Changes in results post upgrade - 8.3.36

Created by James Hurrell, last modified on Mar 28, 2022

Summary:

  • Impacts of changes made to AIP Core 8.3.36 on Quality Model results post upgrade

  • Other impacts of changes made in AIP Core 8.3.36

All changes in results related to extensions are listed in the extension documentation and will not appear in this page.

ABAP - object metrics

A technical change has been made to the ABAP Analyzer to improve its functionality. As a result of this change, the value returned during the analysis of some ABAP objects has changed (an increase or decrease of 1) for the following metrics:

  • Distinct operand
  • Distinct operator
  • Number of Commented Code Lines

These metrics are primarily used in the calculation of high level sizing metrics and quality rules, and as such the change may have an impact on existing results.

AEP measure - Complexity Factor values

Complexity Factor values for modified transactions: in previous releases of AIP Core, the Complexity Factor (CF) for a modified transaction was erroneously set to 0 when any artifact with complexity was involved in the changes. This bug resulted in an AEP value of 0 despite the fact that a transaction had been modified. This bug has now been corrected, and as per the specification (see CAST Automated Enhancement Points Estimation - AEP the minimum Complexity Factor value for a modified transaction will be set to 0.25 in AIP Core ≥ 8.3.36 - this ensures that the AEP value will be impacted when an existing transaction is modified.

This change will also be applied to existing results during an upgrade to AIP Core ≥ 8.3.36, and as result, any modified transaction with a Complexity Factor of 0 will be changed to 0.25. This change may impact other metrics and rules that rely on these values.

User Input Security

.NET - Avoid weak cryptographic algorithm (8414)

The rule "Avoid weak cryptographic algorithm" (8414) for .NET has been improved to detect violations for "create" targets on weak algorithms (such as "var md5 = MD5.Create();"). This improvement may impact existing results - additional violations may be detected.

.NET/JEE - Avoid log forging (8044) / Avoid debug forging (8542)

As a result of the implementation of a new rule "Avoid debug forging" (8542) to specifically target the use of "log.debug", an existing rule "Avoid log forging" (8044), has been modified: this rule no longer detects the use of "log.debug". This change may impact existing results.