Health Factors

  Total Quality Index (TQI)

3786 rules

Total Quality Index measures the general maintainability level of the application based on hundreds of metrics provided by CAST.

  Robustness

1426 rules

Robustness measures the level of risk and the likelihood of having application failures and defects resulting from modifications.

  Security

1418 rules

Security measures the likelihood of potential security breaches linked to coding practices and application source code.

  Efficiency

535 rules

Efficiency measures the likelihood of potential performance bottlenecks and the potential future scalability issues linked to coding practices.

  Changeability

1292 rules

Changeability measures how easily applications can be modified in order to implement new features, correct errors, or change the applications environment.

  Transferability

1284 rules

Transferability measures how easily applications can be moved across teams or team members including in-house and outsourced development teams.
Want more stats? Register now!

Quality Rules

A base class shall be declared virtual only if it is used in a diamond hierarchy
Abstract Classes should be non copy-assignable
A class name should start with a upper case letter (PHP)
CRITICAL  A Class that has pointer data members must provide a copy Constructor
A Copybook should not include other Copybooks
CRITICAL  Action Artifacts should not directly call a JSP page
CRITICAL  Action Artifacts should not directly use database objects
Action Classes should have only one public method
Action Classes should only be called by Action Mappings tag (for Struts 1.x) or Action tag (for Struts 2.x)
Action Classes should only call Business Classes
Action Mappings should have few forwards
Add @Override on methods overriding or implementing a method declared in a super type
All ALLOCATE statements in Fortran-90 Functions must use the return code STAT (Fortran)
All ALLOCATE statements in Fortran-90 Modules must use the return code STAT (Fortran)
All ALLOCATE statements in Fortran-90 Programs must use the return code STAT (Fortran)
All ALLOCATE statements in Fortran-90 Subroutines must use the return code STAT (Fortran)
All constructors that are callable with a single argument of fundamental type shall be declared explicit.
All if … else if constructs shall be terminated with an else clause (C/C++)
All image files should be in a specific directory
Allow only HTTPS communication
All page files should be in a specific directory
All Read and Write statements in Functions must use the return code IOSTAT (Fortran)
All Read and Write statements in Modules must use the return code IOSTAT (Fortran)
All Read and Write statements in Programs must use the return code IOSTAT (Fortran)
All Read and Write statements in Subroutines must use the return code IOSTAT (Fortran)
All script files should be in a specific directory
All stylesheet files should be in a specific directory
All traffic to particular domains should use HTTPS
All types of a serializable class must be serializable
All types of a serializable Class must be serializable
Always activate unlockedDeviceRequired to avoid data decryption when device is unlocked
Always avoid http redirects to unknown or untrusted URLs
Always cache the returned objects in variables to be reused
Always check all the BiometricPrompt acquired options in the onAuthenticationSucceeded method
Always check all the BiometricPrompt error options in the onAuthenticationError method
Always check the device supports Biometric capability before using BiometricPrompt API
CRITICAL  Always define column names when inserting values
CRITICAL  Always enable authorization checks at function level for functions called on by APIs
CRITICAL  Always enabled validateRequest in ASPX page
Always enable HttpOnly for cookies in Config file
Always enable RequireSSL attribute for cookies in Config file (ASP.NET)
Always enable validation input when doing ASP.NET Http Post/Put Request
Always favour pipable operators in RxJS
Always handle errors when using ajax with RxJS
Always have data property as a function that returns an object
Always implement done, fail and/or always callbacks for $.ajax calls when using jQuery 3.0 (and latest)
CRITICAL  Always implement readObject() to prevent untrusted deserialization when loading from ObjectInputStream
CRITICAL  Always implement the success/error/complete or done/fail/always callbacks when using jQuery ajax call
Always manage the BiometricPrompt onAuthenticationFailed method
Always mark Windows Forms starting point as STAThread
Always override 'Equals' and Comparison operators with IComparable implementation
Always pass optional parameters too, when making 'base' calls
Always prefer set Array designators '[]' on the type and not at variable
CRITICAL  Always protect against CSRF in FastAPI application
CRITICAL  Always protect against CSRF in Flask application
Always provide deserialization methods for optional fields
Always provide error callbacks when subscribing to HttpClient observables
Always Revert After Impersonation
Always separate service contracts from service implementation.
Always specify a result set id when doing result set operations like Open/get next or open for update/replace (EGL)
Always unsubscribe events in Angular onDestroy method
Always use {@code} to wrap code statements or values such as null
Always use ConfigureAwait(false) in library code awaited tasks
Always use find for Id->Child nested selectors
CRITICAL  Always use HTTPS Redirection Middleware and HSTS Middleware in your ASP.NET Core application
Always use JSON.parse & JSON.stringify with try/catch block (Javascript)
Always use JSON.parse & JSON.stringify with try/catch block (TypeScript)
Always use LAContext canEvaluatePolicy: before using evaluatePolicy:
Always use LAContext canEvaluatePolicy: before using evaluatePolicy:
Always use LAContext canEvaluatePolicy before using evaluatePolicy (Swift)
Always use onActivityResult to pass the login results when using Facebook SDK
Always use System.Uri instead of string to build URLs
CRITICAL  Always validate user input with Request variables
An event handler MUST contain at least one onEvent or onAlarm element.
An event handler MUST contain at least one onEvent or onAlarm element.
An include file must contain at most one Class definition
An unconditional 'throw', 'return' or 'break' shall terminate every non-empty switch-clause
Any Data must be declared, use IMPLICIT NONE in Functions (Fortran)
Any Data must be declared, use IMPLICIT NONE in Modules (Fortran)
Any Data must be declared, use IMPLICIT NONE in Programs (Fortran)
Any Data must be declared, use IMPLICIT NONE in Subroutines (Fortran)
A partnerLink MUST specify the myRole or the partnerRole, or both.
A permission is required for securing Activities
A permission is required for securing Receivers
A permission is required for securing Services
CRITICAL  A pointer to a base Class shall only be cast to a pointer to a derived Class by means of 'dynamic_cast'
A pointer to a derived Class shall only be cast implicitly to a pointer to base Class
Apply signature-based permissions
Architecture Check: CACEIS:Avoid deprecated programs (Error)
Architecture Check: CACEIS:Avoid deprecated programs (Warning)
Architecture Check: Clarity Allowed
Architecture Check: Database Access Validation Architecture Model
A Read permission is required to read data of Content Provider
Arguments to a function-like macro shall not contain tokens that look like preprocessing directives.
Assignment operator should assign all non-static members of the target object
Authorization check should be done before calling a transaction
Avoid accessing data by using the position and length
Avoid accessing multiple times the same SAP Table or View in an SAP include (DELETE)
Avoid accessing multiple times the same SAP Table or View in an SAP include (INSERT)
Avoid accessing multiple times the same SAP Table or View in an SAP include (UPDATE)
Avoid accessing multiple times the same SAP Table or View in an SAP Program (DELETE)
Avoid accessing multiple times the same SAP Table or View in an SAP Program (INSERT)
Avoid accessing multiple times the same SAP Table or View in an SAP Program (UPDATE)
CRITICAL  Avoid accessing SAP standard Tables in modification from custom code
Avoid Action artifacts that call packages that reference database
CRITICAL  Avoid Action Mapping based on wildcards with Struts 2.3.14.2 and older versions
CRITICAL  Avoid action mappings validator turned off
CRITICAL  Avoid Activities using "Group By" statement (TIBCO BW)
Avoid Activities using ROWNUM (TIBCO BW)
CRITICAL  Avoid Activities using "UNION" instead of "Union all" (TIBCO BW)
Avoid Activities With Queries on more than 4 Tables (TIBCO BW)
CRITICAL  Avoid Activities with "SELECT *" queries (TIBCO BW)
CRITICAL  Avoid addEventListener containing hard coded strings (Flex)
CRITICAL  Avoid adding or removing displayable children from updateDisplayList (Flex specific) (Flex)
CRITICAL  Avoid AE Schema with Target namespace not defined (TIBCO BW)
Avoid allowing File IO unrestricted access
CRITICAL  Avoid * and use strongly typed objects instead in fields (Flex)
CRITICAL  Avoid * and use strongly typed objects instead in variables (Flex)
Avoid anonymous namespaces in header files (C++)
Avoid any non-static data members not initialized in constructor
CRITICAL  Avoid ArrayElementType metadata not specified for the array-type field (Flex)
Avoid Artifacts having a very low Comment/Code ratio (ASP - JavaScript VBScript)
Avoid artifacts having db.collection.ensureIndex() to create new indexes
Avoid artifacts having Incorrect Type Conversion or Cast
Avoid artifacts having recursive calls
Avoid artifacts having recursive calls (PHP)
CRITICAL  Avoid artifacts not checking the ending comments on Methods and Functions (PHP)
CRITICAL  Avoid artifacts not checking the ending comments on Sections (PHP)
Avoid Artifacts with a Complex SELECT Clause
Avoid Artifacts with a Complex SELECT Clause (ABAP)
CRITICAL  Avoid Artifacts with a Complex SELECT Clause (EGL)
Avoid Artifacts with a complex SELECT clause (JEE)
Avoid Artifacts with a Complex SELECT Clause (PowerBuilder)
Avoid Artifacts with a Complex SELECT Clause (SQL)
Avoid Artifacts with a Complex SELECT Clause (Visual Basic)
Avoid Artifacts with Group By
Avoid Artifacts with Group By (ABAP)
Avoid Artifacts with Group By (PowerBuilder)
Avoid Artifacts with Group By (Visual Basic)
Avoid Artifacts with high Commented-out Code Lines/Code Lines ratio
Avoid Artifacts with High Cyclomatic Complexity
Avoid Artifacts with High Cyclomatic Complexity (ABAP)
Avoid Artifacts with High Cyclomatic Complexity (ASP)
Avoid Artifacts with High Cyclomatic Complexity (C++)
Avoid Artifacts with High Cyclomatic Complexity (C Lang.)
Avoid Artifacts with High Cyclomatic Complexity (C# .Net)
Avoid Artifacts with High Cyclomatic Complexity (DB2 Server)
Avoid Artifacts with High Cyclomatic Complexity (Forms)
Avoid Artifacts with High Cyclomatic Complexity (Go)
Avoid Artifacts with High Cyclomatic Complexity (HTML5/Javascript)
