Page tree
Skip to end of metadata
Go to start of metadata

On this page:

Summary: This document provides information about changes and new features introduced in this release.

1.3.4-funcrel

Other Updates

Details
Generalized the string evaluation.

1.3.3-funcrel

Resolved Issues

Customer Ticket IdDetails
28876.NET Analysis crash --- com.castsoftware.dotnet.1.3.1-funcrel\DotNetCmd.exe exited with code -1073741571

Other Updates

Details
TCC config delivered by .NET extension is referring to package="Dotnet_Extension" instead of package="Base_DotNet".

Rules

Rule IdNew RuleDetails
1027008FALSEFalse violation for "Always Revert After Impersonation" on stored instances of classes implementing IDisposable.

1.3.2-funcrel

Resolved Issues

Customer Ticket IdDetails
28888Modified Transactions due to links alternating to objects with same fullname in different folders.
28054False violation (rule id: 1027012): "Avoid storing Non-Serializable Object as HttpSessionState attributes".
29262The rule (rule id: 8156): "Persistent classes should implement GetHashCode() and Equals()” should not apply for Entity Framework.

Other Updates

Details
"System.Threading.Task" should be exception to the QR (rule id: 8086), "Avoid types that own disposable fields and are not disposable" .

Rules

Rule IdNew RuleDetails
8156FALSEFixed false positive due to rule formerly applied to entities of EF
1027012FALSEFixed false positive due to wrong resolution of symbol (compiler error BC30560)
8086FALSEFixed false positive due to rule formerly applied to "System.Threading.Task"

1.3.1-funcrel

Resolved Issues

Customer Ticket IdDetails
27654DOTNET.0156: An unexpected exception occurred while loading project xxxx. Project excluded from analysis.
25822False Positive for the QR: Avoid having lock on this object.
27762False positive in the QR: "Avoid missing release of stream connection after an effective lifetime". Close the outermost stream ASAP.
26749ASPX Transactions deleted
24427Wrong Violations in the rule: "Avoid missing release of stream connection after an effective lifetime" in .NET
26766False violation for the rule: "Avoid missing release of stream connection after an effective lifetime"
28276False positives produced in the QR: "Avoid missing release of stream connection after an effective lifetime".
27617Objects not coming as part of module is causing the transactions to be "Deleted".

Other Updates

Details
False positives for the QR: "Avoid missing release of stream connection after an effective lifetime" when the syntax, "using declaration" is used.
Correct bookmark for the QR: "Avoid missing release of stream connection after an effective lifetime".

1.3.0-funcrel

Resolved Issues

Customer Ticket IdDetails
25323Compute snapshot - ERROR: function cast_logstart(unknown) does not exist
24259Improve the example and remediation sample for the rule "Controls naming convention - prefix, case and character set control"

Other Updates

Details
Objects added/deleted after re-analysing same code with 1.3.0.xxx of DotNET analyzer.
Crash in AvoidUsingCountInsteadOfAny: Fixed the Crash

Rules

Rule IdNew RuleDetails
7294FALSEAvoid cyclical calls and inheritances between namespaces content"- Mark it as non-critical
7208FALSEDeprecated: Avoid the use of is inside loops
3616FALSEDeprecated: Data Access must be based on Stored Procedure Calls

1.3.0-beta1

Note

This release of the extension contains a large number of rule related improvements, which will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. In addition, rules marked as [DEPRECATED] in the list below will not be triggered during any new analysis actioned with this release nor any future release of the extension - this may also impact the grades of your existing analysis results. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented. Lastly, this extension should not be used with AIP Core 8.3.24, 25, and 26 due to erroneous results - any previous or newer release of AIP Core should be used instead.

