User Input Security

Support for new frameworks

The User Input Security feature now supports methods as input from a variety of different frameworks:

• org.springframework.jms for JEE
• org.apache.kafka for JEE
• support for com.ibm.mq for JEE
• com.ibm.jms for JEE
• javax.jms.JMSConsumer for JEE
• IBM.WMQ for .NET
• system.messaging for .NET

As a result of this new support, a change in the number of violations reported may be evident after upgrade to this release and the generation of a new snapshot on unchanged source code.

Avoid file path manipulation - 7752

The following targets and inputs are now supported for the rule "Avoid file path manipulation - 7752":

• java.util.zip.ZipFile.+ctor > file target
• java.util.zip.ZipFile.getName > input
• java.util.zip.ZipEntry.getName > input
• java.util.jar.JarFile.+ctor > file target
• java.util.jar.JarFile.getRealName > input
• java.util.jar.JarEntry.getRealName > input

As a consequence, new violations may be discovered on existing Application source code.

Perl: Avoid Too Many Copy Pasted Artifacts (2350160)

Previous releases of AIP Core incorrectly reported objects from other technologies as violations for this Perl-specific quality rule. These violations were incorrect, but in addition to this, more violations were potentially reported than the total number of checked artifacts. This bug has now been fixes and a change (reduction) in the number of violations reported for this specific rule may be evident after upgrade to this release and the generation of a new snapshot on unchanged source code.