Avoid Artifacts with High Cyclomatic Complexity (HTML5/Javascript)
Avoid Artifacts with High Cyclomatic Complexity (JEE)
Avoid Artifacts with High Cyclomatic Complexity (JSP)
Avoid Artifacts with High Cyclomatic Complexity (PL/SQL Oracle)
Avoid Artifacts with High Cyclomatic Complexity (PowerBuilder)
Avoid Artifacts with High Cyclomatic Complexity (Python)
Avoid Artifacts with High Cyclomatic Complexity (SQL Server)
Avoid Artifacts with High Cyclomatic Complexity (Swift)
Avoid Artifacts with High Cyclomatic Complexity (Visual Basic)
Avoid Artifacts with High Depth of Code
Avoid Artifacts with High Depth of Code
Avoid Artifacts with High Depth of Code (ABAP)
Avoid Artifacts with High Depth of Code (ASP)
Avoid Artifacts with High Depth of Code (C++)
Avoid Artifacts with High Depth of Code (C Lang.)
Avoid Artifacts with High Depth of Code (C# .Net)
Avoid Artifacts with High Depth of Code (DB2 Server)
Avoid Artifacts with High Depth of Code (Forms)
Avoid Artifacts with High Depth of Code (JEE)
Avoid Artifacts with High Depth of Code (JSP)
Avoid Artifacts with High Depth of Code (PL/SQL Oracle)
Avoid Artifacts with High Depth of Code (PowerBuilder)
Avoid Artifacts with High Depth of Code (SQL Server)
Avoid Artifacts with High Depth of Code (Visual Basic)
Avoid Artifacts with High Depth of Nested Subqueries
Avoid Artifacts with High Essential Complexity
Avoid Artifacts with High Essential Complexity (ABAP)
Avoid Artifacts with High Essential Complexity (ASP)
Avoid Artifacts with High Essential Complexity (C++)
Avoid Artifacts with High Essential Complexity (C Lang.)
Avoid Artifacts with High Essential Complexity (C# .Net)
Avoid Artifacts with High Essential Complexity (DB2 Server)
Avoid Artifacts with High Essential Complexity (Forms)
Avoid Artifacts with High Essential Complexity (JEE)
Avoid Artifacts with High Essential Complexity (JSP)
Avoid Artifacts with High Essential Complexity (PL/SQL Oracle)
Avoid Artifacts with High Essential Complexity (PowerBuilder)
Avoid Artifacts with High Essential Complexity (SQL Server)
Avoid Artifacts with High Essential Complexity (Visual Basic)
Avoid Artifacts with High Fan-In
Avoid Artifacts with High Fan-In (ABAP)
Avoid Artifacts with High Fan-In (ASP)
Avoid Artifacts with High Fan-In (C++)
Avoid Artifacts with High Fan-In (C Lang.)
Avoid Artifacts with High Fan-In (C# .Net)
Avoid Artifacts with High Fan-In (DB2 Server)
Avoid Artifacts with High Fan-In (Forms)
Avoid Artifacts with High Fan-In (JEE)
Avoid Artifacts with High Fan-In (JSP)
Avoid Artifacts with High Fan-In (PL/SQL Oracle)
Avoid Artifacts with High Fan-In (PowerBuilder)
Avoid Artifacts with High Fan-In (SQL Server)
Avoid Artifacts with High Fan-In (Visual Basic)
Avoid Artifacts with High Fan-Out
Avoid Artifacts with High Fan-Out (ABAP)
Avoid Artifacts with High Fan-Out (ASP)
Avoid Artifacts with High Fan-Out (C++)
Avoid Artifacts with High Fan-Out (C Lang.)
Avoid Artifacts with High Fan-Out (C# .Net)
Avoid Artifacts with High Fan-Out (DB2 Server)
Avoid Artifacts with High Fan-Out (Forms)
Avoid Artifacts with High Fan-Out (JEE)
Avoid Artifacts with High Fan-Out (JSP)
Avoid Artifacts with High Fan-Out (PL/SQL Oracle)
Avoid Artifacts with High Fan-Out (PowerBuilder)
Avoid Artifacts with High Fan-Out (SQL Server)
Avoid Artifacts with High Fan-Out (Visual Basic)
Avoid Artifacts with High integration complexity
Avoid Artifacts with High Integration Complexity
Avoid Artifacts with High integration complexity (ABAP)
Avoid Artifacts with High Integration Complexity (ASP)
Avoid Artifacts with High Integration Complexity (C++)
Avoid Artifacts with High Integration Complexity (C Lang.)
Avoid Artifacts with High Integration Complexity (C# .Net)
Avoid Artifacts with High Integration Complexity (DB2 Server)
Avoid Artifacts with High Integration Complexity (Forms)
Avoid Artifacts with High Integration Complexity (JEE)
Avoid Artifacts with High Integration Complexity (JSP)
Avoid Artifacts with High Integration Complexity (PL/SQL Oracle)
Avoid Artifacts with High Integration Complexity (SQL Server)
Avoid Artifacts with High Integration Complexity (Visual Basic)
Avoid Artifacts with High RAW SQL Complexity
Avoid Artifacts with High RAW SQL Complexity (ABAP)
Avoid Artifacts with High RAW SQL Complexity (PowerBuilder)
Avoid Artifacts with High RAW SQL Complexity (Visual Basic)
Avoid Artifacts with lines longer than 80 characters (ASP)
Avoid Artifacts with lines longer than 80 characters (C++)
Avoid Artifacts with lines longer than 80 characters (C Lang.)
Avoid Artifacts with lines longer than 80 characters (C# .Net)
Avoid Artifacts with lines longer than 80 characters (DB2 Server)
Avoid Artifacts with lines longer than 80 characters (Forms)
Avoid Artifacts with lines longer than 80 characters (JEE)
Avoid Artifacts with lines longer than 80 characters (JSP)
Avoid Artifacts with lines longer than 80 characters (PL/SQL Oracle)
Avoid Artifacts with lines longer than 80 characters (SQL Server)
Avoid Artifacts with lines longer than 80 characters (Visual Basic)
Avoid Artifacts with lines longer than X characters
Avoid Artifacts with lines longer than X characters
Avoid Artifacts with lines of more than 80 characters
Avoid Artifacts with more than 5 parameters (PowerBuilder)
Avoid Artifacts with queries on more than 4 Tables
Avoid Artifacts With Queries on more than 4 Tables (ABAP)
Avoid Artifacts With Queries on more than 4 Tables (PowerBuilder)
Avoid Artifacts With Queries on more than 4 Tables (Visual Basic)
Avoid Artifacts with queries on too many Tables and or Views
Avoid Artifacts With Queries on too many Tables (EGL)
Avoid Artifacts with SQL statement including subqueries
CRITICAL  Avoid Artifacts with Subqueries
Avoid Artifacts with Subqueries
Avoid Artifacts with Subqueries (ABAP)
Avoid Artifacts with Subqueries (EGL)
Avoid Artifacts with too many lines of code (PL/SQL Oracle)
Avoid Artifacts with too many parameters
Avoid Artifacts with too many parameters
Avoid artifacts with too many parameters (ASP)
Avoid artifacts with too many parameters (C++)
Avoid artifacts with too many parameters (C Lang.)
Avoid artifacts with too many parameters (C# .Net)
Avoid artifacts with too many parameters (DB2 Server)
Avoid artifacts with too many parameters (Forms)
Avoid Artifacts with too many parameters (Javascript)
Avoid artifacts with too many parameters (JEE)
Avoid artifacts with too many parameters (JSP)
Avoid artifacts with too many parameters (PL/SQL Oracle)
Avoid Artifacts with too many parameters (SQL Server)
Avoid Artifacts with too many parameters (Swift)
Avoid artifacts with too many parameters (Visual Basic)
Avoid ASP pages having a very low Comment/Code ratio
CRITICAL  Avoid Attribute not documented with AsDocs (Flex)
Avoid Avoid Cookie Misconfiguration (PHP)
Avoid base Classes without virtual Destructors
CRITICAL  Avoid BindingUtils class that uses hard coded strings (Flex)
Avoid blocking async methods (.NET, VB)
CRITICAL  Avoid Buffer Overruns when using ADD, SUBTRACT, MULTIPLY, DIVIDE & COMPUTE statement inside a loop
Avoid bypassing angular security trust
Avoid bypassing self-signed ssl certificate (Node.js)
CRITICAL  Avoid bypassing self-signed ssl certificate with Node.js (TypeScript)
CRITICAL  Avoid CairngormEventDispatcher called explicitly (Flex)
CRITICAL  Avoid Cairngorm event name not containing the function area name before the actual event name (Flex)
Avoid calculated fields in WHERE-clauses and ON-clauses of CDS views (S4/HANA)
CRITICAL  Avoid calling Alert.show directly (Flex)
Avoid calling blocking functions with an infinite timeout
CRITICAL  Avoid calling callLater explicitly (Flex specific) (Flex)
CRITICAL  Avoid calling CoSetProxyBlanket and CoInitializeSecurity
Avoid calling database commands directly using system functions as "C_DB_EXECUTE" and "C_DB_FUNCTION"
Avoid calling finalize()
Avoid calling programs statically
Avoid calling properties that clone values in loops
CRITICAL  Avoid Calling RFC Function Module without Authorization Check
CRITICAL  Avoid calling system function (CALL 'cfunc') BETA
Avoid calling the same paragraph with PERFORM and GO TO statements
CRITICAL  Avoid calling unsafe C library functions from COBOL
Avoid calls between JSP Pages
CRITICAL  Avoid calls to the StyleManager that do not pass FALSE as the second parameter (Flex)
CRITICAL  Avoid call to AcceptChanges in a loop
Avoid cascading Triggers
Avoid cascading Triggers (SQL)
Avoid casting and converting a pointer type to an integral type (C/C++)
Avoid catch-all except blocks with empty handlers
Avoid 'catch-all' statement
Avoid catch blocks with assertion
Avoid catching an exception of type Exception (C# .Net)
Avoid catching an exception of type Exception, RuntimeException, or Throwable
Avoid catching an exception of type Exception, RuntimeException, or Throwable (JEE)
CRITICAL  Avoid ChangeWatcher class that uses hard coded strings to specify the attribute name, to listen to. Prefer listening to events or setters (Flex)
Avoid changing DataSource member before ValueMember/DisplayMember
Avoid changing parent properties from child components using $parent
CRITICAL  Avoid checking Integer overflow without explicit cast
Avoid circular references between header files
CRITICAL  Avoid class duplicated with a SDK class (Flex)
CRITICAL  Avoid Classes and Interfaces with a High Depth of Inheritance Tree (PHP)
CRITICAL  Avoid classes exceeding maximum length (PHP)
CRITICAL  Avoid classes exceeding number of weighted methods (PHP)
CRITICAL  Avoid classes having a number of public methods and attributes exceeds maximum (PHP)
CRITICAL  Avoid classes having too many children (PHP)
CRITICAL  Avoid classes having too many dependencies (PHP)
CRITICAL  Avoid classes having too many parents (PHP)
Avoid Classes implementing too many Interfaces
Avoid Classes implementing too many Interfaces
CRITICAL  Avoid Classes not having the same name as the file (PHP)
CRITICAL  Avoid classes overriding only equals() or only hashCode()
CRITICAL  Avoid Classes using "new" to allocate Instances but not defining a copy Constructor
Avoid Classes with a copy Constructor and the default Destructor or assignment operator
Avoid Classes with a High Depth of Inheritance Tree
Avoid Classes with a High Depth of Inheritance Tree (C++)
Avoid Classes with a High Depth of Inheritance Tree (C# .Net)
Avoid Classes with a High Depth of Inheritance Tree (JEE)
Avoid Classes with a High Depth of Inheritance Tree (Visual Basic)
Avoid Classes with a High Lack of Cohesion
Avoid Classes with a High Lack of Cohesion 2 (C++)
Avoid Classes with a High Lack of Cohesion (C++)
Avoid Classes with a High Lack of Cohesion (C# .Net)
Avoid Classes with a High Lack of Cohesion (JEE)
Avoid Classes with a High Lack of Cohesion (PowerBuilder)
Avoid Classes with a High Lack of Cohesion - variant
Avoid Classes with a High Lack of Cohesion - variant (C# .Net)
Avoid Classes with a High Lack of Cohesion - variant (JEE)
Avoid Classes with a High Lack of Cohesion - variant (PowerBuilder)
Avoid Classes with a High Number Of Children
Avoid Classes with a High Number Of Children (C++)
Avoid Classes with a High Number Of Children (C# .Net)
Avoid Classes with a High Number Of Children (JEE)
