Avoid using 'System.err' and 'System.out' outside a try catch block |
medium
|
| 4702 | Avoid using 'Throwable.printStackTrace()' with no argument |
medium
|
| 4704 | Avoid using Vector |
medium
|
| 4706 | Avoid using Hashtable |
medium
|
| 4744 | DEPRECATED: EJB Entity access through their local Interface |
high
|
| 4746 | DEPRECATED: EJB Session access through their local Interface |
high
|
| 5050 | Avoid using HANDLE CONDITION |
medium
|
| 5052 | Avoid using IGNORE CONDITION |
medium
|
| 5054 | Avoid using HANDLE ABEND |
medium
|
| 5056 | Using SEARCH ALL only with sorted data |
medium
|
| 5058 | Avoid using SORT |
medium
|
| 5060 | Avoid using MERGE |
medium
|
| 5072 | Avoid DISPLAY ... UPON CONSOLE |
medium
|
| 5092 | Include a WHEN OTHER clause when using EVALUATE |
medium
|
| 5550 | Avoid having joins with more than 4 Tables |
medium
|
| 5554 | Avoid having SQL code in Triggers named "pre-record" |
medium
|
| 6184 | Avoid Artifacts with Subqueries (Power Builder) |
high
|
| 7130 | Avoid Artifacts with High Depth of Nested Subqueries |
medium
|
| 7152 | Avoid Fields in Servlet Classes that are not final static |
high
|
| 7154 | Struts1: Avoid Struts Fields in Action Classes that are not final static |
high
|
| 7194 | DEPRECATED: Avoid large number of String concatenation (.NET) |
medium
|
| 7196 | Avoid large number of String concatenation (JEE) |
medium
|
| 7198 | Avoid String concatenation in loops (.NET) |
medium
|
| 7200 | Avoid String concatenation in loops |
medium
|
| 7202 | Avoid using '==' and '!=' to compare objects |
high
|
| 7204 | Avoid method invocation in a loop termination expression |
medium
|
| 7206 | Avoid the use of Instanceof inside loops |
medium
|
| 7208 | DEPRECATED: Avoid the use of is inside loops |
medium
|
| 7210 | Avoid instantiations inside loops |
high
|
| 7212 | Avoid instantiations inside loops (.NET) |
high
|
| 7218 | Avoid OPEN/CLOSE inside loops |
critical
|
| 7250 | Avoid String initialization with String object (created using the 'new' keyword) |
medium
|
| 7252 | Call 'super.finalize ()' in the "finally" block of 'finalize ()' methods |
medium
|
| 7254 | Declare as Static all methods not using instance members |
medium
|
| 7256 | Provide a private default Constructor for utility Classes |
medium
|
| 7258 | DataReader must be called using CommandBehavior.CloseConnection enumeration |
medium
|
| 7266 | Call 'base.Dispose()' or 'MyBase.Finalize()' in the "finally" block of 'Dispose(bool)' methods |
medium
|
| 7268 | Dispose() methods should call GC.SuppressFinalize |
medium
|
| 7270 | Methods that do not use instance fields\methods should be static (.NET) |
medium
|
| 7272 | Provide a private default Constructor for utility Classes (.NET) |
medium
|
| 7344 | Avoid "SELECT *" queries |
medium
|
| 7346 | Avoid redundant indexes |
medium
|
| 7348 | Avoid too many Indexes on one Table |
medium
|
| 7350 | Avoid Tables having Indexes with a too large Index definition |
medium
|
| 7352 | Avoid calling properties that clone values in loops |
medium
|
| 7358 | Avoid call to AcceptChanges in a loop |
critical
|
| 7366 | File descriptor block must be defined with 0 record |
critical
|
| 7368 | When using binary data items (COMP), then use the SYNCHRONIZED clause |
medium
|
| 7378 | Avoid include JavaScript Files |
medium
|
| 7386 | Avoid Tables without a clustered Index |
medium
|
| 7418 | Avoid SQL queries using functions on indexed columns in the WHERE clause |
medium
|
| 7420 | Avoid SQL queries with implicit conversions in the WHERE clause |
medium
|
| 7424 | Avoid using SQL queries inside a loop |
critical
|
| 7428 | Avoid SQL queries not using the first column of a composite index in the WHERE clause |
medium
|
| 7436 | Prefer UNION ALL to UNION |
medium
|
| 7438 | Avoid non thread safe singleton |
high
|
| 7442 | Avoid to use keyword 'this' within Constructor in multi-thread environment |
high
|
| 7444 | Avoid Using Non-Serialized Beans with Session Scope |
medium
|
| 7446 | Avoid double checked locking for JSE 4.x and previous version |
high
|
| 7466 | Avoid changing DataSource member before ValueMember/DisplayMember |
high
|
| 7468 | Disable constraints before merging DataSet |
medium
|
| 7470 | DEPRECATED: Avoid doing select on Datatable in loop |
high
|
| 7474 | Avoid Repainting When Updating a ListBox |
medium
|
| 7476 | Turn off "Multiple SQL statements for each measure" |
high
|
| 7480 | Use aggregate awareness for indicators |
medium
|
| 7482 | Do not use Cartesian products in Universe properties |
high
|
| 7486 | Split universes of more than X MB |
medium
|
| 7488 | DEPRECATED: Lazy fetching should be used for Hibernate collection |
high
|
| 7490 | DEPRECATED: Avoid UPDATE trigger firing when not necessary |
high
|
| 7494 | Persistent class method's equals() and hashCode() must access its fields through getter methods |
high
|
| 7496 | DEPRECATED: Use table-per-subclass strategy when subclasses have many properties |
medium
|
| 7498 | DEPRECATED: Avoid Incorrect implementation of getters and setters for Collection Type |
medium
|
| 7500 | DEPRECATED: Use table-per-class-hierarchy when subclasses have few properties |
medium
|
| 7502 | DEPRECATED: Never use an array to map Hibernate collection |
high
|
| 7504 | Persistent classes should Implement hashCode() and equals() |
high
|
| 7506 | equals() and hashCode() should be defined for Hibernate/JPA component |
high
|
| 7508 | DEPRECATED: Getter of collection-typed persistent attributes should return the correct interface type |
medium
|
| 7518 | Avoid missing WHEN OTHERS in CASE statements |
medium
|
| 7520 | Avoid unchecked return code (SY-SUBRC) after OPEN SQL or READ statement |
high
|
| 7528 | Never use the ON CHANGE OF statement |
medium
|
| 7530 | Avoid "SELECT *" or "SELECT SINGLE *" queries |
medium
|
| 7532 | Avoid nested SELECT ... ENDSELECT statements |
high
|
| 7534 | Avoid READ TABLE without BINARY SEARCH |
high
|
| 7536 | Avoid using AT Events in combination of LOOP AT .... WHERE constructs |
high
|
| 7538 | DEPRECATED: Avoid using SELECT ... INTO CORRESPONDING FIELDS OF |
high
|
| 7542 | Avoid using FOR ALL ENTRIES IN without emptiness check |
medium
|
| 7544 | Avoid using SELECT ... ENDSELECT statement |
medium
|
| 7548 | Never use incompatible statements with the CICS environment |
high
|
| 7556 | Avoid instanceof in Methods that override or implement Object.equals(), Comparable.compareTo() |
medium
|
| 7562 | Avoid static Field of type collection |
medium
|
| 7572 | Avoid accessing multiple times the same SAP Table or View in an SAP include (DELETE) |
medium
|
| 7576 | Avoid accessing multiple times the same SAP Table or View in an SAP include (INSERT) |
medium
|
| 7578 | Avoid accessing multiple times the same SAP Table or View in an SAP include (UPDATE) |
medium
|
| 7580 | Avoid accessing multiple times the same SAP Table or View in an SAP Program (DELETE) |
medium
|
| 7582 | Avoid accessing multiple times the same SAP Table or View in an SAP Program (INSERT) |
medium
|
| 7584 | Avoid accessing multiple times the same SAP Table or View in an SAP Program (UPDATE) |
medium
|
| 7586 | Avoid cyclic calls between Event and its handled Method |
medium
|
| 7592 | Avoid using "ORDER BY" in SELECTS |
medium
|
| 7594 | Avoid using "SELECT DISTINCT", use DELETE-ADJACENT |
medium
|
| 7634 | DEPRECATED: Avoid Hibernate Entity with 'select-before-update' set to true if not associated to table that fires an UPDATE trigger. |
high
|
| 7636 | DEPRECATED: Prefer using version number instead of timestamp for Hibernate Entity |
medium
|
| 7638 | Avoid directly managing the connection to the database by using DriverManager |
medium
|
| 7640 | Avoid using catch blocks with assertion |
medium
|
| 7642 | Avoid SQL queries on XXL tables not using the first column of a composite index in the WHERE clause |
high
|
| 7644 | Avoid executing multiple OPEN statements |
medium
|
| 7648 | Avoid an explicit call to finalize() |
medium
|
| 7650 | All types of a serializable Class must be serializable |
medium
|
| 7652 | Avoid throwing an exception in a catch block without chaining it |
medium
|
| 7658 | Avoid SQL queries on XXL Tables using Functions on indexed Columns in the WHERE clause |
high
|
| 7660 | Never use SQL queries with a cartesian product on XXL Tables |
high
|
| 7662 | Avoid SQL queries on XXL Tables with implicit conversions in the WHERE clause |
high
|
| 7664 | Avoid using FOR ALL ENTRIES IN without emptiness check on XXL Tables |
medium
|
| 7666 | Avoid using SELECT ... ENDSELECT statement on XXL Tables |
medium
|
| 7668 | DEPRECATED: Avoid using DOM parser for large or medium sized XML file parsing |
medium
|
| 7688 | Never truncate data in MOVE statements |
critical
|
| 7690 | Avoid unchecked return code (SQLCODE) after EXEC SQL query |
high
|
| 7692 | Each opened file must be closed |
medium
|
| 7698 | Files should be declared with a FILE-STATUS |
medium
|
| 7702 | Hibernate-provided implementations from third parties should be used for connection pool |
medium
|
| 7708 | DEPRECATED: Avoid using session.setFlushMode(FlushMode.COMMIT, FlushMode.NEVER or FlushMode.MANUAL) |
medium
|
| 7710 | DEPRECATED: Avoid non serializable Entity beans |
medium
|
| 7712 | DEPRECATED: Avoid public/protected setter for the generated identifier field |
