Impacts of changes made in AIP Core 8.3.20 on Quality Model results post upgrade

JEE

Correction of calculation methods for various quality rules

Fixes have been applied to the calculation methods for various rules to correct a situation where violations were missing after upgrading from AIP 8.2.x to 8.3.x:

• Overriden equals() Methods in persistent Subclasses should only reference properties from the persistent base Class (7724)
• Persistent class method's equals() and hashCode() must access its fields through getter methods (7494)
• Avoid domain model depending on other Java API (7682)

As a result of this fix, results may be impacted - the number of reported violations may increase for these rules, improving accuracy.

Mainframe

Avoid unchecked return code (SQLCODE) after EXEC SQL query (7690)

Several fixes have been applied to the rule Avoid unchecked return code (SQLCODE) after EXEC SQL query (7690) to reduce the number of false violations reported:

• MAINFRAME-379 - Correcting a situation where the rule is falsely violated when a paragraph contains multiple paragraphs called via IF clauses and where each of the called paragraphs contains SQL statements and where the SQL statement is checked from the parent paragraph.
• MAINFRAME-361 - Correcting a situation where the rule is falsely violated when the SQL statement is contained in parentheses.
• MAINFRAME-360 - Correcting a situation where the rule is falsely violated when the SQL statement is contained inside an IF statement of a PERFORM paragraph.

As a result of these fixes, results may be impacted for the rule Avoid unchecked return code (SQLCODE) after EXEC SQL query (7690) - less false violations will be reported improving accuracy.

MAINFRAME-373 - Never truncate data in MOVE statements (7688)

Fixes have been applied to the rule Never truncate data in MOVE statements (7688) to reduce the number of false violations reported. As a result of these fixes, results may be impacted for the rule - less false violations will be reported improving accuracy.

MAINFRAME-348 - CICS Return code should be checked (8162)

Fixes have been applied to the rule CICS Return code should be checked (8162) to reduce the number of false violations reported when the check statement is called via an IF statement in a variable. As a result of these fixes, results may be impacted for the rule - less false violations will be reported improving accuracy.

.NET

Avoid file path manipulation vulnerabilities (7752)

A fix has been implemented to resolve an issue where false violations were being reported on constructors of the System.IO.MemoryStream class when running a User Input Security analysis. As a result of this fix, results may be impacted for the rule Avoid file path manipulation vulnerabilities (7752) - less false violations will be reported improving accuracy.

Avoid SQL injection vulnerabilities (7742)

Access to database methods of the .NET Framework are now handled more accurately. As a result of this fix, some false positives may be removed and new true positives may be found for the rule Avoid SQL injection vulnerabilities (7742).

PL/SQL (embedded analyzer)

Avoid unreferenced Functions (7860)

A fix has been applied to resolve an issue where the total number of violations reported for the rule Avoid unreferenced Functions (7860) exceeded the reported number of checks run during the analysis. As a result of this fix, results may be impacted - the reported total number of checks run during the analysis may increase improving accuracy.

Other impacts of changes made in AIP Core 8.3.20

Analysis result save process has been optimized

The internal mechanism that is used to save analysis results in the AIP Core schemas has been optimized and improved in this release of AIP. The goal of this optimization has primarily been to introduce more rigorous controls on the data that is saved to reduce inconsistencies and therefore to increase the overall accuracy of AIP Core. In addition, performance has been stabilized. As a result of this optimization, some small changes in analysis results are to be expected when performing a new analysis/snapshot post-upgrade on unchanged source code, for example:

• Some objects, links, properties and bookmarks that flag the location of rule violations in the source code are now more rigorously checked and therefore some items may no longer be saved, notably for Universal Importer jobs, improving accuracy
• Results of metrics calculated by the Metrics Assistant may be impacted (values may be higher or lower), improving accuracy
• 7962 - Avoid direct or indirect remote calls inside a loop: previously some violations of this rule were not saved - these are now saved, improving accuracy

Mainframe

IMS/DB - link type changes

Links between Cobol paragraphs/sections and DB/GSAM/ALT PCB when using DLI function have been updated as follows:

• OPEN/CLSE: (only for GSAM): accessOpenLink, accessCloseLink.
• DLET : UseDeleteLink
• GU/GHU, GN/GHN, GNP/GHNP, INQY: UseSelectLink
• ISRT: UseInsertLink
• REPL: UseUpdateLink
• Other dli calls: useLink

As a result of these changes, some impact to existing results is to be expected when re-analyzing existing source code.

CAST Transaction Configuration Center

Excluded Items changes an impact on AFP count

A fix has been applied to correct a situation where Excluded Items which were set as TECHNICAL (see TCC - By naming, By inheritance, By type nodes - Right hand panel):  When the Excluded Item rule is set to generate TECHNICAL exclusions, the rule will generate these items and send them through as metric_id 10205 to the Dashboard schema. The objects retrieved by this metric are then excluded from the transactions and datafunctions when computing EFP/AEP and status. The APF value was incorrectly increased by the number of the objects results of this metric, because it was contributing to the AFP metric (10202).

The fix provides the corect aggregation function for this metric and recomputes the wrong AFP count and related metrics in AEP (Eq. Ratio and AETP and AEP totals) for the existing snapshots where exclusions items existed under metric 10205. Therefore results may change as a direct result of this fix.