Embedded analyzers
8.3.16
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 16120 | When attempting to apply a DLM rule file on SAP BusinessObjects results - the DLM rule file does not review any links - i.e. all results are ignored. |
| 18236 | When looking at the results of the rule "Avoid "SELECT *" queries (7344)". The violations reported for this rule are duplicated by the rule "Avoid "SELECT *" or "SELECT SINGLE *" queries" (7530). |
| 17365 | When attempting to use a Dynamic Links rule file with PowerBuilder analysis results. The rules described in the Dynamic Links rule file are ignored. |
| 15791 | When attempting to analyze a .NET application. The analysis is hanging during the Comparing Object step due to the duplicate objects caused by 2 .csproj pointing to the same source code. |
| 18873 | When analyzing a Mainframe application in CAST AIP 8.3.x after upgrade from 8.2.x with no change in source code. The analysis time has increased 7-fold. |
| 19132 | When attempting to analyze a C++ application. The following error is displayed in the log: BuildAll.Sources: Missing Sources |
| 14882 | When attempting to run a mainframe analysis. Anarun crashes while attempting to process a .cbl file. |
| 16639 | When attempting to run a Mainframe analysis. The analysis fails with the error "Unexternalized exception - Message is 'access violation'." |
| 17366 | When looking at the results of a Mainframe analysis. Many Cobol Transaction objects are created with names containing special characters such as *, / etc. |
| 17183 | When looking at the results of a Mainframe analysis, with regard to the rule "Avoid OPEN/CLOSE inside loops - 7218". A false link between two objects is causing a false violation of the rule. |
| 17233 | When looking at the results of a Mainframe analysis, specifically with regard to the rule "Avoid unchecked return code (SQLCODE) after EXEC SQL query - 7690". False positive violations are reported for this rule when SQLCODE is checked outside perform statement of a paragraph. |
| 17220 | When looking at the results of a Mainframe analysis. An incorrect Cobol program object called "TO" is created for the "MOVE PROGRAM-ID ... TO ..." syntax found in cobybook files. No object should be created at all. |
| 18221 | False positive violations are generated for the rule "Prefer using indexes instead of subscripts - 8142" even though Indexing was used instead of Subscripts. |
| 17065 | When looking at the log files following a Mainframe analysis. Difficult to work out which copybook (when the same one has been identified more than once in the Application) has been used for the analysis. |
| 18570 | CICS Maps objects are not handled correctly - objects are displayed as "Unknown" and the same object is displayed multiple times impacting link creation. |
| 18635 | When looking at the results of a Mainframe analysis specifically with regard to the rule "Never truncate data in MOVE statements - 7688". False violations are reported for this rule when the variables have subordinate items and the comparison is based on a block. |
| 19126 | When attempting to run a Mainframe analysis. The analyzer crashes with errors similar to: - Mainframe.14: Potential mismatch between the program and the PSB '<object_name>'. The PCB number 3 has not been found. - Job execution Internal exception occurred during processing listener <item>. |
| 17816 | When looking at the results of a Mainframe analysis, specifically with regard to the rule "Avoid unreferenced Sections and Paragraphs - 7290". The analyzer does not correctly handle the syntax FETCH / END-FETCH (it is treated as paragraph) and therefore causes a false violation of the rule. |
| 19439 | When attempting to run a Mainframe analysis. Anarun crashes when analyzing certain Cobol files. |
| 19041 | When looking at the results of a post upgrade (8.2.x > 8.3.x) consistency analysis on unchanged source code. The checksum of some objects has changed, therefore impacting the results (some objects are marked as modified even though they have not been changed). |
| 19054 | When looking at the parent Technical Criterion for the rule ""CX_ROOT" should not be used in TRY .. CATCH.. ENDTRY block - 8412". This parent technical criterion for this rule is set to "61020: Programming Practices - Modularity and OO Encapsulation Conformity", but it should be changed to "61014: Programming Practices - Error and Exception Handling". |