medium
|
| 7720 | DEPRECATED: Avoid too many EJB beans |
medium
|
| 7722 | Avoid using persistent class's identifier in equals() method |
high
|
| 7724 | Overriden equals() Methods in persistent Subclasses should only reference properties from the persistent base Class |
high
|
| 7728 | Avoid thread creation for application running on application server |
critical
|
| 7730 | Always use declarative transaction |
medium
|
| 7734 | Avoid using debug() method without calling isDebugEnabled() method |
medium
|
| 7756 | Avoid using READ statement without AT END clause or INVALID KEY clause |
medium
|
| 7782 | Avoid empty finally blocks |
medium
|
| 7788 | Avoid empty catch blocks |
high
|
| 7790 | Avoid Cursors inside a loop |
critical
|
| 7806 | Avoid Artifacts with Group By |
medium
|
| 7808 | Avoid Artifacts with SQL statement including subqueries |
medium
|
| 7810 | Avoid Artifacts with a Complex SELECT Clause |
medium
|
| 7820 | Never use SQL queries with a cartesian product |
medium
|
| 7822 | Avoid Artifacts with queries on more than 4 Tables |
medium
|
| 7824 | Avoid directly throwing instance of Exception class |
high
|
| 7828 | Avoid Artifacts with High RAW SQL Complexity |
medium
|
| 7850 | Avoid raising an exception in a Web Dynpro Supply Function or in a Method called by a Supply Function |
medium
|
| 7858 | Avoid passing parameter by value |
medium
|
| 7862 | Avoid catching an exception of type Exception, RuntimeException, or Throwable |
medium
|
| 7864 | BAPIs must not cause the Program to abort or terminate |
high
|
| 7866 | Avoid SELECT ... BYPASSING BUFFER |
medium
|
| 7868 | Avoid Open SQL queries in loops |
critical
|
| 7870 | Avoid using the NOT LIKE operator in WHERE clauses |
medium
|
| 7872 | Avoid using IS [NOT] NULL in WHERE condition |
medium
|
| 7876 | Avoid using SELECT ... FOR UPDATE |
medium
|
| 7878 | Avoid Open SQL SELECT queries without WHERE condition |
high
|
| 7880 | Avoid nested loops |
medium
|
| 7884 | Avoid disabling source code inspection |
medium
|
| 7888 | Web Dynpro - Never use direct calls to routine via "me->", use "wd_This->" instead |
medium
|
| 7890 | Web Dynpro - Never use INCLUDE statement |
high
|
| 7892 | Web Dynpro - Avoid changing the program flow |
high
|
| 7894 | Avoid using LOOP INTO, use LOOP ASSIGNING instead |
medium
|
| 7902 | Avoid SQL queries that no index can support |
medium
|
| 7904 | Avoid SQL queries on XXL tables that no index can support |
high
|
| 7910 | Never exit a finally block with a return, break, continue, or throw statements |
high
|
| 7922 | Avoid usage of 'std::find_first_of' |
medium
|
| 7924 | Avoid defining Functions with 'struct' or 'class' parameters passed by value |
medium
|
| 7926 | Abstract Classes should be non copy-assignable |
medium
|
| 7932 | Avoid Constructors not supplying an initial value for all non-static data members |
medium
|
| 7936 | DEPRECATED: Avoid using finalize() |
high
|
| 7940 | Avoid accumulating Stateful Beans |
high
|
| 7942 | Avoid EJBs using 'synchronized' qualifier, 'wait', 'notify' and 'notifyAll' Methods |
medium
|
| 7946 | Avoid queries using old style join convention instead of ANSI-Standard joins |
medium
|
| 7948 | Do not mix Ansi joins syntax with Oracle proprietary joins syntax in the same query |
medium
|
| 7950 | Avoid definition of synonym as PUBLIC in PL/SQL context |
medium
|
| 7952 | Avoid synonym with both private & PUBLIC Definition in PL/SQL context |
medium
|
| 7954 | Avoid indirect String concatenation inside loops |
high
|
| 7956 | DEPRECATED:Avoid indirect exception handling inside loops |
medium
|
| 7958 | Avoid orphaned synonyms in PL/SQL context |
medium
|
| 7960 | Avoid looping chain of synonyms in PL/SQL context |
medium
|
| 7962 | Avoid direct or indirect remote calls inside a loop |
critical
|
| 7964 | Avoid directly instantiating a Class used as a managed bean |
high
|
| 7996 | Provide a private default Constructor for utility Classes or use free Functions in a Namespace |
medium
|
| 7998 | Avoid local variables that are not initialized at declaration time |
medium
|
| 8000 | Avoid 'catch-all' statement |
medium
|
| 8002 | Never perform C-style cast between incompatible Class pointers |
medium
|
| 8004 | Avoid using 'delete this' |
medium
|
| 8006 | Avoid Classes with a copy Constructor and the default Destructor or assignment operator |
medium
|
| 8010 | Do not overload the ampersand, comma, logical AND or logical OR operators |
medium
|
| 8012 | Avoid unchecked return code (SY-SUBRC) after opening and reading dataset |
medium
|
| 8014 | Avoid unchecked return code (SY-SUBRC) after AUTHORITY-CHECK |
high
|
| 8024 | Avoid Classes with a non-empty Destructor and the default assignment operator or copy Constructor |
medium
|
| 8026 | Avoid Classes with an assignment operator and the default Destructor or copy constructor |
medium
|
| 8028 | Avoid missing default in switch statements |
medium
|
| 8030 | Check alphanumeric data before moving it into numeric data |
medium
|
| 8034 | Working-Storage variables must be initialized before being read |
medium
|
| 8036 | Avoid improperly written triangular joins with XXL tables in PL/SQL code |
medium
|
| 8048 | Invoke 'delete' with the same form as the matching 'new' |
high
|
| 8052 | Avoid setting a pointer to the address of a local variable defined in a lower scope |
high
|
| 8054 | Avoid calling blocking functions with an infinite timeout |
medium
|
| 8056 | Method override fails due to mismatch of const/volatile qualifiers |
medium
|
| 8064 | Assignment operator should assign all non-static members of the target object |
medium
|
| 8068 | Do not return a dereferenced pointer allocated inside the function |
high
|
| 8072 | Never define collection of 'std::auto_ptr' |
high
|
| 8074 | Avoid using 'class' or 'struct' parameters with variadic Functions |
medium
|
| 8080 | Avoid exists independent clauses |
high
|
| 8082 | Avoid Tables without Primary Key |
high
|
| 8090 | Avoid using NaN to test the result of an expression |
high
|
| 8094 | Avoid locking of Objects with weak identities |
medium
|
| 8096 | Avoid testing floating point numbers for equality |
high
|
| 8100 | Blocking synchronous calls should have associated timeouts |
medium
|
| 8104 | Avoid missing release of SQL connection after an effective lifetime (JEE) |
critical
|
| 8106 | Avoid empty IF-ENDIF blocks |
high
|
| 8108 | Avoid missing release of stream connection after an effective lifetime |
critical
|
| 8110 | Avoid not using dedicated stored procedures when processing multiple data accesses |
high
|
| 8112 | Avoid improper processing of the execution status of data handling operations |
high
|
| 8114 | Avoid data corruption during incompatible mutation (ABAP) |
medium
|
| 8120 | Avoid using CALL FUNCTION without error handling |
medium
|
| 8122 | Avoid using CALL METHOD without error handling |
medium
|
| 8124 | Do not use function module DB_EXISTS_INDEX (HANA) |
medium
|
| 8126 | Avoid using empty SELECT ... ENDSELECT loop |
high
|
| 8130 | Avoid using database hints |
medium
|
| 8132 | Avoid using CHECK, EXIT,or RETURN in SELECT ... ENDSELECT loops |
critical
|
| 8134 | Avoid unsorted data after SELECT queries |
high
|
| 8136 | CDI Beans with normal scope must be proxyable to avoid runtime errors |
high
|
| 8140 | Subscripts and iterators must be defined with BINARY usage |
medium
|
| 8142 | Prefer using indexes instead of subscripts |
medium
|
| 8144 | Avoid using INITIALIZE statement on data structures |
medium
|
| 8146 | Avoid calling programs statically |
medium
|
| 8150 | Avoid using Parse for primitive types and used instead TryParse |
medium
|
| 8154 | Avoid using GC.Collect() |
high
|
| 8156 | Persistent classes should implement GetHashCode() and Equals() |
high
|
| 8158 | Avoid thread creation for application running on application server |
critical
|
| 8160 | Check PCB status code after DLI queries |
medium
|
| 8162 | CICS return code should be checked |
medium
|
| 8214 | Avoid operating on resource after expiration or release |
high
|
| 8216 | Avoid using incompatible mutation |
high
|
| 8218 | DEPRECATED: Content type should be checked when receiving a HTTP Post |
critical
|
| 8220 | Avoid using deprecated method, constructor, field, type or package |
medium
|
| 8240 | Avoid using unsecured cookie |
critical
|
| 8400 | Avoid having lock on this object |
medium
|
| 8402 | All types of a serializable class must be serializable |
medium
|
| 8412 | "CX_ROOT" should not be used in TRY .. CATCH.. ENDTRY block |
high
|
| 8414 | Avoid weak cryptographic algorithm |
high
|
| 8416 | Avoid use of a reversible one-way hash |
high
|
| 8422 | Avoid Using COMMIT WORK or ROLLBACK WORK during update work process |
high
|
| 8424 | Avoid using hard-coded HMAC keys |
critical
|
| 8430 | Avoid using hard-coded seed or no seed at all for random values generation |
high
|
| 8432 | Avoid Cross-Client Database Access using Open SQL statements with CLIENT SPECIFIED/USING CLIENT addition |
high
|
| 8464 | Avoid Open SQL SELECT queries without WHERE condition on XXL Tables |
high
|
| 8470 | Avoid using STRING without overflow check |
high
|
| 8476 | Avoid calling unsafe C library functions from COBOL |
critical
|
