Page tree

Summary: CAST AIP 8.3.19 introduces a number of features and changes as listed below.

Mainframe Analyzer

IMS/DC - support introduced

Support for IMS/DC (Data Communications) has been introduced. See Mainframe - IMS DC support for more information. As a result, some changes have been implemented:

IMS Transaction File

IMS Transaction
  • A new option has been added to the Delivery Manager Tool when delivering a PDS dump file, specifically to collect IMS DC related items - click to enlarge:

JCL - Support for INZUTILB and DSNTIAUL

Support for SQL embedded in INZUTILB and DSNTIAUL items has been added.

User Input Security

AIPCORE-1373 - support for Ektorp Java API for CouchDB

NoSQL injections for applications using Ektorp Java API for CouchDB can now be detected.

AIPCORE-1371 - support for LightCouch for Java

NoSQL injections for applications using LightCouch for Java can now be detected. Results are provided via the rule 8418 - Avoid NoSQL injection.

AIPCORE-1348 - improved coverage of logger methods

Methods like "logError", "logInfo", etc. used in loggers are now automatically taken into account.

AIPCORE-1301 - improved logs

Where a blackbox contains a duplicated type (according to their mangling), the log of the tool will contain more detailed information about the issue (the name of the duplicated type or the name of the duplicated blackbox, etc.).

AIPCORE-1238 - improved handling of duplicate paths

In previous releases some violations were removed if other violation paths were found in other files with a similar position of the starting path and the ending path (same row and same column for both). The algorithm for detecting these duplicate paths has now been rewritten to provide more accurate results.

AIPCORE-1226 - support for NoSQL - Azure Cosmos DB (.NET)

NoSQL injections for applications using Azure Cosmos DB for .NET can now be detected. Results are provided via the rule 8418 - Avoid NoSQL injection.

AIPCORE-1225 - support for NoSQL - Azure Cosmos DB (Java)

NoSQL injections for applications using Azure Cosmos DB for Java can now be detected. Results are provided via the rule 8418 - Avoid NoSQL injection.

AIPCORE-1142 - improved detection of targets of the method java.io.Console.format

The targets of the method java.io.Console.format - String fmt, Object... args etc. - are now correctly detected.

  • No labels