Other Updates
| Details |
|---|
| Dynamic Links rule files now function with SAP BusinessObjects and SAP PowerBuilder analysis results. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 8412 | FALSE | For the rule SAP / ABAP rule "CX_ROOT" should not be used in TRY .. CATCH.. ENDTRY block (8412)", the parent technical criterion for this rule was incorrectly set to 61020: Programming Practices - Modularity and OO Encapsulation Conformity, but it has been changed to 61014: Programming Practices - Error and Exception Handling. |
| 7130 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Avoid Artifacts with High Depth of Nested Subqueries (7130). |
| 7524 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Avoid using BREAK or BREAK-POINT statement (7524) |
| 7528 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Never use the ON CHANGE OF statement (7528). |
| 7530 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Avoid "SELECT *" or "SELECT SINGLE *" queries (7530). |
| 7532 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Avoid nested SELECT ... ENDSELECT statements (7532). |
| 7536 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Avoid using AT Events in combination of LOOP AT .... WHERE constructs (7536). |
| 7538 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: DEPRECATED: Avoid using SELECT ... INTO CORRESPONDING FIELDS OF(7538). |
| 7544 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Avoid using SELECT ... ENDSELECT statement (7544). |
| 7592 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Avoid using "ORDER BY" in SELECTS (7592). |
| 7594 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Avoid using "SELECT DISTINCT", use DELETE-ADJACENT (7594). |
| 7666 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Avoid using SELECT ... ENDSELECT statement on XXL Tables (7666). |
| 7672 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Avoid using EXIT statement in Include (7672). |
| 7788 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Avoid empty catch blocks (7788). |
| 7806 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Avoid Artifacts with Group By (7806). |
| 7808 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Avoid Artifacts with SQL statement including subqueries (7808). |
| 7810 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Avoid Artifacts with a Complex SELECT Clause (7810). |
| 7820 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Never use SQL queries with a cartesian product (7820). |
| 7822 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Avoid Artifacts with queries on more than 4 Tables (7822). |
| 7882 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Avoid using Native SQL (7882). |
| 7902 | FALSE | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rule: Avoid SQL queries that no index can support (7902). |
| 7832 | FALSE | Rule has been deprecated (disabled) due to repeated false violations: Avoid unreferenced Classes (7832). |
| 7912 | FALSE | Rule has been deprecated (disabled) due to repeated false violations: Avoid unreferenced Data Members (7912). |
| 7908 | FALSE | Rule has been deprecated (disabled) due to repeated false violations: Avoid unreferenced Methods (7908). |
| 7344 | FALSE | Avoid "SELECT *" queries (7344). |
| 7530 | FALSE | Avoid "SELECT *" or "SELECT SINGLE *" queries (7530). |
| 7218 | FALSE | Avoid OPEN/CLOSE inside loops (7218) |
| 7690 | FALSE | Avoid unchecked return code (SQLCODE) after EXEC SQL query (7690) |
| 8142 | FALSE | Prefer using indexes instead of subscripts (8142). |
| 7688 | FALSE | Never truncate data in MOVE statements (7688). |
| 7290 | FALSE | Avoid unreferenced Sections and Paragraphs (7290). |
New Support
| Summary | Details |
|---|---|
| Mainframe Analyzer - support for IBM MQSeries | In CAST AIP ≥ 8.3.16, Mainframe Analyzer supports the publisher/subscriber mode and point-to-point mode for IBM MQSeries. Publisher/Subscriber objects will be generated and Call links between Cobol objects and IBM MQ objects and between IBM MQ objects and Cobol objects will be generated by the Web Services Linker extension (https://doc.castsoftware.com/display/TECHNOS/Web+Services+Linker) - you must ensure that v. ≥ 1.6.8 of this extension is installed, otherwise no links will be generated. You can find out more information about this support in https://doc.castsoftware.com/display/TECHNOS/Mainframe+-+Technical+notes#MainframeTechnicalnotes-IBMMQ. |