| 8478 | Avoid Buffer Overruns when using ADD, SUBTRACT, MULTIPLY, DIVIDE & COMPUTE statement inside a loop |
critical
|
| 8554 | Avoid using insufficient random generator |
critical
|
| 8568 | Avoid calculated fields in WHERE-clauses and ON-clauses of CDS views (S4/HANA) |
medium
|
| 8572 | Avoid using SUBMIT statement with another user permission |
high
|
| 8580 | Avoid using GENERATE SUBROUTINE POOL statement without Authorization Check |
high
|
| 8584 | Prefer using OPEN DATASET statement with file Path instead of file name |
high
|
| 1001104 | Avoid PLI Main procedures using variables with ALLOCATE and without FREE (PL1) |
medium
|
| 1001106 | Avoid using PLI Main Procedures using FIXED variable type declaration (PL1) |
medium
|
| 1001108 | Avoid PLC Copybooks using variables with ALLOCATE and without FREE (PL1) |
medium
|
| 1001110 | Avoid PLC Copybooks using FIXED variable type declaration (PL1) |
medium
|
| 1001112 | Avoid Functions and Procedures not using the REORDER option (PL1) |
medium
|
| 1001114 | Avoid Functions and Procedures using BLKSIZE or RECSIZE (PL1) |
medium
|
| 1001116 | Avoid Function and Procedures using Builtin Function "String" (PL1) |
medium
|
| 1001118 | Avoid Programs not using explicitly OPEN and CLOSE files (PL1) |
medium
|
| 1001120 | Avoid Functions and Procedures having subscripts used in arrays or in do loops and not declared as BINARY FIXED(31) (PL1) |
medium
|
| 1001122 | Avoid Functions and Procedures using BIN FIXED(15) instead of BIN FIXED(31) for all local variables (PL1) |
medium
|
| 1001124 | Avoid Main Procedures having SQL queries using NOT IN (PL1) |
high
|
| 1001126 | Avoid Main Procedures having SQL queries using NOT EXISTS (PL1) |
medium
|
| 1001128 | Avoid Main Procedures having queries with joins on more than 4 Tables (PL1) |
medium
|
| 1001130 | Avoid Main Procedures with High Raw SQL Complexity (SQL complexity greater than X) (PL1) |
medium
|
| 1001132 | Avoid Main Procedures having complex queries (PL1) |
medium
|
| 1001134 | Avoid Main Procedures using GROUP BY statement (PL1) |
medium
|
| 1001136 | Avoid Main Procedures having "SELECT * FROM ..." clause (PL1) |
high
|
| 1001138 | Avoid Functions and Procedures having cursors declared with "FOR FETCH ONLY" clause not having "WITH ROWSET POSITIONING" also specified (PL1) |
high
|
| 1001140 | Avoid Functions and Procedures with DB2 SQL containing the builtin function UPPER, LOWER or SUBSTR in the WHERE clause (PL1) |
high
|
| 1001142 | Avoid Functions and Procedures with DB2 SQL containing "UNION" clause without "ALL" option (PL1) |
medium
|
| 1001144 | Avoid Functions and Procedures with "OR" logical operator in DB2 queries and in cursor definitions (PL1) |
medium
|
| 1001146 | Avoid Programs having cursors that doesn't contain the "FOR UPDATE" clause and not containing the "FOR READ ONLY" or "FOR FETCH ONLY" clause (PL1) |
medium
|
| 1001148 | Avoid Main Procedures not having an ON ERROR clause (PL1) |
high
|
| 1001150 | Avoid Functions and Procedures having a SELECT without the default OTHERWISE clause (PL1) |
medium
|
| 1001152 | Avoid Programs having files declared as RECORD INPUT or RECORD UPDATE and not having the ON EOF or ON ENDFILE statement (PL1) |
medium
|
| 1001154 | Avoid Programs having files declared and not having the ON UNDF or ON UNDEFINEDFILE statement except SYSPRINT and SYSIN (PL1) |
medium
|
| 1001156 | Avoid PL1 Errors Blocks having ON ERROR SYSTEM blocks and not containing and displaying ONCODE and ONLOC (PL1) |
medium
|
| 1001158 | Avoid Functions and Procedures not testing the SQLCODE return code after each SQL statement (PL1) |
high
|
| 1001172 | Avoid Programs overriding the *PROCESS statement (PL1) |
medium
|
| 1001174 | Avoid Programs declaring STATIC variables (PL1) |
medium
|
| 1001176 | Avoid Programs having FIXED without BIN or BINARY or DEC or DECIMAL.The character "(" is mandatory. (PL1) |
medium
|
| 1002016 | Process the default case in the instruction SELECT CASE in Fortran-90 Programs (FORTRAN) |
medium
|
| 1002018 | Process the default case in the instruction SELECT CASE in Fortran-90 Subroutines (FORTRAN) |
medium
|
| 1002020 | Process the default case in the instruction SELECT CASE in Fortran-90 Functions (FORTRAN) |
medium
|
| 1002022 | Process the default case in the instruction SELECT CASE in Fortran-90 Modules (FORTRAN) |
medium
|
| 1002096 | Avoid using global SAVE in Fortran-90 Subroutines (FORTRAN) |
medium
|
| 1002098 | Avoid using global SAVE in Fortran-90 Functions (FORTRAN) |
medium
|
| 1002100 | Avoid using global SAVE in Fortran-90 Modules (FORTRAN) |
medium
|
| 1002102 | Limit the use of the attribute ALLOCATE in Fortran-90 Programs (FORTRAN) |
medium
|
| 1002104 | Limit the use of the attribute ALLOCATE in Fortran-90 Subroutines (FORTRAN) |
medium
|
| 1002106 | Limit the use of the attribute ALLOCATE in Fortran-90 Functions (FORTRAN) |
medium
|
| 1002108 | Limit the use of the attribute ALLOCATE in Fortran-90 Modules (FORTRAN) |
medium
|
| 1002142 | Unavoid un-deallocated variables or arrays in Fortran-90 Modules (FORTRAN) |
medium
|
| 1002144 | Unavoid un-deallocated variables or arrays in Fortran-90 Programs (FORTRAN) |
medium
|
| 1002146 | Unavoid un-deallocated variables or arrays in Fortran-90 Subroutines (FORTRAN) |
medium
|
| 1002148 | Unavoid un-deallocated variables or arrays in Fortran-90 Functions (FORTRAN) |
medium
|
| 1002208 | All Read and Write statements in Programs must use the return code IOSTAT (FORTRAN) |
medium
|
| 1002210 | All Read and Write statements in Subroutines must use the return code IOSTAT (FORTRAN) |
medium
|
| 1002212 | All Read and Write statements in Functions must use the return code IOSTAT (FORTRAN) |
medium
|
| 1002214 | All Read and Write statements in Modules must use the return code IOSTAT (FORTRAN) |
medium
|
| 1002238 | Avoid untested Return Code variables after Read or Write in Programs (FORTRAN) |
medium
|
| 1002240 | Avoid untested Return Code variables after Read or Write in Subroutines (FORTRAN) |
medium
|
| 1002242 | Avoid untested Return Code variables after Read or Write in Functions (FORTRAN) |
medium
|
| 1002244 | Avoid untested Return Code variables after Read or Write in Modules (FORTRAN) |
medium
|
| 1002246 | Avoid untested Return Code variables after ALLOCATE in Programs (FORTRAN) |
medium
|
| 1002248 | Avoid untested Return Code variables after ALLOCATE in Subroutines (FORTRAN) |
medium
|
| 1002250 | Avoid untested Return Code variables after ALLOCATE in Functions (FORTRAN) |
medium
|
| 1002252 | Avoid untested Return Code variables after ALLOCATE in Modules (FORTRAN) |
medium
|
| 1002280 | Avoid using global SAVE in Fortran-90 Programs (FORTRAN) |
medium
|
| 1002282 | All ALLOCATE statements in Fortran-90 Programs must use the return code STAT (FORTRAN) |
medium
|
| 1002284 | All ALLOCATE statements in Fortran-90 Subroutines must use the return code STAT (FORTRAN) |
medium
|
| 1002286 | All ALLOCATE statements in Fortran-90 Functions must use the return code STAT (FORTRAN) |
medium
|
| 1002288 | All ALLOCATE statements in Fortran-90 Modules must use the return code STAT (FORTRAN) |
medium
|
| 1003074 | Cairngorm: Avoid modelLocator that is Bindable at a class level (Flex) |
medium
|
| 1003076 | Avoid adding or removing displayable children from updateDisplayList (Flex specific) (Flex) |
medium
|
| 1003078 | Avoid popup using dynamic filters (Flex) |
medium
|
| 1003080 | Avoid complex constructor (Flex) |
medium
|
| 1003082 | Avoid Instantiating a variable in a loop (Flex) |
medium
|
| 1003084 | Avoid recursive StyleManager call (Flex) |
medium
|
| 1003086 | Avoid empty catch statement (Flex) |
medium
|
| 1003088 | Avoid calling Alert.show directly (Flex) |
medium
|
| 1003138 | Avoid BindingUtils class (Flex) |
medium
|
| 1003140 | Avoid use of ChangeWatcher class (Flex) |
medium
|
| 1003142 | Cairngorm: Avoid CairngormEventDispatcher called explicitly (Flex) |
medium
|
| 1003144 | Cairngorm: Avoid more than one reference of ModelLocator per class (Flex) |
medium
|
| 1003146 | Avoid calling callLater explicitly (Flex specific) (Flex) |
medium
|
| 1003148 | Avoid clone method not overridden in a custom event (Flex) |
medium
|
| 1003150 | Avoid event dispatched from a constructor (Flex) |
medium
|
| 1003152 | Avoid dispatching events using hard-coded strings (Flex) |
medium
|
| 1003154 | Avoid listening to events using hard-coded strings (Flex) |
medium
|
| 1003156 | Avoid partial source code delivery of application (Flex) |
medium
|
| 1003158 | Avoid event without type specified (Flex) |
medium
|
| 1003160 | Avoid conditions with hard-coded boolean values (Flex) |
medium
|
| 1003162 | Avoid dynamic class (Flex) |
medium
|
| 1003164 | Avoid dynamic (Object) type fields (Flex) |
medium
|
| 1003166 | Avoid dynamic (Object) type variables (Flex) |
medium
|
| 1003168 | Avoid using Object class in methods' parameters (Flex) |
medium
|
| 1003172 | Avoid * and use strongly typed objects instead in fields (Flex) |
medium
|
| 1003174 | Avoid * and use strongly typed objects instead in variables (Flex) |
medium
|
| 1003176 | Avoid array-type field without ArrayElementType metadata (Flex) |
medium
|
| 1003178 | Avoid incorrect message interceptor signature (Flex) |
medium
|
| 1003180 | Avoid packages having artifacts with misplaced metadata (Flex) |