Avoid Classes with a High Number Of Children (Visual Basic)
Avoid Classes with a High Public Data Ratio
Avoid Classes with a High Public Data Ratio (C++)
Avoid Classes with a High Public Data Ratio (C# .Net)
Avoid Classes with a High Public Data Ratio (JEE)
Avoid Classes with a High Public Data Ratio (PowerBuilder)
Avoid Classes with a High Public Data Ratio (Visual Basic)
Avoid Classes with a low comment/code ratio (ABAP)
Avoid Classes with an assignment operator and the default Destructor or assignment operator
Avoid Classes with a non-empty Destructor and the default assignment operator or copy Constructor
Avoid Classes with at least one virtual Function and without a virtual Destructor
Avoid Classes with a very low comment/code ratio
Avoid Classes with a very low comment/code ratio (C++)
Avoid Classes with a very low comment/code ratio (C# .Net)
Avoid classes with a very low comment/code ratio (JEE)
CRITICAL  Avoid classes with a very low comment/code ratio (PHP)
Avoid Classes with a very low comment/code ratio (Visual Basic)
Avoid Classes with Destructor not explicitly virtual whenever one of its base Class has a virtual Destructor
Avoid Classes with High Coupling Between Objects
Avoid Classes with High Coupling Between Objects (C++)
Avoid Classes with High Coupling Between Objects (C# .Net)
Avoid Classes with High Coupling Between Objects (JEE)
CRITICAL  Avoid Classes with High Cyclomatic Complexity (PHP)
Avoid Classes with High Weighted Methods per Class
Avoid Classes with High Weighted Methods per Class (C++)
Avoid Classes with High Weighted Methods per Class (C# .Net)
Avoid Classes with High Weighted Methods per Class (JEE)
Avoid Classes with High Weighted Methods per Class (PowerBuilder)
Avoid Classes with High Weighted Methods per Class (Visual Basic)
Avoid Classes with lines of more than 120 characters (PHP)
CRITICAL  Avoid classes with misplaced metadata (Flex)
Avoid Classes with multiple inheritance
CRITICAL  Avoid classes with too many fields (PHP)
CRITICAL  Avoid classes with too many methods (PHP)
CRITICAL  Avoid classes with unknown metadata attribute (Flex)
CRITICAL  Avoid class (in script) with too many fields (Flex)
CRITICAL  Avoid class name not starting by a majuscule character (Flex)
CRITICAL  Avoid class not documented with AsDocs (Flex)
CRITICAL  Avoid class that imports an internal class from another function area (Flex)
CRITICAL  Avoid class with too many fields (Flex)
Avoid client provided dictionaries to have high request sizes
CRITICAL  Avoid clone event not overiden in a custom event (Flex)
Avoid Cobol SQL Cursors without FOR READ ONLY or FOR FETCH ONLY or FOR UPDATE clauses
CRITICAL  Avoid code injection
CRITICAL  Avoid code injection (PHP)
CRITICAL  Avoid code injection through API requests
CRITICAL  Avoid comparing passwords against hard-coded strings
Avoid comparing types of different widths in a loop
Avoid Constructors not supplying an initial value for all non-static data members
CRITICAL  Avoid constructor with a return type (Flex)
CRITICAL  Avoid control statement in Constructor (must be as lightweight as possible) (Flex)
CRITICAL  Avoid cookie injection
CRITICAL  Avoid cookie injection (PHP)
CRITICAL  Avoid cookie poisoning
CRITICAL  Avoid copying needless the variables (PHP)
CRITICAL  Avoid creating application cookie without SameSite option (PHP)
Avoid creating cookies without enabling httponly attribute
Avoid creating cookie without setting httpOnly option
Avoid creating cookie without setting httpOnly option (Javascript)
CRITICAL  Avoid creating cookie without setting httpOnly option (PHP)
CRITICAL  Avoid creating cookie without setting httpOnly option (TypeScript)
CRITICAL  Avoid creating cookie without setting SameSite option (JEE)
CRITICAL  Avoid creating cookie with overly broad domain (AngularJS)
Avoid creating cookie with overly broad domain (Node.js)
CRITICAL  Avoid creating cookie with overly broad domain (Vue.js)
CRITICAL  Avoid creating cookie with overly broad path (AngularJS)
Avoid creating cookie with overly broad path (C#)
Avoid creating cookie with overly broad path (Javascript)
Avoid creating cookie with overly broad path (JEE)
Avoid creating cookie with overly broad path (Node.js)
CRITICAL  Avoid creating cookie with overly broad path (TypeScript)
CRITICAL  Avoid creating cookie with overly broad path (Vue.js)
Avoid creating file without protection
Avoid creating file without protection
Avoid creating file without protection (Swift)
CRITICAL  Avoid creating unsecured HTTPS GET metadata endpoint in code
CRITICAL  Avoid creating unsecured HTTPS GET metadata endpoint in configuration
CRITICAL  Avoid creation of temporary file with insecure permissions (JEE)
Avoid Cross-Client Database Access using Open SQL statements with CLIENT SPECIFIED/USING CLIENT addition
CRITICAL  Avoid cross-site scripting DOM vulnerabilities ( CWE-79 )
CRITICAL  Avoid Cross-Site Scripting (Persistent)
CRITICAL  Avoid cross-site scripting (persistent) (PHP)
CRITICAL  Avoid cross-site scripting (persistent) (Python)
Avoid cross site scripting (single quoted attribute) (PHP)
CRITICAL  Avoid cross-site scripting through API requests
CRITICAL  Avoid cross-site scripting within events such as onclick, onmouseover ... events (Razor)
CRITICAL  Avoid Cursors inside a loop
CRITICAL  Avoid Cursors inside a loop (PL/SQL Oracle)
Avoid Cursors inside a loop (SQL)
CRITICAL  Avoid Cursors inside a loop (SQL Server)
Avoid Cursors inside XX-Shared loop
Avoid custom code with OSS notes
CRITICAL  Avoid cyclical calls and inheritances between namespaces content
CRITICAL  Avoid cyclical calls and inheritances between packages
Avoid cyclic calls between Event and its handled Method
Avoid cyclic calls with PERFORM statements
Avoid cyclic references in the definition of CDS views (S4/HAHA)
CRITICAL  Avoid dangerous file inclusion
CRITICAL  Avoid dangerous file inclusion (JSTL) (Javascript/HTML5)
CRITICAL  Avoid dangerous File Upload
Avoid database tables associated to more than one Entity
Avoid data fields binded to columns to return sensitive data via APIs
CRITICAL  Avoid data filter injection
CRITICAL  Avoid data filter injection through API requests
Avoid data members that are never read
Avoid data members that are not private
Avoid Datawindows accessing Database Procedures or Functions
Avoid Datawindows accessing Database Tables (PowerBuilder)
Avoid Datawindows that does not access a database data
Avoid debug binaries that include detailed debug information
Avoid debug code in the production system (PHP)
Avoid debug forging
Avoid debug forging through API requests
Avoid declaring Class Variables without declaring access Properties
Avoid declaring data members in non-POD classes as public or protected
Avoid declaring Final Instance Variables that are not dynamically initialized
Avoid declaring Inner Classes
Avoid declaring Instance Variables without defined access type
Avoid declaring Non Final Class Variables with Public or Package access type
CRITICAL  Avoid declaring null arrays; prefer to set to empty (EGL)
CRITICAL  Avoid declaring public Fields
CRITICAL  Avoid declaring Public Instance Variables
Avoid declaring same OData model twice
Avoid declaring throwing an exception and not throwing it
Avoid declaring VB Variables without typing them
Avoid declaring VB Variables without typing them
Avoid Default exclude patterns (excludeParams) in Apache Struts 2.3.20
Avoid #define or #undef macros anywhere other than global namespace
Avoid defining and calling functions inside loops
CRITICAL  Avoid defining File Disk if not used (RPG300)
CRITICAL  Avoid defining File Disk if not used (RPG400)
Avoid defining Functions with 'struct' or 'class' parameters passed by value
Avoid defining, redefining or undefining standard macros from standard library
Avoid defining singleton or factory when using Spring
Avoid definition of synonym as PUBLIC in PL/SQL context
Avoid delete operators to exit with an exception.
CRITICAL  Avoid deserialization injection
CRITICAL  Avoid deserialization injection (PHP)
CRITICAL  Avoid deserialization injection through API requests
Avoid direct access to database Procedures/Functions (JSP)
Avoid direct access to Database Tables
CRITICAL  Avoid direct access to database Tables (ASP)
CRITICAL  Avoid direct access to Database Tables (C# .Net)
Avoid direct access to Database Tables in Javascript
CRITICAL  Avoid direct access to database Tables (JSP)
Avoid direct Class inheritance from java.lang.Throwable
Avoid direct definition of JavaScript Functions in a Web page
Avoid direct definition of JavaScript Functions in a Web page (Javascript/HTML5)
CRITICAL  Avoid direct definition of JavaScript Functions in a Web page (PHP)
CRITICAL  Avoid directly instantiating a Class used as a Spring bean
CRITICAL  Avoid direct or indirect remote calls inside a loop
Avoid direct or indirect remote calls inside an XX-Shared loop
CRITICAL  Avoid direct usage of database tables (C++)
CRITICAL  Avoid direct usage of database Tables (C Lang.)
CRITICAL  Avoid Direct usage of database Tables (Visual Basic)
Avoid direct usage of EJB Entity from the client
Avoid direct use of database objects (ASP - JavaScript)
Avoid direct use of Database objects (JSP/ASP)
Avoid disabling authentication mode messages when using MSMQ transport security
Avoid disabling certificate check when requesting secured urls
CRITICAL  Avoid disabling CSRF Protection in fastapi_jwt_auth
Avoid disabling custom errors mode to prevent exposure of exceptions and error data
Avoid disabling EnableViewStateMac in ASPX page
CRITICAL  Avoid disabling EnableViewStateMac in Config file
Avoid disabling Header Checking flag in config file
CRITICAL  Avoid disabling HMAC signature verification (C#)
CRITICAL  Avoid disabling OR not defining encryption behavior for encryption when connecting with Database
Avoid disabling source code inspection
Avoid disabling SSL verification in node-curl
CRITICAL  Avoid disabling SSL verification in node-curl (TypeScript)
Avoid disabling Strict Contextual Escaping (SCE) when created
CRITICAL  Avoid disabling the automatic HTML escaping for Spring
CRITICAL  Avoid disabling the expiration time requirement of a JWT token
CRITICAL  Avoid disabling the expiration time validation of a JWT token
CRITICAL  Avoid disabling the signature requirement of a JWT token
CRITICAL  Avoid disabling the XSRF/CSRF Protection (ASP.NET Core MVC)
Avoid disabling ValidateInput on controller
CRITICAL  Avoid disabling ValidateRequest in Config file
Avoid disabling withCredentials option for the httpProvider
Avoid disabling xsrf check in HttpClientXsrfModule
CRITICAL  Avoid DispatchEvent function not dispatching constant strings (Flex)
Avoid DISPLAY ... UPON CONSOLE
Avoid doing assignments in sub-expressions (C++)
CRITICAL  Avoid doing select on Datatable in loop
Avoid domain model depending on other Java API
CRITICAL  Avoid double checked locking
CRITICAL  Avoid duplicated Main Procedures (PL1)
Avoid duplicate Programs in different files (PL1)
Avoid Duplicate Struts validation forms with the same name
