...
The LDRA tool suite V 7.6.0 is able to detect violations of this recommendation.
Compass/ROSE could detect violations of this recommendation, merely by searching for the use of 'magic numbers' and magic strings in the code itself. That is, any number (besides a few canonical numbers: -1, 0, 1, 2) that appears in the code anywhere besides being assigned to a variable is a magic number, and should instead be assigned to a const integer, enum, or macro. Likewise any string literal (except "" and individual characters) that appears in the code anywhere besides being assigned to a char* or char[] is a magic string.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...