medium
|
| 1003182 | Avoid classes having artifacts with misplaced metadata (Flex) |
medium
|
| 1003184 | Avoid redundant type metadata argument for handler type (Flex) |
medium
|
| 1003186 | Avoid redundant method metadata argument for handler (Flex) |
medium
|
| 1003188 | Avoid packages having artifacts with unknown metadata attribute (Flex) |
medium
|
| 1003190 | Avoid classes having artifacts with unknown metadata attribute (Flex) |
medium
|
| 1003192 | Avoid globally bindable classes (Flex) |
medium
|
| 1003194 | Avoid constructor with void return type specification (Flex) |
medium
|
| 1003196 | Avoid switch statement without a default case (Flex) |
medium
|
| 1005030 | Avoid "SELECT *" queries (EGL) |
medium
|
| 1005044 | Avoid Opening Cursor in a loop (EGL) |
critical
|
| 1005046 | Avoid using string datatype (EGL) |
medium
|
| 1005048 | Avoid using Unicode or dbCHar datatypes (EGL) |
medium
|
| 1005050 | Avoid using Programs having textLiteralDefaultIsString property set to YES (EGL) |
medium
|
| 1005052 | Avoid using copyStr and compareStr functions (EGL) |
medium
|
| 1005054 | Avoid using prepare statement (EGL) |
high
|
| 1005056 | Always specify a result set id when doing result set operations like Open/get next or open for update/replace (EGL) |
medium
|
| 1005058 | Avoid functions having UNION instead of UNION ALL (EGL) |
medium
|
| 1005060 | Avoid using GROUP BY in SQL statement (EGL) |
medium
|
| 1005062 | Avoid Artifacts with a Complex SELECT Clause (EGL) |
medium
|
| 1005064 | Avoid Artifacts With Queries on too many Tables (EGL) |
medium
|
| 1005066 | Avoid Artifacts with Subqueries (EGL) |
medium
|
| 1005068 | Avoid SQL query outside try-on block (EGL) |
high
|
| 1005070 | Avoid Program calls without checking the return code (EGL) |
high
|
| 1005072 | Enable Exception for migrated programs - throwNrfEofExceptions property must be set to YES (EGL) |
medium
|
| 1005074 | Avoid having handleHardIOErrors property enabled (EGL) |
medium
|
| 1005076 | Avoid having V60ExceptionCompatibility property set to NO (EGL) |
medium
|
| 1005078 | Avoid program calls outside a try end block (EGL) |
high
|
| 1005082 | Avoid declaring null arrays; prefer to set to empty (EGL) |
medium
|
| 1005084 | Avoid using parameters on the Record column level (EGL) |
high
|
| 1005086 | Avoid functions having creator to prefix table names in SQL statements and in SQL records (EGL) |
high
|
| 1005088 | Avoid programs not having the property I4GLItemsNullable set to NO (EGL) |
medium
|
| 1005090 | Avoid Record Column without having the same nullable requirement as the corresponding SQL Table column (EGL) |
medium
|
| 1005092 | Avoid having overrided record declaration with a duplicate declaration in the same application (EGL) |
high
|
| 1006012 | Avoid functions without returning exit code (Shell) |
medium
|
| 1006014 | Function should not be named as UNIX commands (Shell) |
medium
|
| 1007050 | Avoid method invocation in loop termination expression (PHP) |
medium
|
| 1007114 | Avoid unnecessary string concatenations (PHP) |
medium
|
| 1007116 | Avoid artifacts with Object Instantiation in loops (PHP) |
medium
|
| 1007118 | Avoid artifacts with sql statements referring more than 4 Tables (PHP) |
medium
|
| 1007120 | Avoid artifacts with Group By sql statement (PHP) |
medium
|
| 1007122 | Avoid empty catch blocks (PHP) |
high
|
| 1007124 | Avoid artifacts throwing exceptions without @Throws tag in doc comments (PHP) |
medium
|
| 1007166 | Avoid classes without matching __get and __set (PHP) |
medium
|
| 1007172 | Avoid having constructors with return value (PHP) |
medium
|
| 1007176 | Avoid using break or continue statements in loops with high cyclomatic complexity (PHP) |
medium
|
| 1007180 | Use file inclusion based on API suitability (PHP) |
medium
|
| 1007184 | Avoid using size functions inside loops (PHP) |
medium
|
| 1007190 | Avoid using relative path for including files (PHP) |
medium
|
| 1007192 | Avoid using PHP short tags (PHP) |
high
|
| 1007202 | Avoid direct access to superglobals (PHP) |
high
|
| 1007206 | Avoid using @error suppression (PHP) |
high
|
| 1007210 | Avoid using time() to get the system time (PHP) |
medium
|
| 1007218 | Avoid fetching database rows as array and accessing using subscript (PHP) |
medium
|
| 1007220 | Avoid artifacts with "select *" Sql statement (PHP) |
medium
|
| 1007254 | Avoid files that declare both symbols and execute logic with side effects (PHP) |
medium
|
| 1007276 | DEPRECATED: CWE-287: Avoid Cookie Misconfiguration (path) (PHP) |
medium
|
| 1007278 | DEPRECATED: CWE-328: Avoid weak hash functions (PHP) |
medium
|
| 1007280 | DEPRECATED: CWE-214: Avoid System Information Leakage (PHP) |
medium
|
| 1007282 | DEPRECATED: CWE-614: Avoid Cookie Misconfiguration (secure flag) (PHP) |
medium
|
| 1007284 | DEPRECATED: CWE-200: Avoid Cookie Misconfiguration (httpOnly flag) (PHP) |
medium
|
| 1007286 | DEPRECATED: CWE-242: Avoid PHP Dangerous Feature (PHP) |
medium
|
| 1007288 | DEPRECATED: CWE-489: Avoid debug code in the production system (PHP) |
medium
|
| 1008074 | Specify Error Subroutine for File Exception Handling (RPG400) |
medium
|
| 1008076 | Specify Program Status Data Area (RPG400) |
medium
|
| 1009074 | Specify Error Subroutine for File Exception Handling (RPG300) |
medium
|
| 1012018 | Avoid use of DLYJOB (CL400) |
medium
|
| 1012020 | Avoid use of RCLRSC (CL400) |
medium
|
| 1012022 | Avoid use of *NOMAX (CL400) |
high
|
| 1012024 | Avoid use of OPNQRYF (CL400) |
medium
|
| 1012026 | Do not use MONMSG CPF0000 without EXEC (CL400) |
medium
|
| 1018540 | Avoid JMS Synchronous Activities (TIBCO BW) |
high
|
| 1018760 | Avoid AE Schema with Target namespace not defined (TIBCO BW) |
medium
|
| 1018764 | Avoid Processes using JDBC SQL Direct (TIBCO BW) |
medium
|
| 1019004 | Avoid to set client credential type other than Certificate or Windows when using message mode |
medium
|
| 1019006 | Avoid wrong suppressAuditFailure and serviceAuthorizationAuditLevel parameters when enabling WCF service security audit feature |
medium
|
| 1019008 | Avoid not enabling throttling while setting service behavior |
medium
|
| 1019010 | Avoid disabling authentication mode messages when using MSMQ transport security |
medium
|
| 1019012 | Avoid message security without authentication for an anonymous client |
medium
|
| 1019016 | Avoid having the property IncludeExceptionDetailInFaults activated in the source code |
medium
|
| 1020004 | Avoid using querySelectorAll |
critical
|
| 1020006 | Avoid calling a function in a termination loop (Javascript) |
critical
|
| 1020008 | Avoid using for-in loop |
medium
|
| 1020010 | Avoid using forEach() |
medium
|
| 1020012 | Avoid using a web service with WebSocket inside a loop |
critical
|
| 1020014 | Avoid using a web service with XMLHttpRequest inside a loop |
critical
|
| 1020016 | Avoid using too much dot notation in loop |
medium
|
| 1020020 | Avoid blocking page loading with synchronous Javascript import |
medium
|
| 1020038 | Avoid defining and calling functions inside loops |
medium
|
| 1020040 | Avoid using delete with no object properties |
medium
|
| 1020054 | Avoid using delete on arrays |
medium
|
| 1020056 | Avoid using Javascript Document.all collection |
medium
|
| 1020066 | Avoid using Javascript Function constructor |
medium
|
| 1020068 | Avoid return statement in finally block (Javascript) |
high
|
| 1020070 | Avoid hard-coded network resource names (Javascript) |
medium
|
| 1020092 | Avoid direct definition of JavaScript Functions in a Web page (Javascript/HTML5) |
medium
|
| 1020094 | Avoid creating cookie without setting httpOnly option (Javascript) |
high
|
| 1020096 | Avoid using unsecured cookie (Javascript) |
high
|
| 1020098 | Avoid creating cookie with overly broad path (Javascript) |
high
|
| 1020100 | Avoid having cookie with an overly broad domain (Javascript) |
high
|
| 1020102 | Always use JSON.parse & JSON.stringify with try/catch block (Javascript) |
medium
|
| 1020202 | Avoid getter functions of computed properties that do not return any value |
medium
|
| 1020204 | Avoid <textarea> with v-model having child elements |
medium
|
| 1020206 | Avoid using v-for without key |
medium
|
| 1020208 | Avoid using v-if on the same element as v-for |
medium
|
| 1020210 | Avoid using v-show directive inside templates |
medium
|
| 1020212 | Avoid changing parent properties from child components using $parent |
medium
|
| 1020214 | Ensure to turn off and clear event listeners after component is destroyed |
medium
|
| 1020224 | Avoid using the call of web service inside a loop (VueJS) |
critical
|
| 1020300 | Avoid using the call of web service jQuery ajax inside a loop |
critical
|
| 1020302 | Avoid using element type in jQuery |
medium
|
| 1020306 | Always use find for Id->Child nested selectors |
medium
|
| 1020308 | Always cache the returned objects in variables to be reused |
medium
|
| 1020310 | Use "type=" to select elements by type |
medium
|
| 1020314 | Avoid using css() of many elements |
medium
|
| 1020316 | Avoid Universal Selectors |
medium
|
| 1020318 | Avoid using jQuery deprecated methods |
medium
|
| 1020322 | Avoid using Ajax method without dataType with jQuery version older than 3.0.0 |