Avoid dynamic_cast to convert current object to its derived class from its constructor or destructor
CRITICAL  Avoid dynamic class (Flex)
CRITICAL  Avoid dynamic code injection in WKWebView (Swift)
CRITICAL  Avoid Dynamic Function/Method call without Authorization Check
Avoid Dynamic SQL Objects With Queries on more than 4 Tables (C++)
Avoid Dynamic SQL Objects With Queries on more than 4 Tables (C Lang.)
Avoid Dynamic SQL Objects With Queries on more than 4 Tables (JEE)
Avoid Dynamic SQL Objects With Queries on more than 4 Tables (PowerBuilder)
Avoid Dynamic SQL Objects With Queries on more than 4 Tables (Visual Basic)
Avoid EJBs using 'synchronized' qualifier, 'wait', 'notify' and 'notifyAll' Methods
Avoid ELSEIF statements. ELSE and IF should be separate (PHP)
CRITICAL  Avoid embedded metadata in class where a stylesheet may be cleaner (Flex)
CRITICAL  Avoid embedded metadata in script where a stylesheet may be cleaner (Flex)
CRITICAL  Avoid empty catch blocks
CRITICAL  Avoid empty catch blocks
CRITICAL  Avoid empty catch blocks
CRITICAL  Avoid empty CATCH blocks (ABAP)
CRITICAL  Avoid empty catch blocks (C# .Net)
Avoid empty catch blocks for methods with high fan-in
CRITICAL  Avoid empty catch blocks (JEE)
CRITICAL  Avoid empty catch blocks (PHP)
CRITICAL  Avoid empty catch statement (Flex)
CRITICAL  Avoid empty class definition (PHP)
Avoid empty componentDidCatch blocks
Avoid empty componentDidCatch blocks (Typescript)
Avoid empty finally block
Avoid empty finally block
Avoid empty finally blocks
Avoid empty finally blocks (C# .Net)
Avoid empty finally blocks (JEE)
Avoid Empty Finally Block When Calling Resource
Avoid empty Functions, Forms and Modules
CRITICAL  Avoid empty generic catch blocks (Swift)
CRITICAL  Avoid empty IF-ENDIF blocks
CRITICAL  Avoid empty if statements (Flex)
Avoid empty Includes
CRITICAL  Avoid empty jQuery ajax error/fail blocks
CRITICAL  Avoid empty method (Flex)
Avoid empty Programs
CRITICAL  Avoid empty statement (Flex)
CRITICAL  Avoid empty style definition (PHP)
CRITICAL  Avoid empty used private method (Flex)
Avoid enabling autocomplete "on" for inputs/forms
Avoid enabling dangerous protocols in whitelist APIs
CRITICAL  Avoid enabling unsecure Node.js (TypeScript)
CRITICAL  Avoid eval injection (PHP)
CRITICAL  Avoid event dispatched in a constructor (Flex)
CRITICAL  Avoid Event name not explicitly set (Flex)
Avoid events with a very low comment/code ratio
Avoid excessive number of successive nested Procedure calls and limit it to two (PL1)
Avoid executing multiple OPEN statements
CRITICAL  Avoid exists and not exists independent clauses
CRITICAL  Avoid exists independent clauses
Avoid explicit comparison with NULL
Avoid exporting namespaces
Avoid exposing methods that use Platform Invocation Services to access unmanaged code
CRITICAL  Avoid expression language injection
CRITICAL  Avoid expression language injection through API requests
CRITICAL  Avoid extension with same name as the class name (Flex)
CRITICAL  Avoid external control of system or configuration setting
CRITICAL  Avoid external control of system or configuration setting through API requests
CRITICAL  Avoid field incorrectly named. (Flex)
CRITICAL  Avoid field names ending with numeric characters (Flex)
CRITICAL  Avoid Fields in Action Classes that are not final static
CRITICAL  Avoid Fields in Servlet Classes that are not final static
CRITICAL  Avoid file path manipulation (PHP)
CRITICAL  Avoid file path manipulation (Python)
CRITICAL  Avoid file path manipulation vulnerabilities ( CWE-73 )
CRITICAL  Avoid file path manipulation vulnerabilities through API requests
Avoid files that declare both symbols and execute logic with side effects (PHP)
Avoid filtering sensitive data using front-end
Avoid flexible array members (C/C++)
Avoid for-in loop
CRITICAL  Avoid FOR loops which can be simplified to a WHILE loop (PHP)
CRITICAL  Avoid Form Field without Validator
Avoid Forms with a very low comment/code ratio
CRITICAL  Avoid FrontController that adds all its commands within the Controller constructor (Flex)
CRITICAL  Avoid Function and Procedures using Builtin Function "String" (PL1)
Avoid Function pools with more than 20 functions
Avoid Functions and Methods with a very low comment/code ratio
Avoid Functions and Procedures doing an Insert, Update or Delete without managing a transaction
Avoid Functions and Procedures doing an Insert, Update or Delete without managing a transaction (SQL)
Avoid Functions and Procedures having a SELECT without the default OTHERWISE clause (PL1)
Avoid Functions and Procedures having bad naming convention (PL1)
Avoid Functions and Procedures having cursors declared with "FOR FETCH ONLY" clause not having "WITH ROWSET POSITIONING" also specified (PL1)
Avoid Functions and Procedures having multiple statements on the same line (PL1)
Avoid Functions and Procedures having qualified variables having spaces in the name (PL1)
Avoid Functions and Procedures having subscripts used in arrays or in do loops and not declared as BINARY FIXED(31) (PL1)
Avoid Functions and Procedures not having variable declared on a separate line (PL1)
Avoid Functions and Procedures not testing the SQLCODE return code after each SQL statement (PL1)
CRITICAL  Avoid Functions and Procedures not using the REORDER option (PL1)
Avoid Functions and Procedures using BIN FIXED(15) instead of BIN FIXED(31) for all local variables (PL1)
CRITICAL  Avoid Functions and Procedures using BLKSIZE or RECSIZE (PL1)
Avoid Functions and Procedures using logical operators (or, and) in the "WHEN" clause of the SELECT statement (PL1)
Avoid Functions and Procedures using RETURN statements (PL1)
Avoid Functions and Procedures with DB2 SQL containing the builtin function UPPER, LOWER or SUBSTR in the WHERE clause (PL1)
Avoid Functions and Procedures with DB2 SQL containing "UNION" clause without "ALL" option (PL1)
Avoid Functions and Procedures with "OR" logical operator in DB2 queries and in cursor definitions (PL1)
Avoid Functions having a very low Comment/Code ratio
Avoid Functions having a very low Comment/Code ratio
Avoid Functions having a very low Comment/Code ratio (Go)
CRITICAL  Avoid functions having the optional parameters before the others (PHP)
Avoid functions having UNION instead of UNION ALL (EGL)
Avoid Functions, Methods, Constructors, and Destructors with a very low comment/code ratio (C++)
Avoid Functions/Methods with a complex SELECT clause (C++)
Avoid Functions/Methods with High RAW SQL Complexity (C++)
Avoid Functions/Methods with queries on too many Tables (C++)
Avoid Functions/Methods with SQL statement including Subqueries (C++)
Avoid Functions/Methods with SQL statement using Group By clause (C++)
Avoid functions overriding virtual functions without having the 'virtual' keyword
Avoid Functions/Procedures/Triggers with a complex SELECT clause (PL/SQL Oracle)
Avoid Functions/Procedures with a complex SELECT clause (DB2 Server)
Avoid Functions/Procedures with a complex SELECT clause (SQL Server)
Avoid Functions/Procedures with High RAW SQL Complexity (DB2 Server)
Avoid Functions/Procedures with High RAW SQL Complexity (SQL Server)
Avoid Functions/Procedures with queries on too many Tables (DB2 Server)
Avoid Functions/Procedures with queries on too many Tables (PL/SQL Oracle)
Avoid Functions/Procedures with queries on too many Tables (SQL Server)
Avoid Functions/Procedures with SQL statement including Subqueries (DB2 Server)
Avoid Functions/Procedures with SQL statement including Subqueries (PL/SQL Oracle)
Avoid Functions/Procedures with SQL statement including Subqueries (SQL Server)
Avoid Functions/Procedures with SQL statement using Group By clause (DB2 Server)
Avoid Functions/Procedures with SQL statement using Group By clause (PL/SQL Oracle)
Avoid Functions/Procedures with SQL statement using Group By clause (SQL Server)
CRITICAL  Avoid Functions throwing exceptions and not having a @Throws tag (PHP)
Avoid Functions with a complex SELECT clause (C Lang.)
Avoid Functions with a high Fan-in (Fortran)
Avoid Functions with a high Fan-out (Fortran)
Avoid Functions with a High number of Paths (Fortran)
Avoid Functions with a low comment/code ratio (Fortran)
Avoid Functions with a low Comments Frequency (Fortran)
Avoid Functions with a low number of Comment Blocks (Fortran)
Avoid functions with a very low comment/code ratio (PowerBuilder)
Avoid Functions with High Average size of Statements (AVGS) (Fortran)
Avoid Functions with High Cyclomatic Complexity (EGL)
Avoid Functions with High Cyclomatic Complexity (Fortran)
Avoid Functions with High Fan-In (EGL)
Avoid Functions with High Fan-Out (EGL)
Avoid Functions with High Program Length (PR_LGTH) (Fortran)
Avoid Functions with High RAW SQL Complexity (C Lang.)
Avoid Functions with High Vocabulary Frequency (VOCF) (Fortran)
Avoid Functions with low comment/code ratio (ABAP)
Avoid Functions with more then 1 statement per line (Fortran)
Avoid functions without returning exit code (Shell)
Avoid Functions with queries on too many Tables (C Lang.)
Avoid Functions with SQL statement including Subqueries (C Lang.)
Avoid Functions with SQL statement using Group By clause (C Lang.)
CRITICAL  Avoid function that are too long (Flex)
CRITICAL  Avoid function with unused parameter (Flex)
CRITICAL  Avoid generating key with insufficient random generator in cookies
Avoid getter functions of computed properties that do not return any value
CRITICAL  Avoid globally bindable classes. (Flex)
Avoid GOTO jumps out of PERFORM range
CRITICAL  Avoid hard-coded JWT secret keys
Avoid hardcoded network resource names
CRITICAL  Avoid hardcoded network resource names
Avoid hardcoded network resource names in Javascript
CRITICAL  Avoid hardcoded network resource names (Kotlin)
Avoid hardcoded network resource names (.NET, VB)
Avoid hard-coded network resource names (Swift)
Avoid hardcoded network resource names (Typescript)
CRITICAL  Avoid hard-coded password in connection string
Avoid hardcoded passwords
CRITICAL  Avoid hardcoded passwords and credentials (Kotlin)
Avoid hardcoded passwords (Javascript)
Avoid hardcoded passwords (Swift)
Avoid hardcoded passwords (TypeScript)
CRITICAL  Avoid hardcoded timeout in Process Activities (TIBCO BW)
Avoid hardcoded URIs (.NET)
Avoid having a method call or additional expressions in a statement using "++" or "--" operators (C/C++)
Avoid having applications with the debug mode activated
Avoid having applications with the tracing activated in the source code
Avoid having applications with the tracing activated in the web config file
Avoid having aspx pages with tracing activated
Avoid having boolean operators with non-boolean operands (C/C++)
Avoid having call function return ignored (PHP)
Avoid having Classes implementing too many Interfaces
CRITICAL  Avoid having Classes implementing too many Interfaces (PHP)
CRITICAL  Avoid having class methods without scope modifiers - Symfony STD (PHP)
Avoid having code dynamically executed
CRITICAL  Avoid having constructors with a return value (PHP)
CRITICAL  Avoid having control structures without proper spacing in the open and close brace - PSR2 (PHP)
