Rule Definition
Software that does not leverage database capabilities to efficiently run data processing (such as stored procedures and functions) requires excessive computational resources.
When the artifacts have a high fan-in the risk is highly increased.
Remediation
Use dedicated stored procedures when multiple data accesses are needed.
Violation Code Sample
/**
* @param resultat
* @throws SQLException
*/
public void meth_1() throws SQLException
{
Statement statement = connection.createStatement();
String sql1 = "INSERT INTO STUDENTS VALUES" +
"(100,'TOTO','TITI', {d '2001-12-16'})";
String sql2 = "INSERT INTO STUDENTS VALUES" +
"(100,'MR','T', {d '2002-10-1'})";
String sql3 = "INSERT INTO STUDENTS VALUES" +
"(10,'MR','T', {d '2002-10-1'})";
statement.executeUpdate(sql1);
statement.executeUpdate(sql2);
statement.executeUpdate(sql3);
}
/**
* @param resultat
* @throws SQLException
*/
public void meth_2() throws SQLException
{
Statement statement = connection.createStatement();
String sql1 = "INSERT INTO STUDENTS VALUES" +
"(100,'TOTO','TITI', {d '2001-12-16'})";
String sql2 = "INSERT INTO STUDENTS VALUES" +
"(100,'MR','T', {d '2002-10-1'})";
statement.executeUpdate(sql1);
statement.executeUpdate(sql2);
boolean rs = statement.execute("SELECT * FROM STUDENTS");
if (rs)
{
// print result
}
}
Fixed Code Sample
/**
* @param resultat
* @throws SQLException
*/
public void meth_1() throws SQLException
{
String sql = "{call myproc}";
CallableStatement statement = connection.prepareCall(sql);
statement.execute();
...
}
Reference
http://it-cisq.org/
ASCPEM 1.0, Automated Source Code Performance Efficiency Measure, Object Management Group.
CISQ: ASCPEM-PRF-10
Related Technologies
Technical Criterion
CWE-1073 - Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
About CAST Appmarq
CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.