critical
|
| 1020324 | Avoid using dialog with closeText parameter with jQuery UI version older than 1.12 |
critical
|
| 1020328 | Avoid using html() with jQuery 1.9.0 (or older) |
critical
|
| 1020330 | Avoid using $(location.hash) with jQuery version older than 1.6.3 |
critical
|
| 1020332 | Avoid using .append() after() with jQuery 1.4.2 (or older) |
critical
|
| 1020334 | Avoid using attr() with jQuery 3.0.0-rc1 |
critical
|
| 1020336 | Avoid using Dialog Widget with jQuery UI version older than 1.10.0 |
critical
|
| 1020338 | Avoid using Tooltip widget with jQuery UI version older than 1.10.0 |
critical
|
| 1020340 | Always implement the success/error/complete or done/fail/always callbacks when using jQuery ajax call |
high
|
| 1020342 | Avoid empty jQuery ajax error/fail blocks |
high
|
| 1020450 | Ensure catching Javascript error in React components |
medium
|
| 1020452 | Avoid empty componentDidCatch blocks |
high
|
| 1020500 | Avoid the use of the default JavaScript implementation [].forEach in AngularJS web app |
medium
|
| 1020504 | Avoid using the call of web service with AngularJS $http inside a loop |
critical
|
| 1020514 | Only use the angular.isUndefined or angular.isDefined methods in AngularJS application |
medium
|
| 1020530 | Avoid using !angular.isUndefined() and !angular.isDefined() in AngularJS application |
medium
|
| 1020534 | Avoid using a web service with AngularJS $resource inside a loop |
critical
|
| 1020536 | Avoid using $ or jQuery, use angular.element instead |
medium
|
| 1020538 | Avoid wrapping angular.element objects with jQuery or $ |
medium
|
| 1020540 | Avoid using $http success and error function |
medium
|
| 1020550 | Avoid using "ng-repeat" loop without "track by" option |
critical
|
| 1020554 | Avoid using unsecured cookie (AngularJS) |
high
|
| 1020556 | Avoid creating cookie with overly broad domain (AngularJS) |
high
|
| 1020558 | Avoid creating cookie with overly broad path (AngularJS) |
high
|
| 1020600 | Avoid using namespace "jQuery.sap.*" as deprecated ( SAPUI5) |
medium
|
| 1020602 | Avoid using "sap.ui.model.odata.ODataModel" as deprecated in version: SAPUI5 1.48 |
medium
|
| 1020606 | Prefer using Asynchronous Loading |
medium
|
| 1020608 | Avoid using Controls Hardcoded IDs inside a Controller, Component or JSView (SapUI5) |
high
|
| 1020616 | Create Keys for CRUD Statements (SAPUI5) |
medium
|
| 1020618 | Avoid using "jQuery.sap.storage.Type.local" |
high
|
| 1020700 | Avoid the lack of error handling in the Node.js callbacks |
medium
|
| 1020702 | Avoid using nodejs process.exit() |
medium
|
| 1020704 | Avoid using string concatenation when using __dirname and __filename |
medium
|
| 1020714 | Avoid having multiple routes for the same path with Node.js Express App |
critical
|
| 1020716 | Avoid using the call of web service with Node.js http.get or http.request inside a loop |
critical
|
| 1020732 | Avoid using risky cryptographic hash (Node.js) |
critical
|
| 1020734 | Avoid using unsecured cookie (Node.js) |
high
|
| 1020742 | Avoid creating cookie with overly broad domain (Node.js) |
high
|
| 1020744 | Avoid using TLS library before Node.js 9.11.2 and 10.4.1 |
critical
|
| 1020746 | Avoid using HTTP/2 library with vulnerable versions |
critical
|
| 1020748 | Avoid using the call of data service with Node.js inside a loop |
critical
|
| 1020750 | Avoid using the file path validation with Node.js 8.5.0 |
critical
|
| 1020758 | Avoid using Buffer.fill() and/or Buffer.alloc() with vulnerable versions |
critical
|
| 1020760 | Avoid using Buffer library and UCS-2 encoding with vulnerable versions |
critical
|
| 1020762 | Avoid using url.parse() with vulnerable versions |
critical
|
| 1020764 | Avoid using path library parsing functions with vulnerable versions |
critical
|
| 1020766 | Avoid using Node.js ps library with vulnerable versions |
critical
|
| 1020768 | Avoid using net.Socket object as stream with vulnerable version of Node.js |
critical
|
| 1020770 | Avoid using Node.js query-mysql third-party before 0.0.3 |
critical
|
| 1020774 | Avoid having multiple Artifacts updating data on the same NoSQL Collection (Javascript) |
medium
|
| 1020776 | Avoid having multiple Artifacts inserting data on the same NoSQL Collection (Javascript) |
medium
|
| 1020778 | Avoid having multiple artifacts deleting data on the same NoSQL collections (Javascript) |
medium
|
| 1020780 | Avoid using Node.js synchronous FileSystem API without try/catch block |
medium
|
| 1020800 | Avoid jump statements in finally |
medium
|
| 1020802 | Avoid having errors without throwing them |
medium
|
| 1020804 | Avoid using console logging |
medium
|
| 1020806 | Avoid using NaN in comparison |
medium
|
| 1020814 | Avoid using web service calls inside a loop |
critical
|
| 1020816 | Avoid using output of the function that does not return anything |
medium
|
| 1020822 | Always provide error callbacks when subscribing to HttpClient observables |
medium
|
| 1020826 | Avoid hard-coded network resource names (Typescript) |
high
|
| 1020828 | Avoid String concatenation in loops (Typescript) |
medium
|
| 1020838 | Avoid using Rx.observable.fromEvent without having a debouncetime set |
medium
|
| 1020840 | Avoid using ngFor loop without TrackBy option |
medium
|
| 1020850 | Always handle errors when using ajax with RxJS |
medium
|
| 1020856 | Ensure catching Typescript error in React components |
medium
|
| 1020858 | Avoid empty componentDidCatch blocks (Typescript) |
high
|
| 1020862 | Avoid having cookie with an overly broad domain (TypeScript) |
high
|
| 1020866 | Avoid creating cookie with overly broad path (TypeScript) |
high
|
| 1020872 | Always use JSON.parse & JSON.stringify with try/catch block (TypeScript) |
medium
|
| 1020874 | Avoid the lack of error handling in the Node.js callbacks (TypeScript) |
medium
|
| 1020876 | Avoid using nodejs process.exit() (TypeScript) |
medium
|
| 1020880 | Ensure the express X-Powered-By header is disabled (TypeScript) |
high
|
| 1020886 | Avoid using unsecured cookie with express (TypeScript) |
high
|
| 1020892 | Ensure Node.js filesystem are closed (TypeScript) |
medium
|
| 1020894 | Avoid using string concatenation when using nodejs __dirname and __filename variables (TypeScript) |
medium
|
| 1020896 | Avoid using risky cryptographic hash with nodejs (TypeScript) |
critical
|
| 1020898 | Avoid having multiple routes for the same path with Node.js Express App (TypeScript) |
medium
|
| 1020904 | Avoid using url.parse() with vulnerable nodejs versions (TypeScript) |
critical
|
| 1020906 | Avoid using TLS library before Node.js 9.11.2 and 10.4.1 (TypeScript) |
critical
|
| 1020908 | Avoid using the file path validation with Node.js 8.5.0 (TypeScript) |
critical
|
| 1020910 | Avoid using path library parsing functions with vulnerable nodejs versions (TypeScript) |
critical
|
| 1020912 | Avoid using HTTP/2 library with vulnerable nodejs versions (TypeScript) |
critical
|
| 1020914 | Avoid using Buffer.fill() and/or Buffer.alloc() with vulnerable nodejs versions (TypeScript) |
critical
|
| 1020916 | Avoid using Buffer library and UCS-2 encoding with vulnerable versions (TypeScript) |
critical
|
| 1020918 | Avoid using Node.js query-mysql third-party (TypeScript) |
critical
|
| 1020924 | Avoid using net.Socket object as stream with vulnerable version of Node.js (TypeScript) |
critical
|
| 1020928 | Always unsubscribe events in Angular onDestroy method |
medium
|
| 1021002 | Avoid using a web service with Python httplib HTTPConnection inside a loop |
critical
|
| 1021004 | Avoid using a web service with Python requests inside a loop |
critical
|
| 1021006 | Avoid using a web service with Python aiohttp ClientSession inside a loop |
critical
|
| 1021008 | Avoid using a web service with Python urllib.request inside a loop |
critical
|
| 1021010 | Avoid using a web service with Python urllib2 inside a loop |
critical
|
| 1021012 | Avoid using a web service with Python httplib2 Http inside a loop |
critical
|
| 1021018 | Avoid catch-all except blocks with empty handlers |
high
|
| 1021020 | Avoid using wildcard (*) imports |
medium
|
| 1021024 | Avoid return statement in finally block |
medium
|
| 1021026 | Avoid leaving open file resources (Python) |
high
|
| 1021028 | Avoid empty finally block (Python) |
high
|
| 1021034 | Avoid inconsistent initialization when deriving a new exception |
medium
|
| 1021072 | Avoid shadowing class variables |
medium
|
| 1021074 | Avoid manipulating a list while iterating over it |
medium
|
| 1021076 | Avoid mutable default parameter values |
medium
|
| 1021090 | Avoid using insufficient random generator (Python) |
medium
|
| 1021114 | Ensure the HTTP Strict-Transport-Security header (HSTS) is set up for FastAPI (Python) |
high
|
| 1021116 | Avoid logging sensitive data (Python) |
high
|
| 1021126 | Ensure the HTTP Strict-Transport-Security header (HSTS) is set up for Flask (Python) |
high
|
| 1021130 | Avoid overly permissive Cross-Origin Resource Sharing (CORS) policy (Python) |
high
|
| 1021132 | Avoid observable authentication response discrepancy (Python) |
high
|
| 1022000 | DEPRECATED: Avoid weak encryption algorithm as DES and triple DES |
high
|
| 1022002 | Avoid using RSA Cryptographic algorithms without OAEP (Optimal Asymmetric Encryption Padding) |