CRITICAL  Avoid Having control structures without proper switch case declarations (PSR2) (PHP)
Avoid having cookie with an overly broad domain (C#)
Avoid having cookie with an overly broad domain (Javascript)
Avoid having cookie with an overly broad domain (JEE)
CRITICAL  Avoid having cookie with an overly broad domain (TypeScript)
Avoid having Copybooks with reserved prefix (PL1)
Avoid having errors without throwing them
Avoid having expressions with bool type to be used as operands on operators other than =, &&, ||, !, ==, !=, the unary & operator, and the conditional operator
Avoid having Files without a naming convention (PHP)
CRITICAL  Avoid having For-loops that use a function call in the test expression (PHP)
Avoid having functions with no return (PHP)
Avoid having handleHardIOErrors property enabled (EGL)
Avoid having iframe inside a tag
CRITICAL  Avoid having inline control statements (PHP)
Avoid having joins with more than 4 Tables
Avoid having local forward with same name as global forward
Avoid having lock on this object
Avoid having lonely variables (PHP)
Avoid having long timeout for HttpCookie (> 5 mn)
Avoid having Methods and Functions without a naming convention (PHP)
Avoid having MongoDB databases access without authentication activated
Avoid having MongoDB databases access without authentication activated
Avoid having multiple artifacts deleting data on the same NoSQL collection
Avoid having multiple artifacts deleting data on the same NoSQL collections
Avoid having multiple artifacts deleting data on the same NoSQL collections (JEE)
Avoid having multiple artifacts deleting data on the same SQL table
Avoid having multiple artifacts deleting data on the same SQL table (EGL)
CRITICAL  Avoid having multiple artifacts deleting data on the same SQL table (PLC)
CRITICAL  Avoid having multiple artifacts deleting data on the same SQL table (PLI)
Avoid having multiple Artifacts inserting data on the same NoSQL Collection
Avoid having multiple Artifacts inserting data on the same NoSQL Collection
Avoid having multiple Artifacts inserting data on the same NoSQL Collection (JEE)
Avoid having multiple Artifacts inserting data on the same SQL Table
Avoid having multiple artifacts inserting data on the same SQL table (EGL)
CRITICAL  Avoid having multiple artifacts inserting data on the same SQL table (PLC)
CRITICAL  Avoid having multiple artifacts inserting data on the same SQL table (PLI)
Avoid having multiple Artifacts updating data on the same NoSQL Collection
Avoid having multiple Artifacts updating data on the same NoSQL Collection
Avoid having multiple Artifacts updating data on the same NoSQL Collection (JEE)
Avoid having multiple Artifacts updating data on the same SQL Table
Avoid having multiple artifacts updating data on the same SQL table (EGL)
CRITICAL  Avoid having multiple artifacts updating data on the same SQL table (PLC)
CRITICAL  Avoid having multiple artifacts updating data on the same SQL table (PLI)
CRITICAL  Avoid having multiple classes defined in a single file - Symfony STD (PHP)
Avoid having multiple routes for the same path with Node.js Express App
Avoid having multiple routes for the same path with Node.js Express App (TypeScript)
CRITICAL  Avoid having object not instantiated using parenthesis - Symfony STD (PHP)
CRITICAL  Avoid having overrided record declaration with a duplicate declaration in the same application (EGL)
Avoid having Programs without a naming convention(EGL)
Avoid having properties with __get and no __set (PHP)
Avoid having Records without a naming convention (EGL)
Avoid having SQL code in Triggers named "pre-record"
Avoid having SQL Records without a naming convention (EGL)
CRITICAL  Avoid having the assignment to "$this" (PHP)
Avoid having the property IncludeExceptionDetailInFaults activated in the source code
Avoid having the same implementation in a conditional structure
Avoid having transaction with the Thread.Sleep method in a loop
Avoid having unmatched contracts for exported interfaces
Avoid having unreferenced code
Avoid having unused labels in your program (C/C++)
CRITICAL  Avoid having unused variables (PHP)
Avoid having V60ExceptionCompatibility property set to NO (EGL)
CRITICAL  Avoid having variables passed by reference when calling a function (PHP)
CRITICAL  Avoid having variables without naming conventions (PHP)
Avoid having variable with a too long name (PHP)
Avoid having variable with a too short name (PHP)
Avoid header files circular references
Avoid header files with a very low comment/code ratio
CRITICAL  Avoid Hibernate Entity with 'select-before-update' set to true if not associated to table that fires an UPDATE trigger
CRITICAL  Avoid hidden form fields to prevent parameter tampering (Javascript/HTML5)
Avoid hiding attributes
Avoid hiding attributes (JEE)
CRITICAL  Avoid hiding static Methods
Avoid High Coupling Between Object Classes (PowerBuilder)
Avoid high depth of code in Functions (Fortran)
Avoid high depth of code in Programs (Fortran)
Avoid high depth of code in Subroutines (Fortran)
Avoid high level of Nesting in Functions (Fortran)
Avoid high level of Nesting in Programs (Fortran)
Avoid high level of Nesting in Subroutines (Fortran)
Avoid High Response for a Class (C++)
Avoid High Response for a Class (C# .Net)
Avoid High Response for a Class (JEE)
Avoid High Response for a Class (PowerBuilder)
Avoid High Response for Classes
Avoid hosting HTML code in iframe srcdoc
CRITICAL  Avoid HTTP header injection (Python)
CRITICAL  Avoid HTTP response splitting through API requests
Avoid Http Session never expires
Avoid "id" attributes for forms as well as submit
CRITICAL  Avoid identical switch cases (Flex)
Avoid if … else if constructs not terminated with an else clause (.NET, VB)
Avoid if statements and blocks that are always TRUE or FALSE
Avoid Impersonate Globally
Avoid implementation files that do not include a header file with the same name
Avoid Implementation files with a very low comment/code ratio
Avoid implementing Action Classes inheriting directly from Struts Action
CRITICAL  Avoid imports from the same package (Flex)
Avoid improper instantiation of argument exceptions
Avoid improperly written triangular joins with XXL tables
Avoid improperly written triangular joins with XXL tables in PL/SQL code
CRITICAL  Avoid improper neutralization of HTTP headers (PHP)
CRITICAL  Avoid improper processing of the execution status of data handling operations
Avoid Include Circular references
Avoid included files including other files (C++)
Avoid include JavaScript Files
Avoid includes in Header Files
Avoid Includes in Header Files (C Lang.)
Avoid Includes with low comment/code ratio
Avoid including files other than header files
Avoid incoherent file accesses in Cobol programs and DISP clauses in JCL
Avoid inconsistent initialization when deriving a new exception
CRITICAL  Avoid incorrect signature of the message interceptor. (Flex)
CRITICAL  Avoid incrementer jumbling in loops (PHP)
Avoid indirect exception handling inside loops
Avoid indirect String concatenation inside loops
Avoid indirect String concatenation inside XX-shared loops
Avoid inheritance down the Package path
Avoid inline Constructors and Destructors
CRITICAL  Avoid Insecure dynamic call of a function module through variable P_NAME
CRITICAL  Avoid insecure parameters for Argon2 password encoder
CRITICAL  Avoid insecure parameters for BCrypt password encoder
CRITICAL  Avoid insecure parameters for PBKDF2 password encoder
CRITICAL  Avoid insecure parameters for SCrypt password encoder
CRITICAL  Avoid insecure use of YAML deserialization when using SnakeYaml (JEE)
Avoid instance attributes only differing by capitalization
Avoid instanceof in Methods that override or implement Object.equals(), Comparable.compareTo()
CRITICAL  Avoid instanciating a variable in a loop (Flex)
Avoid instantiating Boolean
CRITICAL  Avoid instantiations inside loops
CRITICAL  Avoid instantiations inside loops
Avoid instantiations inside XX-Shared loops
Avoid Interface implementation on Structures
Avoid Interfaces with a low comment/code ratio
Avoid Interfaces with a very low comment/code ratio
CRITICAL  Avoid invocation of virtual Methods of the declared Class in a Constructor or Destructor
Avoid invoking super more than once in constructor
Avoid iterator invalidation.
Avoid JavaScript Functions having a very low Comment/Code ratio (JSP)
CRITICAL  Avoid Javascript string interpolations to prevent SQL injections
Avoid JavaScript to block page loading
CRITICAL  Avoid JDBC Connections having password type as string (TIBCO BW)
CRITICAL  Avoid JMS Synchronous Activities (TIBCO BW)
Avoid jump statements in finally
Avoid large Artifacts - too many Lines of Code
Avoid large Classes - too many Constructors
Avoid large Classes - too many Constructors
Avoid large Classes - too many Constructors
Avoid large Classes - too many Data Members
Avoid large Classes - too many Data Members
Avoid large Classes - too many Fields
Avoid large Classes - too many Methods
Avoid large Classes - too many Methods
Avoid large Classes - too many Methods
Avoid large Classes - too many Methods
Avoid large Classes - too many Methods (Kotlin)
Avoid large Files - too many Lines of Code
Avoid large Files - too many Lines of Code (Kotlin)
Avoid large Functions - too many Lines of Code (C Lang.)
Avoid large Functions - too many Lines of Code (EGL)
Avoid large Include Files
Avoid large Interfaces - too many Methods
Avoid large Interfaces - too many Methods
Avoid large Interfaces - too many Methods
Avoid large Interfaces - too many Methods
CRITICAL  Avoid large Interfaces - too many Methods (PHP)
Avoid large JSP Pages - too many Scriptlets
Avoid large Macros - too many Lines of Code
Avoid large Methods/Functions - too many Lines of Code (C++)
Avoid large Methods - too many Lines of Code
Avoid large Methods - too many Lines of Code (ABAP)
Avoid large Methods - too many Lines of Code (JEE)
Avoid large Methods - too many Lines of Code (Kotlin)
Avoid large number of String concatenation
Avoid large number of String concatenation
Avoid large Page files
Avoid large Page files
Avoid large Paragraphs - too many Lines of Code
Avoid large Programs - too many Lines of Code
Avoid large Programs - too many Lines of Code (Cobol)
Avoid large Programs - too many Lines of Code (EGL)
Avoid large Programs - too many Sections
Avoid large Sections - too many Lines of Code
Avoid large Tables - too many columns
Avoid large Tables - too many columns (SQL)
CRITICAL  Avoid LDAP injection (PHP)
CRITICAL  Avoid LDAP injection (Python)
CRITICAL  Avoid LDAP injection vulnerabilities ( CWE-90 )
CRITICAL  Avoid LDAP injection vulnerabilities through API requests
Avoid leaving open file resources
CRITICAL  Avoid leaving temporary files in directory (JEE)
Avoid lines starting with "#" with invalid pre-processing directive
CRITICAL  Avoid local variable hiding a class property (Flex)
Avoid local variables that are not initialized at declaration time
CRITICAL  Avoid locking object by ALCOBJ command (CL400)
Avoid locking object by ALCOBJ command (CL400)
Avoid locking of Objects with weak identities
Avoid LOCK TABLE statements in SQL code for COBOL Programs