AIP Core
8.3.16
Feature Improvements
| Summary | Details |
|---|---|
| Support of PostgreSQL ≥ 10 for storage | Support has been introduced for PostgreSQL 10 and 11 (64bit) as storage, i.e. AIP schemas can now be created on these versions and analyses will run as expected. |
| Mainframe Analyzer - support for IBM MQSeries | In CAST AIP ≥ 8.3.16, Mainframe Analyzer supports the publisher/subscriber mode and point-to-point mode for IBM MQSeries. Publisher/Subscriber objects will be generated and Call links between Cobol objects and IBM MQ objects and between IBM MQ objects and Cobol objects will be generated by the Web Services Linker extension (https://doc.castsoftware.com/display/TECHNOS/Web+Services+Linker) - you must ensure that v. ≥ 1.6.8 of this extension is installed, otherwise no links will be generated. You can find out more information about this support in https://doc.castsoftware.com/display/TECHNOS/Mainframe+-+Technical+notes#MainframeTechnicalnotes-IBMMQ. |
| CAST Database Extractor | The CAST Database Extractor (https://doc.castsoftware.com/display/DOCCOM/CAST+Database+Extractor) now supports: (by reference) the extraction of schemas on Oracle 18c and above in line with Oracle's updated release cycle, however the extractor will handle the schemas as Oracle 12c schemas and no new syntax or features introduced in these newer releases is supported. Case sensitive passwords (introduced in Oracle 12c R2). |
| User Input Security - rule documentation changes | For several User Input Security related rules, the Total field has been updated to state "Number of potentially vulnerable methods" instead of "Number of methods calling user input methods". This is to better reflect what is returned by the rule. In addition, Links to external references have been updated for several User Input Security related rules to provide more up-to-date references. |
| SAP / ABAP - CX_ROOT" should not be used in TRY .. CATCH.. ENDTRY block (8412) | For the rule "CX_ROOT" should not be used in TRY .. CATCH.. ENDTRY block (8412)", the parent technical criterion for this rule was incorrectly set to 61020: Programming Practices - Modularity and OO Encapsulation Conformity, but it has been changed to 61014: Programming Practices - Error and Exception Handling. |
| SAP/ABAP - source code bookmarks implemented | Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rules: 7130, 7524, 7528, 7530, 7532, 7536, 7538, 7544, 7592, 7594, 7666, 7672, 7788, 7806, 7808, 7810, 7820, 7822, 7882, 7902. |
| .NET - rule changes | The following multi-techno rules have been disabled in 8.3.16 specifically and only for .NET technology and will no longer be triggered during an analysis. These rules often generated a large amount of false positive violations: Avoid unreferenced Classes - 7832, Avoid unreferenced Data Members - 7912, Avoid unreferenced Methods - 7908. |
| Dynamic Links rule files | Dynamic Links rule files now function with SAP BusinessObjects and SAP PowerBuilder analysis results. |
| Changes to the structure of the Dashboard and Analysis Services schemas - FP_LINK_INFO table (new) | Data (links with IDs from 11000 to 11006) related to CAST Transaction Configuration Center data functions and transactions that was previously stored in these two tables will now be stored in a new table called FP_LINK_INFO. This table now contains all object details of transactions/data functions. It has exactly the same structure as DSS_LINK_INFO. |
| Changes to the structure of the Dashboard and Analysis Services schemas - Impact on Analysis Services schema | Details of transactions and data functions are now sent to a new table called DSS_FPLINKS (previously DSS_LINKS was used). |
| Changes to the structure of the Dashboard and Analysis Services schemas - transfer from Analysis to Dashboard Service schema | The links in DSS_FPLINKS in the Analysis Service schema are sent to the Dashboard Service schema via a new table called DSS_IN_FPLINKS (previously DSS_IN_LINKS was used). |