high
|
| 1024006 | Always limit the accessibility of your app's Content Provider |
high
|
| 1024020 | Avoid using implicit intent |
high
|
| 1024022 | Always released Media Resources |
medium
|
| 1024024 | Always use HTTPS traffic to particular domains |
high
|
| 1024026 | Avoid using MODE_WORLD_READABLE and MODE_WORLD_WRITEABLE |
medium
|
| 1024034 | Always check all the BiometricPrompt error options in the onAuthenticationError method |
high
|
| 1024038 | Avoid processing Google Sign In Client without catching error |
medium
|
| 1024040 | Always activate unlockedDeviceRequired to avoid data decryption when device is unlocked |
high
|
| 1024042 | Avoid using weak encryption algorithm (Android) |
critical
|
| 1025016 | Avoid using cookie without the HttpOnly flag |
critical
|
| 1025024 | Avoid disabling the expiration time validation of a JWT token |
critical
|
| 1025026 | Avoid disabling the expiration time requirement of a JWT token |
critical
|
| 1025028 | Avoid disabling the signature requirement of a JWT token |
critical
|
| 1025048 | Avoid hard-coded password in connection string |
critical
|
| 1025054 | Avoid plaintext storage of password |
critical
|
| 1025056 | Avoid running SQL queries inside a loop |
critical
|
| 1027000 | Avoid Managed type declaration for Win32 API using Overlapped IO |
medium
|
| 1027004 | Avoid using deprecated XmlTextReader .NET API |
medium
|
| 1027010 | Avoid weak encryption providing insufficient key size (.NET) |
high
|
| 1027012 | Avoid storing Non-Serializable Object as HttpSessionState attributes. |
high
|
| 1027014 | Avoid using Thread API (Suspend\Resume) to manage thread state |
medium
|
| 1027016 | Avoid throwing exceptions in destructors |
high
|
| 1027018 | Avoid throwing exceptions from finally block |
medium
|
| 1027020 | Prefer using Any() over Count() or LongCount() |
medium
|
| 1027022 | Avoid using "new Guid()" |
medium
|
| 1027034 | Never catch NullReferenceException |
medium
|
| 1027036 | Avoid rethrowing exception explicitly |
medium
|
| 1027040 | Avoid using multiple OrderBy calls |
medium
|
| 1027044 | Avoid using SafeHandle.DangerousGetHandle |
critical
|
| 1027048 | Avoid returning null from non-async Task/Task<T> method |
medium
|
| 1027050 | Avoid throwing ArgumentException from yielding method. |
medium
|
| 1027052 | DEPRECATED: Avoid NULL Pointer Dereference (C#, VB.NET) |
medium
|
| 1027054 | Always use System.Uri instead of string to build URLs |
medium
|
| 1027058 | Avoid blocking async methods (.NET, VB) |
medium
|
| 1027066 | Avoid throwing exception from property getters |
medium
|
| 1027068 | Avoid returning null from ToString() |
medium
|
| 1027070 | Avoid if statements and blocks that are always TRUE or FALSE |
medium
|
| 1027078 | Always mark Windows Forms starting point as STAThread |
medium
|
| 1027080 | Always use ConfigureAwait(false) in library code awaited tasks |
medium
|
| 1027082 | Avoid using console logging (.Net) |
medium
|
| 1027084 | Avoid calling CoSetProxyBlanket and CoInitializeSecurity |
high
|
| 1027088 | Avoid non-public custom exception types |
medium
|
| 1027090 | Avoid improper instantiation of argument exceptions |
medium
|
| 1027092 | Always pass optional parameters too, when making 'base' calls |
medium
|
| 1027094 | Always provide deserialization methods for optional fields |
medium
|
| 1027096 | Avoid raising exceptions in unexpected location |
medium
|
| 1027102 | Avoid using Regex constructor or static method without timeout |
high
|
| 1030000 | DEPRECATED: Avoid "when" statement or expression without an else (Kotlin) |
medium
|
| 1030002 | Avoid using "Throwable.printStackTrace()" with no argument (Kotlin) |
medium
|
| 1030004 | Avoid using "foreach" to iterate over a explicit range (Kotlin) |
medium
|
| 1030012 | Avoid using weak encryption algorithm as DES and tripleDES (Kotlin) |
high
|
| 1030014 | Avoid using RSA Cryptographic algorithms without OAEP (Optimal Asymmetric Encryption Padding) (Kotlin) |
high
|
| 1030020 | Avoid unhandled Exceptions in servlet methods (Kotlin) |
high
|
| 1030022 | Avoid passing an existing array with spread operator as an argument using vararg as parameters (Kotlin) |
medium
|
| 1034048 | Avoid using insufficient random generator (PHP) |
critical
|
| 1034056 | Avoid using hard-coded HMAC keys (PHP) |
critical
|
| 1034062 | Avoid creating cookie without setting httpOnly option (PHP) |
critical
|
| 1034064 | Ensure httpOnly option is enabled when creating session (PHP) |
critical
|
| 1034066 | Avoid creating application cookie without SameSite option (PHP) |
critical
|
| 1034068 | Ensure SameSite option is enabled when creating session (PHP) |
critical
|
| 1039002 | Avoid using deprecated SSL protocols to secure connection |
high
|
| 1039004 | Avoid using HttpServletRequest.getRequestedSessionId() |
critical
|
| 1039006 | Avoid using predictable SecureRandom Seeds |
high
|
| 1039008 | Avoid thrown Exceptions in servlet methods |
high
|
| 1039010 | Avoid using risky cryptographic hash (JEE) |
critical
|
| 1039014 | Avoid using Cipher with no HMAC to ensure data integrity |
high
|
| 1039018 | Avoid using cryptography hash with hard-coded salt |
high
|
| 1039020 | Avoid using javax.crypto.NullCipher |
high
|
| 1039022 | Avoid using Insecure PBE Iteration Count |
high
|
| 1039024 | Avoid using unsecured cookie (JEE) |
high
|
| 1039026 | Avoid creating cookie without setting httpOnly option (JEE) |
high
|
| 1039028 | Avoid weak encryption providing not sufficient key size (JEE) |
high
|
| 1039030 | Avoid using DefaultHttpClient constructor |
high
|
| 1039052 | Avoid Http Session without expiration |
critical
|
| 1039056 | Avoid insecure use of YAML deserialization when using SnakeYaml (JEE) |
high
|
| 1039062 | Always implement readObject() to prevent untrusted deserialization when loading from ObjectInputStream |
high
|
| 1039064 | Avoid having cookie with an overly broad domain (JEE) |
high
|
| 1039066 | Avoid creating cookie with an overly broad path (JEE) |
high
|
| 1039068 | Avoid using the Non-Serializable Object Stored in Session |
high
|
| 1039070 | Avoid using URL.equals(Object obj) or URL.hashCode() |
high
|
| 1039072 | Avoid using jYAML to deserialize YAML (JEE) |
high
|
| 1039076 | Avoid using HttpURLConnection with HTTP protocol |
high
|
| 1039096 | Ensure httpOnly option is enabled when creating session (JEE) |
high
|
| 1039098 | Ensure secure option is enabled when creating session (JEE) |
high
|
| 1039100 | Avoid creating cookie without setting SameSite option (JEE) |
critical
|
| 1039102 | Ensure SameSite option is enabled when creating session (JEE) |
critical
|
| 1039104 | Avoid creation of temporary file with insecure permissions (JEE) |
high
|
| 1039108 | Avoid leaving temporary files in directory (JEE) |
high
|
| 1039110 | Ensure initializing cryptographic key generators (JEE) |
high
|
| 1039114 | Avoid predictable initialization vector (JEE) |
high
|
| 1039116 | Ensure setting origins when using @CrossOrigin Spring annotation |
high
|
| 1039118 | Avoid enabling directory listing (JEE) |
high
|
| 1040014 | Avoid using Spring Security's debug mode |
medium
|
| 1040024 | Spring Boot Shutdown Actuator Endpoint must be secured from unauthenticated access. |
high
|
| 1040026 | Avoid not providing an explicit HTTP method in @RequestMapping methods |
critical
|
| 1040030 | Avoid Using Generic Authentication Exception Class |
medium
|
| 1040032 | Avoid Using ControllerAdvice And HandlerExceptionResolver simultaneously |
medium
|
| 1040036 | Avoid using STOMP Spring messaging module before Spring 5.0.5 and 4.3.16 |
critical
|
| 1040038 | Avoid using Spring Security Path Matching Inconsistency before Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x |
medium
|
| 1040042 | Avoid using Spring Security in combination with Spring Framework 5.0.5 |
high
|
| 1042012 | Avoid Unused Validation Form in Struts 1.x |
medium
|
| 1042018 | Avoid Missing Form Bean in Struts 1.x |
medium
|
| 1042028 | Avoid activating alwaysSelectFullNamespace when actions configured without namespace or with a wildcard namespace for Struts pre 2.3.34 and pre 2.5.1 |
critical
|
| 1042030 | Avoid using Default exclude patterns (excludeParams) for Struts 2.3.20 ( and older) |
critical
|
| 1042036 | Avoid Long request parameter names in Struts 2.0.0 - struts 2.3.4 |
critical
|
| 1042040 | Avoid using Struts URLValidator with version before 2.5.13 |
critical
|
| 1042042 | Avoid using Rest Plugin with XStream handler to deserialise XML requests in Struts 2.1.2 - Struts 2.3.33, Struts 2.5 - Struts 2.5.12 |
critical
|
| 1042046 | Avoid Using Dynamic Method Invocation for Apache Struts 2.x |
critical
|
| 1042052 | Avoid using JSON-lib library for Rest Plugin of Struts 2.5 to 2.5.14 |
critical
|
| 1043020 | Avoid having applications with the debug mode activated |
medium
|
| 1043022 | Avoid using unsecured cookie (C#) |
medium
|
| 1043024 | Always enable RequireSSL attribute for cookies in Config file (ASP.NET) |
medium
|
| 1043026 | Avoid disabling EnableViewStateMac in Config file (ASP.NET) |
medium
|
| 1043028 | Avoid disabling EnableViewStateMac in ASPX page |
medium
|
| 1043032 | Avoid having ASPX pages with tracing activated |
medium
|