CRITICAL  Avoid Log forging vulnerabilities ( CWE-117 )
CRITICAL  Avoid log forging vulnerabilities through API requests
CRITICAL  Avoid logger not correctly formatted (Flex)
CRITICAL  Avoid logging sensitive data (Python)
Avoid Logical Files using DYNSLT (DB400)
CRITICAL  Avoid Logical Files using DYNSLT (DDS400)
Avoid Logical File without associated Physical File (DB400)
CRITICAL  Avoid Logical File without associated Physical File (DDS400)
Avoid long docstring lines
Avoid long Functions
CRITICAL  Avoid long parameter list (Flex)
Avoid Long request parameter names in Struts 2.0.0 - struts 2.3.4
CRITICAL  Avoid long switch case (Flex)
Avoid long Table names (PL/SQL Oracle)
Avoid long Table names (SAP SQL)
Avoid long Table names (SQL Server)
Avoid long Table or View names
Avoid long View names (PL/SQL Oracle)
Avoid long View names (SAP SQL)
Avoid long View names (SQL Server)
Avoid looping chain of synonyms
Avoid looping chain of synonyms in PL/SQL context
Avoid loops with floating point counter (C/C++)
Avoid Main Procedures having complex queries (PL1)
Avoid Main Procedures having in the same statement the combination of two words among : INDEX, SUBSTR, REPEAT, TRANSLATE (PL1)
Avoid Main Procedures having in the same statement the combination of two words among : INDEX, SUBSTR, REPEAT, TRANSLATE (PL1)
Avoid Main Procedures having LEAVE statement (PL1)
Avoid Main Procedures having queries with joins on more than 4 Tables (PL1)
Avoid Main Procedures having "SELECT * FROM …" clause (PL1)
Avoid Main Procedures having SQL queries using NOT EXISTS (PL1)
Avoid Main Procedures having SQL queries using NOT IN (PL1)
Avoid Main Procedures having the FETCH statement not followed by the word "TITLE" (PL1)
CRITICAL  Avoid Main Procedures not having an ON ERROR clause (PL1)
CRITICAL  Avoid Main Procedures using GROUP BY statement (PL1)
CRITICAL  Avoid Main procedures using the DATE builtin function (PL1)
CRITICAL  Avoid Main procedures using the DATE builtin Function via include PLC (PL1)
Avoid Main Procedures with High Raw SQL Complexity (SQL complexity greater than X) (PL1)
CRITICAL  Avoid managed events without matching [Event] metadata (Flex)
Avoid Managed type declaration for Win32 API using Overlapped IO
Avoid manipulating a list while iterating over it
Avoid many-to-many association
Avoid Menus, UserObjects and Windows that have no inheritance relations with other objects
Avoid menu with too high level of inheritance
Avoid message security without authentication for an anonymous client
Avoid method invocation in a loop termination expression
CRITICAL  Avoid method invocation in a loop termination expression (PHP)
Avoid method invocation in an XX-Shared loop termination expression
CRITICAL  Avoid method metadata argument redundant with the handler name (Flex)
CRITICAL  Avoid method not documented with AsDocs (Flex)
CRITICAL  Avoid Methods and Functions directly access to database tables (PHP)
CRITICAL  Avoid Methods and Functions with a very low comment/code ratio (PHP)
CRITICAL  Avoid Methods and Functions with High Cyclomatic Complexity (PHP)
CRITICAL  Avoid Methods and Functions with High Fan-In (PHP)
CRITICAL  Avoid Methods and Functions with High Fan-Out (PHP)
Avoid Methods and Functions with lines of more than 120 characters (PHP)
Avoid Methods having a very low Comment/Code ratio (Go)
CRITICAL  Avoid methods having length exceeding the maximum (PHP)
CRITICAL  Avoid methods having too many parameters (PHP)
Avoid Methods with a low comment/code ratio (ABAP)
Avoid Methods with a very low comment/code ratio
Avoid Methods with a very low comment/code ratio
Avoid Methods with a very low comment/code ratio (JEE)
Avoid methods with a very low comment/code ratio (PowerBuilder)
CRITICAL  Avoid Methods with Object Instantiation in loops (PHP)
CRITICAL  Avoid method with more than one exit point (Flex)
Avoid missing default in switch statements
Avoid missing default in switch statements (JEE)
Avoid Missing Form Bean in Struts 1.x
CRITICAL  Avoid missing WHEN OTHERS in CASE statements
CRITICAL  Avoid mixing trusted and untrusted data in HTTP requests (PHP)
CRITICAL  Avoid mixing trusted and untrusted data in HTTP requests (Python)
CRITICAL  Avoid mixing trusted and untrusted data in HTTP requests through API requests
CRITICAL  Avoid ModelLocator not only accessible from the main application file (Flex)
CRITICAL  Avoid modelLocator that is Bindable at a class level (Flex)
Avoid Modules with a High number of Paths (Fortran)
Avoid Modules with a low comment/code ratio (Fortran)
Avoid Modules with a low Comments Frequency (Fortran)
Avoid Modules with a low number of Comment Blocks (Fortran)
Avoid Modules with a very low comment/code ratio
Avoid Modules with High Average size of Statements (AVGS) (Fortran)
Avoid Modules with High Cyclomatic Complexity (Fortran)
Avoid Modules with High Program Length (PR_LGTH) (Fortran)
Avoid Modules with High Vocabulary Frequency (VOCF) (Fortran)
Avoid Modules with more then 1 statement per line (Fortran)
Avoid Module with high Commented-out Code Lines/Code Lines ratio
CRITICAL  Avoid more than one reference of ModelLocator per class (Flex)
Avoid move constructor and move assignment operator to exit with an exception
Avoid multiple validation form with the same name
Avoid mutable default parameter values
CRITICAL  Avoid MVC injection
CRITICAL  Avoid MVC injection through API requests
CRITICAL  Avoid MXML component with more than 1 public variable (Flex)
CRITICAL  Avoid MXML component with more than 2 public variables (Flex)
Avoid namespaces with High Afferent Coupling (CA)
Avoid Namespaces with High Efferent Coupling (CE)
Avoid NATURAL JOIN queries
CRITICAL  Avoid nested if statements (Flex)
Avoid nested loops
CRITICAL  Avoid nested SELECT ... ENDSELECT statements
Avoid nested Stored Procedures using temporary Tables
CRITICAL  Avoid nested switch statements (Flex)
Avoid non-public custom exception types
Avoid non-SARGable queries
Avoid non serializable Entities
Avoid non serializable Entity beans
Avoid non standard file extensions
Avoid non standard file extensions
CRITICAL  Avoid non-static constant fields (Flex)
CRITICAL  Avoid non thread safe singleton
CRITICAL  Avoid non validated inputs
Avoid non-void return type function without an explicit return of an expression (C/C++)
CRITICAL  Avoid NoSQL injection on MongoDB (C#)
CRITICAL  Avoid NoSQL injection through API requests
Avoid not enabling throttling while setting service behavior
Avoid Not ... Is
Avoid NULL Pointer Dereference (C#, VB.NET)
CRITICAL  Avoid numerical data corruption during incompatible mutation
CRITICAL  Avoid numeric user inputs in SQL queries
CRITICAL  Avoid numeric user inputs in SQL queries through API requests
Avoid Objects having exposed pointers allowed to access unmanaged memory
Avoid Objects with a High Depth of Inheritance Tree (PowerBuilder)
Avoid Objects with a High Number Of Children (PowerBuilder)
Avoid objects without COMMENT property
CRITICAL  Avoid observable authentication response discrepancy (Python)
CRITICAL  Avoid obsolete E-spec (RPG400)
Avoid obsolete E-spec (RPG400)
Avoid obsolete E-spec (RPG_FP)
CRITICAL  Avoid obsolete L-spec (RPG400)
Avoid obsolete L-spec (RPG400)
Avoid obsolete L-spec (RPG_FP)
Avoid old VAGen Compatibility statements (EGL)
CRITICAL  Avoid OPEN/CLOSE inside loops
CRITICAL  Avoid Opening Cursor in a loop (EGL)
CRITICAL  Avoid Open SQL queries in loops
CRITICAL  Avoid Open SQL SELECT queries without WHERE condition
CRITICAL  Avoid Open SQL SELECT queries without WHERE condition on XXL Tables
Avoid orphaned synonyms
Avoid orphaned synonyms in PL/SQL context
CRITICAL  Avoid OS command injection (PHP)
CRITICAL  Avoid OS command injection (Python)
CRITICAL  Avoid OS command injection vulnerabilities ( CWE-78 )
CRITICAL  Avoid OS command injection vulnerabilities through API requests
Avoid other than main(), namespace declarations and extern "C" declarations in the global namespace (C/C++)
Avoid overly permissive Cross-Origin Resource Sharing (CORS) policy
CRITICAL  Avoid overly permissive Cross-Origin Resource Sharing (CORS) policy (Python)
Avoid override artifacts not having link demands identical to base
Avoid overriding event
CRITICAL  Avoid oversized processes Activities (1100x900) (TIBCO BW)
CRITICAL  Avoid package configuration having no or wildcard namespace with Struts2
CRITICAL  Avoid package name in upper case (Flex)
Avoid Packages with High Afferent Coupling (CA)
Avoid Packages with High Efferent Coupling (CE)
CRITICAL  Avoid packages with high number of imports (Flex)
CRITICAL  Avoid packages with misplaced metadata (Flex)
CRITICAL  Avoid packages with unknown metadata attribute (Flex)
CRITICAL  Avoid packages with view components referenced in a model class (Flex)
CRITICAL  Avoid parsing XML data without restriction of XML External Entity Reference (XXE) (PHP)
CRITICAL  Avoid parsing XML data without restriction of XML External Entity Reference (XXE) (Python)
CRITICAL  Avoid Parsley metadata placed on inaccessible members. (Flex)
Avoid passing an existing array with spread operator as an argument using vararg as parameters (Kotlin)
Avoid passing parameter by value
Avoid passing the variables of a function by reference(PHP)
Avoid PB Function/Event/Method accessing Database Procedures or Functions
Avoid PB Function/Event/Method accessing Database Tables (PowerBuilder)
Avoid performing conversion from a function pointer to any other type (C/C++)
Avoid PHP Dangerous Feature (PHP)
CRITICAL  Avoid PHP Remote File Inclusion (PHP)
CRITICAL  Avoid Physical files with fields defined locally (DDS400)
Avoid Physical files with more than X associated LF (DB400)
CRITICAL  Avoid Physical files with more than X associated LF (DDS400)
Avoid Physical files with more than X fields (DB400)
CRITICAL  Avoid Physical files with more than X fields (DDS400)
Avoid Physical File updated by multiple program (DB400)
Avoid PL1 Errors Blocks having ON ERROR SYSTEM blocks and not containing and displaying ONCODE and ONLOC (PL1)
CRITICAL  Avoid plaintext storage of password
CRITICAL  Avoid PLC Copybooks using FIXED variable type declaration (PL1)
CRITICAL  Avoid PLC Copybooks using variables with ALLOCATE and without FREE (PL1)
Avoid PLC Copybook using GOTO statement (PL1)
Avoid PLC Copybook with a very low comment/code ratio (PL1)
Avoid PLC Copybook with High Cyclomatic Complexity (PL1)
Avoid PLC Copybook with more than XX lines of code (PL1)
CRITICAL  Avoid PLC Includes having recursive PLC procedures (PL1)
Avoid PLC Procedures & Functions with a High Fan-in (PL1)
Avoid PLC Procedures & Functions with a High Fan-out (PL1)
Avoid PLC Procedures & Functions with a very low comment/code ratio (PL1)
Avoid PLC Procedures & Functions with High Cyclomatic Complexity (PL1)
Avoid PLC Procedures & Functions with more than 100 lines of code (PL1)
CRITICAL  Avoid PLI Functions and Procedures declared as RECURSIVE (PL1)
Avoid PLI Main procedures, PL1 function and PL1 Procedures using GOTO statement (PL1)
CRITICAL  Avoid PLI Main procedures using variables with ALLOCATE and without FREE (PL1)