Rules

Rule IdNew RuleDetails
1027010FALSEAvoid weak encryption providing insufficient key size (.NET): Updated Violation Detail, Rationale, Rules marked as Critical, Changed Grade Impact
1027002FALSEAvoid exposing methods that use Platform Invocation Services to access unmanaged code : Updated Violation Detail, Reference
3612FALSEAvoid missing release of SQL connection after an effective lifetime (C#, VB.NET): Updated Rationale, Remediation, Sample, Remediation Sample
1027000FALSEAvoid Managed type declaration for Win32 API using Overlapped IO: Updated Reference, Violation Detail and Sample
1027008FALSEAlways Revert After Impersonation: Updated Violation Detail, Grade Impact
1027012FALSEAvoid storing Non-Serializable Object as HttpSessionState attributes: Updated Violation Detail, Remediation Sample
7474FALSEAvoid Repainting When Updating a ListBox: Updated violation detail, Reference, Name of Rule, Rationale, Grade Impact
7268FALSEDispose() methods should call GC.SuppressFinalize: Updated Violation Detail, Reference, Sample, Remediation Sample, Remediation
3610FALSEAvoid declaring VB Variables without typing them (.NET): Updated Sample and Reference
7258FALSEDataReader must be called using CommandBehavior.CloseConnection enumeration: Updated Description
8152FALSEAvoid having transaction with the Thread.Sleep method in a loop: Updated Reference, Remediation
7272FALSEProvide a private default Constructor for utility Classes (.NET): Updated Violation Detail
7294FALSEAvoid cyclical calls and inheritances between namespaces content: Updated Violation Detail, Sample, Reference
7466FALSEAvoid changing DataSource member before ValueMember/DisplayMember: Rule has been marked as Critical, Updated Violation Detail
8158FALSEAvoid thread creation for application running on application server: Rule has been marked as Critical, Updated Violation Detail, Title, Description, Rationale, Reference
7260FALSEUser Interface elements must not use directly the database: Added Remediation
7270FALSEDeclare as Static all methods not using instance members (.NET): Updated Remediation, Reference, Violation detail, Rationale
8402FALSEAll types of a serializable class must be serializable: Updated Remediation, Description, Rationale, Remediation sample
7212FALSEAvoid instantiations inside loops (.NET): Updated Remediation and Violation detail
8154FALSEAvoid using GC.Collect(): Rule has been marked as Critical, Updated Violation detail, Reference
8156FALSEPersistent classes should implement GetHashCode() and Equals(): Rule has been marked as Critical
7352FALSEAvoid calling properties that clone values in loops
7198FALSEAvoid String concatenation in loops (.NET): Marked Rule as Non-Critical , Updated Violation Detail, Reference, Rationale
7262FALSEAvoid Namespaces with High Efferent Coupling (CE): Updated Reference, Remediation and Violation Detail
7264FALSEAvoid namespaces with High Afferent Coupling (CA): Updated Remediation and Violation Detail
7266FALSECall 'base.Dispose()' or 'MyBase.Finalize()' in the "finally" block of 'Dispose(bool)' methods: Updated Reference, Sample, Description, Remediation and Violation Detail
8086FALSEAvoid types that own disposable fields and are not disposable: Updated Remediation and Description
3572FALSEControls naming convention - prefix, case and character set control: Updated Reference and Description
8150FALSEAvoid using Parse for primitive types and used instead TryParse : Updated Reference and Remediation Sample
3586FALSEAvoid large Methods - too many Lines of Code : Updated Rationale, Remediation and Violation Detail
3630FALSEAvoid having Classes implementing too many Interfaces: Updated Rationale and description
7458FALSEAvoid large Interfaces - too many Methods (.NET): Updated Rationale
3576FALSEAvoid declaring public Fields: Updated Reference, Description and Remediation
3580FALSEAvoid large Classes - too many Methods (.NET): Updated Rationale and Violation detail
7358FALSEAvoid call to AcceptChanges in a loop: Updated Reference
8148FALSEAvoid artifacts having Incorrect Type Conversion or Cast: Updated Reference
3566FALSEMethods naming convention - case and character set control: Updated Reference
7470FALSE[DEPRECATED] Avoid doing select on Datatable in loop
3574FALSEProperties naming convention - case and character set control: Updated Reference
3568FALSEEvents naming convention - case and character set control: Updated Reference
3564FALSEPublic Fields naming convention - case and character set control: Updated Reference
3562FALSEPrivate Fields naming convention - case and character set control: Updated Reference
3560FALSEEnumeration Items naming convention - case and character set control: Updated Reference
3558FALSEEnumerations naming convention - case and character set control: Updated Reference
3554FALSEInterface naming convention - case and character set control: Updated Reference
3550FALSENamespace naming convention - case control: Updated Reference
3578FALSEAvoid large Classes - too many Constructors (.NET): Updated Rationale
8094FALSEAvoid locking of Objects with weak identities: Added Remediation Sample
7194FALSE[DEPRECATED] Avoid large number of String concatenation (.NET)
3616FALSE[DEPRECATED] Data Access must be based on Stored Procedure Calls
7208FALSE[DEPRECATED] Avoid the use of is inside loops
8090FALSEAvoid using NaN to test the result of an expression: Rule has been marked as Critical