Impacts of changes made in AIP Core 8.3.7 on Quality Model results post upgrade

Multi-techno

SCRAIP-33754 - False positive for rule "CWE-73: Avoid file path manipulation vulnerabilities - 7752"

A bug has been discovered which has meant that the rule "CWE-73: Avoid file path manipulation vulnerabilities - 7752" is returning false positive violations. This bug has been fixed and after an upgrade to AIP Core 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may be impacted: reduced number of violations increasing accuracy.

SCRAIP-33723 - False violation for the rule "CWE-79: Avoid cross-site scripting DOM vulnerabilities - 7740"

A bug has been discovered which has meant that the rule "CWE-79: Avoid cross-site scripting DOM vulnerabilities - 7740" is returning false positive violations for methods that are correctly sanitized in the code. This bug has been fixed and after an upgrade to AIP Core 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may be impacted: reduced number of violations increasing accuracy.

C/C++

SCRAIP-32901 - "Ensure you provide a user-defined copy constructor or disable copy when a class allocates memory in its constructor - 592"

A bug has been discovered which has meant that the rule "Ensure you provide a user-defined copy constructor or disable copy when a class allocates memory in its constructor - 592" returns false positives. This bug is now fixed, therefore, after an upgrade to AIP Core 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may differ: reduced number of violations and improved accuracy.

Mainframe Cobol

SCRAIP-32899 - False violation for the rule - "Never truncate data in MOVE statements - 7688"

A bug has been discovered which has meant that the rule "Never truncate data in MOVE statements - 7688" is returning false positive violations. This bug has been fixed and after an upgrade to AIP Core 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may be impacted: reduced number of violations increasing accuracy.

SCRAIP-32900 - False Positive for Quality Rule "Prefer using indexes instead of subscripts - 8142"

A bug has been discovered which has meant that the rule "Prefer using indexes instead of subscripts - 8142" is returning false positive violations. This bug has been fixed and after an upgrade to AIP Core 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may be impacted: reduced number of violations increasing accuracy.

SCRAIP-32916 - False positive for QR "Subscripts and iterators must be defined with BINARY usage - 8140"

A bug has been discovered which has meant that the rule "Subscripts and iterators must be defined with BINARY usage - 8140" is returning false positive violations. This bug has been fixed and after an upgrade to AIP Core 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may be impacted: reduced number of violations increasing accuracy.

SCRAIP-33698 - Incorrect GRADE THRESHOLD for the Rule "Avoid calling programs statically - 8146"

A bug has been discovered which has meant that the rule "Avoid calling programs statically - 8146" is displaying erroneous grade results: the grade thresholds in the rule have all been inverted, for example, to get a grade of 4 a value of 50 is required, whereas a value of 99 should be necessary. This bug has been fixed and after an upgrade to AIP Core 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may be impacted: grades will differ.

SCRAIP-32687 - Variables defined in Working-Storage section must be initialized before to be read - 8034

A bug has been discovered which has meant that the rule "Variables defined in Working-Storage section must be initialized before to be read - 8034" returns false positives. This bug is now fixed, therefore, after an upgrade to AIP Core 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may differ: reduced number of violations for this syntax and improved accuracy.

SCRAIP-32344 - "Avoid executing multiple OPEN statements - 7644"

A bug has been discovered which has meant that the rule "Avoid executing multiple OPEN statements - 7644" returns false positives. In this scenario, the code does indeed contain multiple OPEN statements, however, only one is used due to an IF clause. This bug is now fixed (i.e. this scenario will not trigger a rule violation), therefore, after an upgrade to AIP Core 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may differ: reduced number of violations for this syntax and improved accuracy.

SCRAIP-31212 - "Avoid unreferenced Sections and Paragraphs - 7290"

A bug has been discovered which has meant that the rule "Avoid unreferenced Sections and Paragraphs - 7290" returns false positives. This bug is now fixed, therefore, after an upgrade to AIP Core 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may differ: reduced number of violations for this syntax and improved accuracy.

SAP/ABAP

SAP-116 - False positives for rule "Avoid empty Functions, Forms and Modules - 7512"

A bug has been discovered which has meant that the rule "Avoid empty Functions, Forms and Modules - 7512" is returning false positive violations. This bug has been fixed and after an upgrade to AIP Core 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may be impacted: reduced number of violations increasing accuracy.

Other impacts of changes made in AIP Core 8.3.7

SAP/ABAP

SAP-121 - ABAP 'unresolved Member & Method warnings': Unresolved objects are created

A bug has been discovered which is causing the creation of "unresolved method objects" for methods declared in classes. The analysis log also contains corresponding warning entries about these unresolved objects. This bug has now been fixed and after an upgrade to AIP Core 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may be impacted: increased number of method objects and removal of warnings in the analysis log due to unresolved objects.

Mainframe Cobol

SCRAIP-33178 - Deleted objects in transaction call-path, but transaction status is unchanged

A bug has been discovered which is causing the transaction status in the CAST Transaction Configuration Center to remain as unchanged, even when JCL Jobs, JCL Data Sets, and JCL Steps are deleted from the call path. This was due to the fact that a checksum value was never calculated for these specific objects, therefore any changes to them were effectively ignored by AIP Core. This behaviour has now been changed and checksum values are now calculated for JCL Jobs, JCL Data Sets, and JCL Steps, therefore after an upgrade to AIP Core 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may be impacted:

• Vales for modified EFP may increase: objects that are now given checksum values will be recorded as "modified"
• Transactions may change

Mainframe CICS

SCRAIP-33007 and SCRAIP-33068

A change has been made to the way in which the Mainframe CICS technology is handled:

• SCRAIP-33007 - CICS Transactions and CICS DataSets are no longer considered as "files" and will therefore no longer contribute to number of file values.

• SCRAIP-33068 - CICS is no longer considered as a technology in its own right. Instead, it is now considered as part of the Mainframe Cobol.

Therefore, after an upgrade to AIP Core 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may differ for CICS related technology statistics.