Avoid PLI Main Proc with High Cyclomatic Complexity (PL1)
Avoid PLI Procedures & Functions with a High Fan-in (PL1)
Avoid PLI Procedures & Functions with a High Fan-out (PL1)
Avoid PLI Procedures & Functions with a very low comment/code ratio (PL1)
Avoid PLI Procedures & Functions with High Cyclomatic Complexity (PL1)
Avoid PLI Procedures & Functions with more than 100 lines of code (PL1)
Avoid PLI Programs with a very low comment/code ratio (PL1)
Avoid PLI Programs with more than XX lines of code (PL1)
Avoid PLI Programs with more then 500 LoC and less then 5 Procedures (PL1)
Avoid PLI Programs with more then 5 internal File structures (PL1)
Avoid PLI Programs with more then XX Procedures (PL1)
Avoid PL/SQL Artifacts with High RAW SQL Complexity (PL/SQL Oracle)
CRITICAL  Avoid popup using dynamic filters (Flex)
Avoid Procedure Paragraphs that contains no statements
Avoid Procedures and Functions using the ITERATE statement (PL1)
Avoid Procedure Sections that contain no Paragraph
CRITICAL  Avoid Procedures using an Insert, Update, Delete, Create Table or Select without including error management
Avoid Procedures with a very low comment/code ratio (RPG400)
Avoid Procedures with a very low comment/code ratio (RPG_FP)
Avoid Procedures with High Cyclomatic Complexity (RPG400)
CRITICAL  Avoid Procedures with High Cyclomatic Complexity (RPG400)
Avoid Procedures with High Cyclomatic Complexity (RPG_FP)
Avoid Procedures with High Fan-In (RPG400)
CRITICAL  Avoid Procedures with High Fan-In (RPG400)
Avoid Procedures with High Fan-In (RPG_FP)
Avoid Procedures with High Fan-Out (RPG400)
CRITICAL  Avoid Procedures with High Fan-Out (RPG400)
Avoid Procedures with High Fan-Out (RPG_FP)
Avoid Procedures with more than X lines of code (RPG400)
CRITICAL  Avoid Procedures with more than X lines of code (RPG400)
Avoid Procedures with more than X lines of code (RPG_FP)
CRITICAL  Avoid process control
CRITICAL  Avoid process control through API requests
CRITICAL  Avoid Processes using JDBC SQL Direct (TIBCO BW)
Avoid processing Google Sign In Client without catching error
CRITICAL  Avoid Process with too many Activities (TIBCO BW)
CRITICAL  Avoid program calls outside a try end block (EGL)
CRITICAL  Avoid Program calls without checking the return code (EGL)
Avoid Programs accessing directly to Physical Files (RPG300)
Avoid Programs accessing directly to Physical Files (RPG400)
Avoid Programs accessing directly to Physical Files (RPG_FP)
Avoid Programs accessing more than X physical files (RPG300)
Avoid Programs accessing more than X physical files (RPG400)
Avoid Programs accessing more than X physical files (RPG_FP)
Avoid Programs declaring STATIC variables (PL1)
Avoid Programs having cursors that doesn't contain the "FOR UPDATE" clause and not containing the "FOR READ ONLY" or "FOR FETCH ONLY" clause (PL1)
Avoid Programs having files declared and not having the ON UNDF or ON UNDEFINEDFILE statement except SYSPRINT and SYSIN (PL1)
Avoid Programs having files declared as RECORD INPUT or RECORD UPDATE and not having the ON EOF or ON ENDFILE statement (PL1)
Avoid Programs having FIXED without BIN or BINARY or DEC or DECIMAL.The character "(" is mandatory. (PL1)
Avoid Programs having modules declared as external entries and unused (PL1)
Avoid Programs/Includes including large Includes
Avoid Programs/Includes with too many Forms
Avoid Programs mixing usage of do-while or (and) do-until (PL1)
Avoid Programs not having localSQLScope property set to NO (EGL)
Avoid programs not having the property allowUnqualifiedItemReferences set to YES (EGL)
Avoid programs not having the property I4GLItemsNullable set to NO (EGL)
Avoid Programs not having the property includeReferencedFunctions set to YES (EGL)
CRITICAL  Avoid Programs not using explicitly OPEN and CLOSE files (PL1)
Avoid Programs overriding the *PROCESS statement (PL1)
Avoid Programs with a Complex SELECT Clause (Cobol)
Avoid Programs with a high Fan-in (Fortran)
Avoid Programs with a high Fan-out (Fortran)
Avoid Programs with a High number of Paths (Fortran)
Avoid Programs with a low comment/code ratio (Fortran)
Avoid Programs with a low Comments Frequency (Fortran)
Avoid Programs with a low number of Comment Blocks (Fortran)
Avoid Programs with a very low comment/code ratio
Avoid Programs with a very low comment/code ratio (EGL)
Avoid Programs with a very low comment/code ratio (RPG300)
CRITICAL  Avoid Programs with a very low comment/code ratio (RPG300)
Avoid Programs with a very low comment/code ratio (RPG400)
CRITICAL  Avoid Programs with a very low comment/code ratio (RPG400)
Avoid Programs with a very low comment/code ratio (RPG_FP)
CRITICAL  Avoid Programs with COUNT(*) statement (RPG300)
Avoid Programs with COUNT(*) statement (RPG300)
Avoid Programs with COUNT(*) statement (RPG400)
CRITICAL  Avoid Programs with COUNT(*) statement (RPG400)
Avoid Programs with COUNT(*) statement (RPG_FP)
Avoid Programs with Group By (Cobol)
Avoid Programs with High Average size of Statements (AVGS) (Fortran)
CRITICAL  Avoid Programs with High Cyclomatic Complexity (CL400)
Avoid Programs with High Cyclomatic Complexity (CL400)
Avoid Programs with High Cyclomatic Complexity (Cobol)
Avoid Programs with High Cyclomatic Complexity (Fortran)
Avoid Programs with High Cyclomatic Complexity (RPG300)
CRITICAL  Avoid Programs with High Cyclomatic Complexity (RPG300)
Avoid Programs with High Cyclomatic Complexity (RPG400)
CRITICAL  Avoid Programs with High Cyclomatic Complexity (RPG400)
Avoid Programs with High Cyclomatic Complexity (RPG_FP)
Avoid Programs with High Depth of Code (Cobol)
Avoid Programs with High Essential Complexity (Cobol)
Avoid Programs with High Fan-In (Cobol)
Avoid Programs with High Fan-In (EGL)
CRITICAL  Avoid Programs with High Fan-In (RPG300)
Avoid Programs with High Fan-In (RPG300)
CRITICAL  Avoid Programs with High Fan-In (RPG400)
Avoid Programs with High Fan-In (RPG400)
Avoid Programs with High Fan-In (RPG_FP)
Avoid Programs with High Fan-Out (Cobol)
Avoid Programs with High Fan-Out (EGL)
Avoid Programs with High Fan-Out (RPG300)
CRITICAL  Avoid Programs with High Fan-Out (RPG300)
Avoid Programs with High Fan-Out (RPG400)
CRITICAL  Avoid Programs with High Fan-Out (RPG400)
Avoid Programs with High Fan-Out (RPG_FP)
Avoid Programs with High Integration Complexity (Cobol)
Avoid Programs with High Program Length (PR_LGTH) (Fortran)
Avoid Programs with High RAW SQL Complexity (Cobol)
Avoid Programs with High RAW SQL Complexity (RPG400)
Avoid Programs with High RAW SQL Complexity (RPG_FP)
Avoid Programs with High Vocabulary Frequency (VOCF) (Fortran)
CRITICAL  Avoid programs with lines having more than 80 characters (EGL)
Avoid Programs with lines of more than 80 characters
Avoid Programs with low comment/code ratio
Avoid programs with low comment / code ratio (HTML5/Javascript)
Avoid programs with low comment / code ratio (HTML5/Javascript)
Avoid programs with low comment / code ratio (Shell)
Avoid Programs with more than 3 levels of inclusion
CRITICAL  Avoid Programs with more than X Data Structures (RPG400)
Avoid Programs with more than X Data Structures (RPG400)
Avoid Programs with more than X Data Structures (RPG_FP)
Avoid Programs with more than X Functions (EGL)
CRITICAL  Avoid Programs with more than X lines of code (RPG300)
Avoid Programs with more than X lines of code (RPG300)
Avoid Programs with more than X lines of code (RPG400)
CRITICAL  Avoid Programs with more than X lines of code (RPG400)
Avoid Programs with more than X lines of code (RPG_FP)
CRITICAL  Avoid Programs with more than X LoC and no Subroutines (RPG300)
Avoid Programs with more than X LoC and no Subroutines (RPG300)
Avoid Programs with more than X LoC and no Subroutines (RPG400)
CRITICAL  Avoid Programs with more than X LoC and no Subroutines (RPG400)
Avoid Programs with more than X LoC and no Subroutines (RPG_FP)
Avoid Programs with more than X Procedures (RPG400)
Avoid Programs with more than X Procedures (RPG_FP)
CRITICAL  Avoid Programs with more than X Subroutines (RPG300)
Avoid Programs with more than X Subroutines (RPG300)
Avoid Programs with more than X Subroutines (RPG400)
CRITICAL  Avoid Programs with more than X Subroutines (RPG400)
Avoid Programs with more than X Subroutines (RPG_FP)
Avoid Programs with more then 1 statement per line (Fortran)
Avoid Programs With Queries on more than 4 Tables (Cobol)
CRITICAL  Avoid Programs With Queries on more than 4 Tables (RPG300)
Avoid Programs With Queries on more than 4 Tables (RPG300)
Avoid Programs With Queries on more than 4 Tables (RPG400)
CRITICAL  Avoid Programs With Queries on more than 4 Tables (RPG400)
Avoid Programs With Queries on more than 4 Tables (RPG_FP)
CRITICAL  Avoid Programs With Queries using GROUP BY (RPG300)
Avoid Programs With Queries using GROUP BY (RPG300)
CRITICAL  Avoid Programs With Queries using GROUP BY (RPG400)
Avoid Programs With Queries using GROUP BY (RPG400)
Avoid Programs With Queries using GROUP BY (RPG_FP)
CRITICAL  Avoid Programs with SELECT * statement (RPG300)
Avoid Programs with SELECT * statement (RPG300)
Avoid Programs with SELECT * statement (RPG400)
CRITICAL  Avoid Programs with SELECT * statement (RPG400)
Avoid Programs with SELECT * statement (RPG_FP)
Avoid programs with SQL queries using old style join convention instead of ANSI-Standard joins
Avoid Programs with subqueries (Cobol)
CRITICAL  Avoid Programs with Subqueries (RPG300)
Avoid Programs with Subqueries (RPG300)
Avoid Programs with Subqueries (RPG400)
CRITICAL  Avoid Programs with Subqueries (RPG400)
Avoid Programs with Subqueries (RPG_FP)
CRITICAL  Avoid Programs with too many FROM Clauses (RPG300)
Avoid Programs with too many FROM Clauses (RPG300)
CRITICAL  Avoid Programs with too many FROM Clauses (RPG400)
Avoid Programs with too many FROM Clauses (RPG400)
Avoid Programs with too many FROM Clauses (RPG_FP)
Avoid Programs with too many includes
CRITICAL  Avoid Programs with too many WHERE Clauses (RPG300)
Avoid Programs with too many WHERE Clauses (RPG300)
Avoid Programs with too many WHERE Clauses (RPG400)
CRITICAL  Avoid Programs with too many WHERE Clauses (RPG400)
Avoid Programs with too many WHERE Clauses (RPG_FP)
CRITICAL  Avoid protected accessors in a final class (Flex)
Avoid providing password in Web Service URL
Avoid providing password in Web Service URL
Avoid providing password in Web Service URL
Avoid providing password in Web Service URL
Avoid Psysical Files using large buffers (DB400)
Avoid public/protected setter for the generated identifier field
Avoid public/protected setter for the generated identifier field
CRITICAL  Avoid public variables inside a custom event (Flex)
Avoid Python string interpolations to prevent SQL injections
Avoid queries using old style join convention instead of ANSI-Standard joins
Avoid queries using old style join convention instead of ANSI-Standard joins
Avoid queries using old style join convention instead of ANSI-Standard joins
Avoid raising an exception in a Web Dynpro Supply Function or in a Method called by a Supply Function
Avoid raising exceptions in unexpected location
CRITICAL  Avoid READ TABLE without BINARY SEARCH