| 1043034 | Avoid having applications with the tracing activated in the web config file |
medium
|
| 1043038 | Avoid having applications with the tracing activated in the source code |
medium
|
| 1043046 | Avoid creating cookie with overly broad path (C#) |
critical
|
| 1043048 | Avoid having cookie with an overly broad domain (C#) |
critical
|
| 1043050 | Avoid having long timeout for HttpCookie (> 5 mn) |
medium
|
| 1043054 | Avoid overly permissive Cross-Origin Resource Sharing (CORS) policy |
medium
|
| 1043058 | Avoid disabling Header Checking flag in config file |
medium
|
| 1043060 | Avoid disabling HMAC signature verification (C#) |
high
|
| 1043062 | Avoid having all users accessing resources (.NET) |
medium
|
| 1043066 | Always use HTTPS Redirection Middleware and HSTS Middleware in your ASP.NET Core application |
high
|
| 1043072 | Avoid creating unsecured HTTPS GET metadata endpoint in code |
high
|
| 1043074 | Avoid creating unsecured HTTPS GET metadata endpoint in configuration |
high
|
| 1043076 | Avoid disabling custom errors mode to prevent exposure of exceptions and error data |
medium
|
| 1043078 | Avoid debug binaries that include detailed debug information |
medium
|
| 1043080 | Avoid disabling OR not defining encryption behavior for encryption when connecting with Database |
high
|
| 1043082 | Avoid client provided dictionaries to have high request sizes |
medium
|
| 1043084 | Avoid XML schemas with unbounded occurrences |
medium
|
| 1045000 | Lazy fetching should be used for Hibernate collection |
high
|
| 1045002 | Avoid Hibernate Entity with 'select-before-update' set to true if not associated to table that fires an UPDATE trigger |
high
|
| 1045004 | Avoid UPDATE trigger firing when not necessary |
high
|
| 1045006 | Never use an array to map Hibernate collection |
high
|
| 1045008 | Avoid non serializable Entity beans |
medium
|
| 1045010 | Prefer using version number instead of timestamp for Hibernate Entity |
medium
|
| 1045012 | Avoid public/protected setter for the generated identifier field |
medium
|
| 1050000 | Avoid using the call of web service with iOS/Objective-C API inside a loop |
critical
|
| 1050020 | Avoid return statement in @finally block |
high
|
| 1050028 | Always use LAContext canEvaluatePolicy: before using evaluatePolicy: (Objective-C) |
high
|
| 1050030 | Ensure the Objective-C error condition check is not fragile |
high
|
| 1050032 | Ensure that LAContext evaluatePolicy: reply block success is checked (Objective-C) |
medium
|
| 1050034 | Ensure that LAContext evaluatePolicy: reply block is not empty (Objective-C) |
medium
|
| 1050052 | Avoid empty finally block (Objective-C) |
medium
|
| 1050062 | Avoid empty catch blocks (Objective-C) |
high
|
| 1055000 | Avoid using unsecured cookie (Swift) |
high
|
| 1055002 | Avoid using the call of web service with iOS/Swift API inside a loop |
critical
|
| 1055014 | Ensure that LAContext evaluatePolicy reply block is not empty (Swift) |
medium
|
| 1055016 | Ensure that LAContext evaluatePolicy reply block success is checked (Swift) |
medium
|
| 1055018 | Always use LAContext canEvaluatePolicy before using evaluatePolicy (Swift) |
high
|
| 1055034 | Avoid empty generic catch blocks (Swift) |
high
|
| 1055038 | Avoid weak encryption algorithm (Swift) |
high
|
| 1060004 | Avoid Empty Finally Block When Calling Resource |
high
|
| 1060012 | Avoid SQL queries on XXL tables that no index can support for artifacts with high fan-in |
critical
|
| 1060014 | Avoid SQL queries that no index can support for artifacts with high fan-in |
critical
|
| 1060018 | Avoid String concatenation in loops for artifacts with high fan in |
high
|
| 1060020 | Avoid empty catch blocks for methods with high fan-in |
critical
|
| 1060022 | Avoid too many SQL calls for methods with high fan-in |
critical
|
| 1060114 | Always enable authorization checks at function level for functions called on by APIs based with Spring Application |
high
|
| 1060116 | Always avoid http redirects to unknown or untrusted URLs |
medium
|
| 1065004 | Ensure that dynamically allocated memory on local pointer in functions/methods is freed. |
medium
|
| 1065006 | Avoid iterator invalidation. |
high
|
| 1065010 | Avoid using <cstdio> stream input output library (C++) |
medium
|
| 1065014 | Avoid using the library functions bsearch and qsort from <stdlib.h> (C/C++) |
medium
|
| 1065016 | Avoid using atof,atol, atoll or atoi functions from <stdlib.h> (C/C++) |
medium
|
| 1065018 | Avoid using offsetof from <cstddef> |
medium
|
| 1065020 | Avoid using <ctime> (C++) |
medium
|
| 1065022 | Avoid using <stdio.h> (C/C++) |
medium
|
| 1065024 | Avoid using the standard library time and date functions from "<time.h>" (C/C++) |
medium
|
| 1065026 | Ensure exception objects are always caught by reference (C++) |
medium
|
| 1065034 | Avoid throwing an exception object of pointer type (C++) |
medium
|
| 1065038 | Avoid using 'signal.h' (C/C++) |
medium
|
| 1065042 | Avoid non-void return type function without an explicit return of an expression (C/C++) |
medium
|
| 1065046 | Avoid using the unbounded functions of <cstring> library |
medium
|
| 1065050 | Avoid using "sizeof" on expressions that contain side effects |
medium
|
| 1065052 | Avoid using Octal constants or escape sequences (C/C++) |
medium
|
| 1065054 | Do not override the standard library functions (C/C++) |
medium
|
| 1065056 | Avoid throwing exceptions outside of main() |
medium
|
| 1065058 | Ensure that there is at least one exception handler to catch-all otherwise unhandled exceptions in the main function(C++) |
medium
|
| 1065062 | Avoid testing floating point numbers for equality |
high
|
| 1065068 | Avoid using Digraphs (C++) |
medium
|
| 1065070 | Avoid using Trigraphs |
medium
|
| 1065072 | Avoid using Unions |
medium
|
| 1065074 | All constructors that are callable with a single argument of fundamental type shall be declared explicit. |
medium
|
| 1065082 | Handlers of a function-try-block implementation of a class constructor ordestructor shall not reference non-static members from this class or its bases. |
medium
|
| 1065092 | Avoid having boolean operators with non-boolean operands (C/C++) |
medium
|
| 1065094 | Avoid having expressions with bool type to be used as operands on operators other than =, &&, ||, !, ==, !=, the unary & operator, and the conditional operator |
medium
|
| 1065098 | Avoid delete operators to exit with an exception. |
medium
|
| 1065100 | Avoid move constructor and move assignment operator to exit with an exception |
medium
|
| 1065102 | Avoid checking Integer overflow without explicit cast |
high
|
| 1065104 | Converting a multiplication to a larger type should be done before the multiplication takes place |
medium
|
| 1065106 | Avoid comparing types of different widths in a loop |
medium
|
| 1065108 | Bit-fields shall be either unsigned integral, or enumeration (with underlying type of unsigned integral type). |
medium
|
| 1065110 | Ensure arrays and containers are accessed using unsigned values |
critical
|
| 1065112 | Avoid passing empty container iterators to std algorithms as destinations |
medium
|
| 1065114 | Avoid lines starting with "#" with invalid pre-processing directive |
medium
|
| 1065116 | Undefined macro identifiers shall not be used in #if or #elif preprocessor directives, except as operands to the defined operator |
medium
|
| 1065118 | Arguments to a function-like macro shall not contain tokens that look like preprocessing directives. |
medium
|
| 1065120 | Avoid using # OR ## operators more than once while defining macros |
medium
|
| 1065122 | Avoid #define or #undef macros anywhere other than global namespace |
medium
|
| 1065130 | Avoid defining, redefining or undefining standard macros from standard library |
medium
|
| 1101000 | Never use SQL queries with a cartesian product (SQL) |
medium
|
| 1101002 | Never use SQL queries with a cartesian product on XXL Tables (SQL) |
critical
|
| 1101004 | Avoid non-indexed SQL queries |
medium
|
| 1101006 | Avoid non-indexed XXL SQL queries |
critical
|
| 1101008 | Avoid non-SARGable queries |
medium
|
| 1101010 | Avoid NATURAL JOIN queries |
medium
|
| 1101012 | Avoid specifying column numbers instead of column names in ORDER BY clauses |
medium
|
| 1101014 | Avoid queries using old style join convention instead of ANSI-Standard joins (SQL) |
medium
|
| 1101018 | Avoid using the GROUP BY clause |
medium
|
| 1101020 | Avoid using quoted identifiers |
medium
|
| 1101024 | Avoid using dynamic SQL in SQL Artifacts |
medium
|
| 1101026 | Always define column names when inserting values |
medium
|
| 1101028 | Use MINUS or EXCEPT operator instead of NOT EXISTS and NOT IN subqueries |
medium
|
| 1101030 | Avoid Artifacts with queries on too many Tables and/or Views |
medium
|
| 1101032 | Avoid exists and not exists independent clauses (SQL) |
high
|
| 1101034 | Avoid using DISTINCT in SQL SELECT statements |
medium
|
| 1101038 | Avoid OR conditions testing equality on the same identifier in SQL WHERE clauses |
medium
|
| 1101040 | Avoid empty catch blocks (SQL) |
high
|
| 1101052 | Use WHEN OTHERS in exception management (SQL) |
high
|
| 1101054 | Never use WHEN OTHERS THEN NULL |
high
|
| 1101058 | Avoid mixing ANSI and non-ANSI JOIN syntax in the same query |