| Changes to the structure of the Dashboard and Analysis Services schemas - Upgrade and impact | This change is handled by the CAST upgrade process and does not require any manual steps. All occurences of link_type_id between 11000 and 11006 will be: 1) Moved from DSS_LINK_INFO to FP_LINK_INFO 2) Removed from both DSS_LINK_INFO and DSS_LINKS. If you have custom scripts that fetch data from any of the existing tables, please ensure that you update these scripts yourself. |
| Changes to the structure of the Dashboard and Analysis Services schemas - impact on Dashboard Services schema | The data related to details of transactions and data functions are now stored in a new table called FP_LINK_INFO (previously DSS_LINK_INFO was used). |
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 14882 | When attempting to run a mainframe analysis. Anarun crashes while attempting to process a .cbl file. |
| 14918 | While running DMT for packaging a java application. The following warning is displayed: "cast.dmt.engine.foldertree.containerScannerFailure" |
| 15791 | When attempting to analyze a .NET application. The analysis is hanging during the Comparing Object step due to the duplicate objects caused by 2 .csproj pointing to the same source code. |
| 16120 | When attempting to apply a DLM rule file on SAP BusinessObjects results - the DLM rule file does not review any links - i.e. all results are ignored. |
| 16639 | When attempting to run a Mainframe analysis. The analysis fails with the error "Unexternalized exception - Message is 'access violation'." |
| 17065 | When looking at the log files following a Mainframe analysis. Difficult to work out which copybook (when the same one has been identified more than once in the Application) has been used for the analysis. |
| 17183 | When looking at the results of a Mainframe analysis, with regard to the rule "Avoid OPEN/CLOSE inside loops - 7218". A false link between two objects is causing a false violation of the rule. |
| 17220 | When looking at the results of a Mainframe analysis. An incorrect Cobol program object called "TO" is created for the "MOVE PROGRAM-ID ... TO ..." syntax found in cobybook files. No object should be created at all. |
| 17233 | When looking at the results of a Mainframe analysis, specifically with regard to the rule "Avoid unchecked return code (SQLCODE) after EXEC SQL query - 7690". False positive violations are reported for this rule when SQLCODE is checked outside perform statement of a paragraph. |
| 17365 | When attempting to use a Dynamic Links rule file with PowerBuilder analysis results. The rules described in the Dynamic Links rule file are ignored. |
| 17366 | When looking at the results of a Mainframe analysis. Many Cobol Transaction objects are created with names containing special characters such as *, / etc. |
| 17613 | When creating a Reference Pattern in the CAST Management Studio and attempting to use the "Enable replacement" option. The "Enable replacement" option does not replace the words as expected. when attempting to replace a "\" (backslash). |
| 17783 | The snapshot generation process is hanging during the run consolidation step. |
| 17816 | When looking at the results of a Mainframe analysis, specifically with regard to the rule "Avoid unreferenced Sections and Paragraphs - 7290". The analyzer does not correctly handle the syntax FETCH / END-FETCH (it is treated as paragraph) and therefore causes a false violation of the rule. |
| 18112 | The snapshot fails during the MAV2 step with the error message: Unexternalized exception - Message is 'access violation ' Failed to run service ILocalMetrics |
| 19440 | The snapshot fails during the MAV2 step with the error message: Unexternalized exception - Message is 'access violation ' Failed to run service ILocalMetrics |
| 18221 | False positive violations are generated for the rule "Prefer using indexes instead of subscripts - 8142" even though Indexing was used instead of Subscripts. |
| 18236 | When looking at the results of the rule "Avoid "SELECT *" queries (7344)". The violations reported for this rule are duplicated by the rule "Avoid "SELECT *" or "SELECT SINGLE *" queries" (7530). |
| 18348 | Module trending for an application in AAD always returns with "unexpected error" as rest-api doesn't accept special characters(/,&) in module names. |