CRITICAL  Avoid Record Column without having the same nullable requirement as the corresponding SQL Table column (EGL)
CRITICAL  Avoid recursive calls with PERFORM statements
Avoid recursive Triggers
Avoid redeclaring and overriding Methods with different default parameter values
Avoid redundant indexes
CRITICAL  Avoid Reflected Cross-site Scripting (Non Persistent)
CRITICAL  Avoid reflected cross-site scripting (PHP)
CRITICAL  Avoid reflected cross-site scripting (Python)
CRITICAL  Avoid reflection injection
CRITICAL  Avoid reflection injection through API requests
CRITICAL  Avoid Regular expression injection
CRITICAL  Avoid Regular expression injection through API requests
CRITICAL  Avoid resource injection
CRITICAL  Avoid resource injection (Python)
CRITICAL  Avoid resource injection through API requests
CRITICAL  Avoid resource URL manipulation
CRITICAL  Avoid resource URL manipulation through API requests
Avoid rethrow exception explicitly
Avoid returning null from non-async Task/Task method
Avoid returning null from ToString()
Avoid return statement in @finally block
Avoid return statement in @finally block
Avoid return statement in finally block
Avoid return statement in finally block
Avoid return statements in finally blocks (JEE)
Avoid Rule HINT /*+ rule */ or --+ rule in PL/SQL code
CRITICAL  Avoid running SQL queries inside a loop
CRITICAL  Avoid Script Functions with a very low comment/code ratio (PHP)
CRITICAL  Avoid Script Functions with High Fan-In (PHP)
CRITICAL  Avoid Script Functions with High Fan-Out (PHP)
Avoid scripts and functions using SQL static statements (Shell)
Avoid scripts and functions with SQL code in temporary files (Shell)
CRITICAL  Avoid scripts high number of imports (Flex)
CRITICAL  Avoid scripts with view components referenced in a model class (Flex)
Avoid script without interpretor access path (Shell)
CRITICAL  Avoid second order code injection (PHP)
CRITICAL  Avoid second order cookie injection (PHP)
CRITICAL  Avoid second order deserialization injection
CRITICAL  Avoid second order deserialization injection (PHP)
CRITICAL  Avoid second order expression language injection
CRITICAL  Avoid second order file path manipulation (PHP)
CRITICAL  Avoid second order HTTP header injection (PHP)
CRITICAL  Avoid second order LDAP injection
CRITICAL  Avoid second order LDAP injection (PHP)
CRITICAL  Avoid second order LDAP injection (Python)
CRITICAL  Avoid second order numeric user inputs in SQL queries
CRITICAL  Avoid second order OS command injection
CRITICAL  Avoid second order OS command injection (PHP)
CRITICAL  Avoid second order PHP Remote File Inclusion
CRITICAL  Avoid second order reflection injection (PHP)
CRITICAL  Avoid second order Regular expression injection
CRITICAL  Avoid second order server-side request forgery
CRITICAL  Avoid second order server-side request forgery (PHP)
CRITICAL  Avoid second order SQL injection
CRITICAL  Avoid second order SQL injection (PHP)
CRITICAL  Avoid second order URL redirection to untrusted site
CRITICAL  Avoid second order XPath injection
CRITICAL  Avoid second order XPath injection (PHP)
CRITICAL  Avoid second order XQuery injection
CRITICAL  Avoid Sections directly access to database tables (PHP)
Avoid Sections with a very low comment/code ratio
CRITICAL  Avoid Sections with a very low comment/code ratio (PHP)
CRITICAL  Avoid Sections with Group By (PHP)
CRITICAL  Avoid Sections with High Cyclomatic Complexity (PHP)
CRITICAL  Avoid Sections With Queries on more than 4 Tables (PHP)
Avoid Sections with string concatenations (PHP)
CRITICAL  Avoid select-before-update when the Table is not associated to an UPDATE Trigger
Avoid SELECT ... BYPASSING BUFFER
Avoid "SELECT *" or "SELECT SINGLE *" queries
Avoid "SELECT *" queries
Avoid "SELECT *" queries (EGL)
CRITICAL  Avoid Select * queries in PHP Section (PHP)
Avoid "SELECT *" queries (SQL)
CRITICAL  Avoid server-side request forgery
CRITICAL  Avoid server-side request forgery (PHP)
CRITICAL  Avoid server-side request forgery (Python)
CRITICAL  Avoid server-side request forgery through API requests
Avoid 'Service Contract' without any 'Operation Contract'
Avoid Session Fixation (PHP)
Avoid setting android:grantUriPermissions as True
CRITICAL  Avoid setting a pointer to the address of a local variable defined in a lower scope
Avoid shadowing class variables
Avoid SQL Artifacts with High RAW SQL Complexity (JEE)
Avoid SQL Artifacts with queries on too many Tables (JEE)
Avoid SQL Artifacts with SQL statement including Subqueries (JEE)
Avoid SQL Artifacts with SQL statement using Group By clause (JEE)
Avoid SQL injection in dynamic SQL for Oracle
CRITICAL  Avoid SQL injection (PHP)
CRITICAL  Avoid SQL injection vulnerabilities ( CWE-89 )
CRITICAL  Avoid SQL injection vulnerabilities through API requests
Avoid SQL queries not using the first column of a composite index in the WHERE clause
CRITICAL  Avoid SQL queries on XXL tables not using the first column of a composite index in the WHERE clause
CRITICAL  Avoid SQL queries on XXL tables that no index can support
CRITICAL  Avoid SQL queries on XXL tables that no index can support
CRITICAL  Avoid SQL queries on XXL tables that no index can support (ABAP)
CRITICAL  Avoid SQL queries on XXL Tables that no index can support (AllTechno)
Avoid SQL queries on XXL tables that no index can support for artifacts with high fan-in
CRITICAL  Avoid SQL queries on XXL Tables using Functions on indexed Columns in the WHERE clause
CRITICAL  Avoid SQL queries on XXL Tables with implicit conversions in the WHERE clause
Avoid SQL queries that no index can support
Avoid SQL queries that no index can support
CRITICAL  Avoid SQL queries that no index can support (ABAP)
Avoid SQL queries that no index can support (AllTechno)
Avoid SQL queries that no index can support for artifacts with high fan-in
Avoid SQL queries using functions on indexed columns in the WHERE clause
Avoid SQL queries with implicit conversions in the WHERE clause
CRITICAL  Avoid SQL query outside try-on block (EGL)
CRITICAL  Avoid Stateful Beans not removed
Avoid static Field of type collection
Avoid static Fields that are not final
Avoid STOP RUN (use GOBACK instead)
Avoid Stored Procedures not returning a status value
CRITICAL  Avoid storing Non-Serializable Object as HttpSessionState attributes.
Avoid storing passwords in Comments
Avoid storing passwords in the config files
Avoid string concatenation in loops
CRITICAL  Avoid String concatenation in loops
CRITICAL  Avoid String concatenation in loops
Avoid String concatenation in loops for artifacts with high fan in
Avoid String concatenation in XX-shared loops
Avoid String concatenation in XX-Shared loops
Avoid String initialization with String object (created using the 'new' keyword)
CRITICAL  Avoid string interpolations to prevent SQL injections (TypeScript)
CRITICAL  Avoid Struts 2 Action Fields without Validation
Avoid Struts 2 Validator field not referencing a java class field
Avoid Struts action Mapping with disabled validator
CRITICAL  Avoid Struts Invalidated Action Form 1.x
CRITICAL  Avoid style block embedded in the MXML file (Flex)
Avoid Subroutines with a high Fan-in (Fortran)
Avoid Subroutines with a high Fan-out (Fortran)
Avoid Subroutines with a High number of Paths (Fortran)
Avoid Subroutines with a low comment/code ratio (Fortran)
Avoid Subroutines with a low Comments Frequency (Fortran)
Avoid Subroutines with a low number of Comment Blocks (Fortran)
Avoid Subroutines with a very low comment/code ratio (RPG300)
Avoid Subroutines with a very low comment/code ratio (RPG400)
Avoid Subroutines with a very low comment/code ratio (RPG_FP)
Avoid Subroutines with High Average size of Statements (AVGS) (Fortran)
Avoid Subroutines with High Cyclomatic Complexity (Fortran)
Avoid Subroutines with High Cyclomatic Complexity (RPG300)
CRITICAL  Avoid Subroutines with High Cyclomatic Complexity (RPG300)
CRITICAL  Avoid Subroutines with High Cyclomatic Complexity (RPG400)
Avoid Subroutines with High Cyclomatic Complexity (RPG400)
Avoid Subroutines with High Cyclomatic Complexity (RPG_FP)
Avoid Subroutines with High Fan-In (RPG300)
CRITICAL  Avoid Subroutines with High Fan-In (RPG300)
Avoid Subroutines with High Fan-In (RPG400)
CRITICAL  Avoid Subroutines with High Fan-In (RPG400)
Avoid Subroutines with High Fan-In (RPG_FP)
CRITICAL  Avoid Subroutines with High Fan-Out (RPG300)
Avoid Subroutines with High Fan-Out (RPG300)
CRITICAL  Avoid Subroutines with High Fan-Out (RPG400)
Avoid Subroutines with High Fan-Out (RPG400)
Avoid Subroutines with High Fan-Out (RPG_FP)
Avoid Subroutines with High Program Length (PR_LGTH) (Fortran)
Avoid Subroutines with High Vocabulary Frequency (VOCF) (Fortran)
Avoid Subroutines with more than X lines of code (RPG300)
CRITICAL  Avoid Subroutines with more than X lines of code (RPG300)
CRITICAL  Avoid Subroutines with more than X lines of code (RPG400)
Avoid Subroutines with more than X lines of code (RPG400)
Avoid Subroutines with more than X lines of code (RPG_FP)
Avoid Subroutines with more then 1 statement per line (Fortran)
Avoid Subroutines with nested if Statements (RPG300)
CRITICAL  Avoid Subroutines with nested if Statements (RPG300)
CRITICAL  Avoid Subroutines with nested IF statements (RPG400)
Avoid Subroutines with nested IF statements (RPG400)
Avoid Subroutines with nested IF statements (RPG_FP)
Avoid super class knowing sub-class
Avoid Superclass knowing Subclass
Avoid Superclass knowing Subclass (C# .Net)
Avoid Superclass knowing Subclass in Javascript
Avoid Superclass knowing Subclass (JEE)
Avoid Superclass knowing Subclass (Swift)
Avoid Superclass (or Interface) knowing Subclass (or Interface)
Avoid superfluous parenthesis
CRITICAL  Avoid switch statement without a default statement (Flex)
CRITICAL  Avoid switch statement with too few branches (Flex)
Avoid synchronizing the credentials with iCloud
Avoid synchronizing the credentials with iCloud
Avoid synchronizing the credentials with iCloud (Swift)
Avoid synonym with both private and public definition
Avoid synonym with both private & PUBLIC Definition in PL/SQL context
Avoid table and column names that are too long (portability)
Avoid Tables having Indexes with a too large Index definition
Avoid tables not involved in a Foreign Key (DB2 Server)
Avoid tables not involved in a Foreign Key (PL/SQL Oracle)
Avoid tables not involved in a Foreign Key (SQL Server)
Avoid Tables not using referential integrity
Avoid Tables with more than 20 columns on an OLTP system
Avoid Tables with more than 20 columns on an OLTP system (DB2 Server)
Avoid Tables with more than 20 columns on an OLTP system (SQL Server)
Avoid Tables without a clustered Index
CRITICAL  Avoid Tables without Primary Key
CRITICAL  Avoid Tables without Primary Key
CRITICAL  Avoid tables without primary key / unique key constraint / unique index
CRITICAL  Avoid test containing a hard coded boolean value. (Flex)
CRITICAL  Avoid testing floating point numbers for equality
Avoid testing floating point numbers for equality
CRITICAL  Avoid testing specific values for SY-UNAME
CRITICAL  Avoid test that does not contain at least one assertion (Flex)
Avoid