medium
|
| 1101060 | Avoid using LIKE conditions starting with a wildcard character |
medium
|
| 1101066 | Avoid improperly written triangular joins with XXL tables |
high
|
| 1101068 | Avoid synonym with both private and public definition |
medium
|
| 1101070 | Avoid explicit comparison with NULL |
medium
|
| 1101072 | Avoid not aliased Tables |
medium
|
| 1101076 | Avoid unqualified column references |
medium
|
| 1101078 | Always prefer PRIVATE to PUBLIC synonym |
medium
|
| 1101080 | Avoid orphaned synonyms |
medium
|
| 1101082 | Avoid looping chain of synonyms |
medium
|
| 1101084 | Avoid Cursors inside a loop (SQL) |
critical
|
| 1101086 | Always use VARCHAR2 and NVARCHAR2 instead of CHAR, VARCHAR or NCHAR |
medium
|
| 1101088 | Avoid using LONG and LONG RAW datatypes |
medium
|
| 1101090 | Avoid Tables without a clustered Index (SQL) |
medium
|
| 1101092 | Avoid Procedures using an Insert, Update, Delete, Create Table or Select without including error management (SQL) |
high
|
| 1101094 | Avoid Stored Procedures not returning a status value (SQL) |
medium
|
| 1101098 | Avoid Artifacts with a Complex SELECT Clause (SQL) |
medium
|
| 1101102 | Avoid using LIKE conditions without wildcards |
medium
|
| 1101104 | Avoid XXL tables without primary key / unique key constraint / unique index |
high
|
| 1101106 | Avoid tables without primary key / unique key constraint / unique index |
high
|
| 1101112 | Avoid LOCK TABLE statements in SQL code for COBOL Programs |
medium
|
| 1101114 | Avoid "SELECT *" queries (SQL) |
medium
|
| 1101116 | Avoid using SQL queries inside a loop (SQL) |
critical
|
| 1101920 | Avoid using explain() in production code (JEE) |
medium
|
| 1101922 | Avoid having multiple Artifacts updating data on the same NoSQL Collection (JEE) |
medium
|
| 1101924 | Avoid having multiple Artifacts inserting data on the same NoSQL Collection (JEE) |
medium
|
| 1101926 | Avoid having multiple artifacts deleting data on the same NoSQL collections (JEE) |
medium
|
| 1101968 | Avoid having multiple Artifacts updating data on the same NoSQL Collection |
medium
|
| 1101970 | Avoid having multiple Artifacts inserting data on the same NoSQL Collection |
medium
|
| 1101972 | Avoid having multiple artifacts deleting data on the same NoSQL collection |
medium
|
| 1104000 | Prefer using associations instead "left outer join" in CDS Views (S4/HANA) |
medium
|
| 1104002 | Prefer setting "many to one" cardinality for "left outer join" in CDS Views (S4/HANA) |
medium
|
| 1104004 | Prefer setting cardinality for CDS view associations (S4/HANA) |
medium
|
| 1104008 | CDS View AccessControl.authorizationCheck should not be set to '#NOT_REQUIRED' or '#NOT_ALLOWED' (S4/HANA) |
medium
|
| 1520460 | Siebel eScript: Avoid exception handling on Loops in Functions |
medium
|
| 1520480 | SiebelReview: Avoid BusComp using Sort specifications on non-indexed Fields |
high
|
| 1520482 | SiebelReview: Avoid PickList using Sort specifications on non-indexed Fields |
high
|
| 1520484 | SiebelReview: Avoid Link using Sort specifications on non-indexed Fields |
high
|
| 1520486 | SiebelReview: Avoid BusComp using Search specifications on non-indexed Fields |
high
|
| 1520488 | SiebelReview: Avoid PickList using Search specifications on non-indexed Fields |
high
|
| 1520490 | SiebelReview: Avoid Link using Search specifications on non-indexed Fields |
high
|
| 1520492 | SiebelReview: Avoid Applet using Search specifications on non-indexed Fields |
high
|
| 1520494 | Siebel eScript: Avoid complex PreGetFieldValue Functions |
medium
|
| 1520496 | Siebel eScript: Avoid using ExecuteQuery() statement in Functions |
medium
|
| 1520498 | SiebelReview: Force Active property Set to TRUE at BusComp level |
medium
|
| 1520500 | SiebelReview: Force Active BusComp Field Property Set to TRUE |
medium
|
| 1520502 | SiebelReview: Link Specification For BusComp Field Property Set To TRUE |
medium
|
| 1520508 | SiebelReview: Nested MVFs |
medium
|
| 1520510 | SiebelScriptingReview: Explicit Object Release |
medium
|
| 1520512 | SiebelScriptingReview: Scripting The PreCanInvokeMethod Event For A Business Service |
medium
|
| 1520540 | Siebel: Avoid too many MVG on list applet |
medium
|
| 1520544 | Siebel: Don't overload Siebel Tables |
medium
|
| 1520548 | SiebelReview: MVL Primary Configuration |
medium
|
| 1520550 | SiebelReview: "Check No Match Property" set to TRUE for MVLs |
medium
|
| 1520552 | SiebelReview: Joins to XM Tables |
medium
|
| 1520554 | SiebelReview: Using Extension Tables |
medium
|
| 1520580 | Siebel eScript: Avoid Functions without Try, Catch and Finally block |
medium
|
| 1520582 | Siebel eScript: Avoid Functions destroying variables outside of the finally clause |
medium
|
| 1520584 | Siebel eScript: Avoid Functions having Return statement in the Finally clause |
medium
|
| 1520586 | Siebel eScript: Prefer using GotoView in the Finally clause of a Function |
medium
|
| 1520588 | Siebel Scripting Review: Using Error Code in scripts |
medium
|
| 1520760 | SiebelReview: Adding System Columns as BusComp Field Objects Definitions |
medium
|
| 1520762 | SiebelReview: Controls or List Columns Based on Non-Existent Fields |
medium
|
| 1520764 | SiebelReview: Duplicate Item Identifiers |
medium
|
| 1520774 | Avoid setting field values using hard-coded values (Siebel) |
medium
|
| 1600280 | Avoid placing PeopleCode into Fields, prefer Component Level (PeopleSoft) |
medium
|
| 1600282 | Write UNION ALL instead of UNION statement (PeopleSoft) |
medium
|
| 1600284 | Avoid using comments in SQL queries (PeopleSoft) |
medium
|
| 1600286 | Avoid using the Hints to force Oracle to use a specific access method (PeopleSoft) |
medium
|
| 1600288 | Avoid using count(*) syntax (PeopleSoft) |
medium
|
| 1600290 | Avoid using ROWNUM and ORDER BY together (PeopleSoft) |
medium
|
| 1600292 | In an INSERT statement, define explicitly the values for all the table columns (PeopleSoft) |
medium
|
| 1600294 | Child records must share all keys as the parent record, plus one or more keys that uniquely identify each row (PeopleSoft) |
medium
|
| 1600296 | Related Language tables must have the same key structure as the table with the addition of the field LANGUAGE_CD (PeopleSoft) |
medium
|
| 1600460 | Isolate common expressions (PeopleSoft) |
medium
|
| 1600480 | Avoid too many Related displays (PeopleSoft) |
medium
|
| 1600482 | Avoid unlimited occurs on grids (PeopleSoft) |
medium
|
| 1600484 | Create all new Record Table in a specific tablespace (PeopleSoft) |
medium
|
| 1600486 | Create all new Record Temp in a specific tablespace (PeopleSoft) |
high
|
| 1600488 | Avoid tables having indexes with a too large index definition (PeopleSoft) |
medium
|
| 1600490 | Avoid disabling Deferred Processing on Fields (PeopleSoft) |
medium
|
| 1600492 | Avoid disabling Deferred Processing on Pages (PeopleSoft) |
medium
|
| 1600494 | Avoid disabling Deferred Processing on Components (PeopleSoft) |
medium
|
| 1600496 | Send messages in the SavePostChange event (PeopleSoft) |
medium
|
| 1600500 | Using DISTINCT, GROUP BY or UNION clause in a View implies that no join using an index can be done on this View (PeopleSoft) |
high
|
| 1600502 | All record must have at least one column as key (PeopleSoft) |
medium
|
| 1600504 | All keys should be located at the top of the record definition, and listed in order of importance (PeopleSoft) |
medium
|
| 1600506 | All SELECT statements must list each field specifically (PeopleSoft) |
medium
|
| 1600508 | Use as possible SQL section rather than PeopleCode in the application engine (PeopleSoft) |
medium
|
| 1600510 | Always prefer joining tables to subqueries (PeopleSoft) |
medium
|
| 1600512 | Use the DISTINCT clause only when we are sure that the query will return duplicate results (PeopleSoft) |
medium
|
| 1600514 | Prefer using UNION to the OR operator (PeopleSoft) |
medium
|
| 1600516 | SELECT ... FROM ... WHERE alias.col LIKE '%xxx' (PeopleSoft) |
medium
|
| 1600518 | Prefer boolean operators (EXISTS, NOT EXISTS) and non-negative predicates (PeopleSoft) |
medium
|
| 1600520 | IN vs EXIST Use IN when the subquery is the most selective (PeopleSoft) |
medium
|
| 1600522 | Use TRUNCATE statement to clean a whole table (PeopleSoft) |
medium
|
| 1600524 | For complex query, always prefer the subqueries to retrieve display fields not used as joins search criterias (PeopleSoft) |
medium
|
| 1600528 | Avoid SQL with queries on more than 4 Tables (PeopleSoft) |
medium
|
| 1600530 | Avoid SQL using GROUP BY (PeopleSoft) |
medium
|
| 1600532 | Avoid PeopleCode using GROUP BY (PeopleSoft) |
medium
|
| 1600534 | Avoid SQL using HAVING (PeopleSoft) |
medium
|
| 1600536 | Avoid PeopleCode using HAVING (PeopleSoft) |
medium
|
| 1600538 | Using the GetNextNumberWithGaps Function (PeopleSoft) |
medium
|
| 1600720 | All new menu item must be into a permission list (PeopleSoft) |
medium
|
| 1600722 | All new component interface must be into a permission list (PeopleSoft) |
medium
|
| 1600724 | All new message channel must be into a permission list (PeopleSoft) |
medium
|
| 1600734 | All new mobile page must be into a permission list (PeopleSoft) |
medium
|
| 1600736 | All new process group must be into a permission list (PeopleSoft) |
medium
|