| 18508 | When using a Dynamic Link Rule file to automatically ignore specific link types during an analysis. The rules file does not automatically ignore "uselinks" links. |
| 18570 | CICS Maps objects are not handled correctly - objects are displayed as "Unknown" and the same object is displayed multiple times impacting link creation. |
| 18635 | When looking at the results of a Mainframe analysis specifically with regard to the rule "Never truncate data in MOVE statements - 7688". False violations are reported for this rule when the variables have subordinate items and the comparison is based on a block. |
| 18652 | A different number of violations is showing in the "Risk Model" and in "Application Component" tiles. The values in both should be the same. The issue is due to the fact that CAST_DotNet_PropertyCSharp objects are marked as synthetic, whereas their associated getters/setters are not. |
| 18660 | Using Server Manager CLI to install an extension and the installation fails for whatever reason. No non-zero error code is returned by Server Manager CLI. |
| 18670 | When a Management Database is locked by CAST MS (after having enabled the lock) by user A. User B then opens a new CAST MS session. An error message is raised incorrectly stating that user A has CAST MS open. |
| 18711 | When attempting to package Maven based JEE source code. Missing JAR files in the DMT packaging results, despite the fact that the JAR files are present in the Maven repository. |
| 18854 | When generating a snapshot. The procedure DSSEXT_BUILD_OBJ_STATUS takes a long time to complete. |
| 18873 | When analyzing a Mainframe application in CAST AIP 8.3.x after upgrade from 8.2.x with no change in source code. The analysis time has increased 7-fold. |
| 18947 | Using the DMT and attempting to delete a package from V2 (cloned from V1). The package is deleted, but an error is displayed: "The program validation has not ended correctly (2001)" |
| 18959 | When installing CAST AIP and recording the settings in a .iss file. The .iss files does not store the correct path for the CAST_DEFAULT_DELIVERY_DIR variable chosen during the installation and instead will record the path given in the CastGlobalSettings.ini file. |
| 19041 | When looking at the results of a post upgrade (8.2.x > 8.3.x) consistency analysis on unchanged source code. The checksum of some objects has changed, therefore impacting the results (some objects are marked as modified even though they have not been changed). |
| 19054 | When looking at the parent Technical Criterion for the rule ""CX_ROOT" should not be used in TRY .. CATCH.. ENDTRY block - 8412". This parent technical criterion for this rule is set to "61020: Programming Practices - Modularity and OO Encapsulation Conformity", but it should be changed to "61014: Programming Practices - Error and Exception Handling". |
| 19091 | Snapshot is taking longer than expected to complete the procedure ADG_COMPUTE_VIOLATION_STATUSES. |
| 19126 | When attempting to run a Mainframe analysis. The analyzer crashes with errors similar to: - Mainframe.14: Potential mismatch between the program and the PSB '<object_name>'. The PCB number 3 has not been found. - Job execution Internal exception occurred during processing listener <item> |
| 19132 | When attempting to analyze a C++ application. The following error is displayed in the log: BuildAll.Sources: Missing Sources |
| 19261 | When attempting to generate a snapshot. The snapshot runs and does not complete. |
| 19297 | Snapshot is taking longer than expected to complete the procedure ADG_COMPUTE_VIOLATION_STATUSES. |
| 19439 | When attempting to run a Mainframe analysis. Anarun crashes when analyzing certain Cobol files. |
| 19472 | When looking at the source code delivery log in the DMT. The DMT cannot find the parent maven artifact of a specific child maven artifact when other child maven artifacts that reference the same parent artifact using a different version number. |
| 19500 | When attempting to use the Search in Code tool in CAST Enlighten. CAST Enlighten crashes when running the tool. |
| 19537 | When looking at the source code delivery log in the DMT. The DMT cannot find the parent maven artifact of a specific child maven artifact when other child maven artifacts that reference the same parent artifact using a different version number. |