- Impacts of changes made to AIP Core 8.3.35 on Quality Model results post upgrade
Other impacts of changes made in AIP Core 8.3.35
All changes in results related to extensions are listed in the extension documentation and will not appear in this page.
Avoid unsorted data after SELECT queries - 8134
A bug in the ABAP analyzer has been found to cause false violations when the syntax "
sort" uses "
": e.g. "
sort X by Y". This bug has now been fixed. This change may impact existing results: you may find that the number of violations decreases.
SAP/ABAP discoverer update
A change has been made to the SAP discoverer. Previously, the discoverer would create only one single project (and therefore Analysis Unit) regardless of the number of SAP extractions provided in the source code delivery (it was assumed that only one extraction would be delivered). This behaviour has now been changed and multiple SAP extractions delivered in one go will result in one project (and therefore Analysis Unit) for each extraction. See also SAP ABAP Discoverer. This change may impact existing results.
Some changes have been made to the ABAP Analyzer to removed unsupported syntax warnings in the analysis log. This change may impact existing results.
User Input Security
Support for org.owasp.esapi framework
The User Input Security feature now supports the JEE framework org.owasp.esapi. All "getValidate*" methods are now automatically taken into account as sanitization methods for all quality rules. This change may impact existing results.
New rules to support the detection of XQuery Injections
Three new rules have been implemented for JEE and .NET technologies to support the detection of XQuery Injections: 1) "Avoid XQuery injection" (8530), 2) "Avoid second order XQuery injection" (8532), 3) "Avoid XQuery injection through API requests" (8534). This change may impact existing results.
Improved support for .NET UI controls for XSS violations
Improved support for .NET UI controls as targets for XSS violations has been implemented, for example "set_Text" and "set_ImageUrl" methods of control objects. This change may impact existing results.