Page tree
Skip to end of metadata
Go to start of metadata


1.1.0-funcrel

Updates

Resolved issues

WEBAPI-130

QR name (of rule 1043050) changed from "Avoid having long timeout for HttpCookie(>5mts)" to "Avoid having long timeout for HttpCookie (>5mn)".

1.1.0-beta1

Resolved issues

WEBAPI-121

Renamed the nuspec title of the extension 

WEBAPI-125Replaced the icon for CAST_DotNet_AnyOperation
WEBAPI-126Bug fixes for WEBAPI-26 and WEBAPI-99

1.1.0-alpha3

Updates

New rules

The following rules have been added in this release- see https://technologies.castsoftware.com/rules?sec=srs_dotnetweb&ref=||1.1.0-alpha3

1043044Ensure that CSRF Protection is enabled (ASP.NET MVC)
1043046Avoid creating cookie with overly broad path (C#)
1043048Avoid having cookie with an overly broad domain (C#)
1043050Session time should not more than 5 min
1043052Ensure aspnet:UseLegacyFormsAuthenticationTicketCompatibility is set to true

Resolved issues

WEBAPI-116Scope issues Alpha2
WEBAPI-118Fix Analysis crash in quality rules based on code
WEBAPI-109source not visible on view file when no book mark is present for the QR violating source

1.1.0-alpha2

Updates

New rules

The following rules have been added in this release - see also: https://technologies.castsoftware.com/rules?sec=srs_dotnetweb&ref=||1.1.0-alpha2

1043020Avoid having applications with the debug mode activated
1043022Ensure not to disable Secure attribute while creating cookie (C#)
1043024Always enable RequireSSL attribute for cookies in Config file (ASP.NET)
1043026Avoid disabling EnableViewStateMac in Config file
1043028Avoid disabling EnableViewStateMac in ASPX page
1043032Avoid having aspx pages with tracing activated
1043034Avoid having applications with the tracing activated in the web config file
1043036Avoid Impersonate Globally
1043038Avoid having applications with the tracing activated in the source code

Resolved issues

WEBAPI-102glitches in QR names in alpha1
WEBAPI-103MongoDB appear in 2 output descriptions in alpha1

1.1.0-alpha1

Initial release.

Updates

Support for ASP.NET Core Web API

This release of the extension brings support for ASP.NET Core Web API, alongside existing support for Web API 2.

Improvements

WEBAPI-62Improvements to logic detecting Controllers and derivation of route urls
  • Controllers inheriting indirectly from ApiController are now detected
  • Fixed behavior of RoutePrefix attribute
  • Improved behavior of url derivation for convention and attribute based routing

New rules

The following rules have been added in this release - see also: https://technologies.castsoftware.com/rules?sec=srs_dotnetweb&ref=||1.1.0-alpha1

1043006Always enable validation input when doing ASP.NET Http Post/Put Request
1043008Avoid disabling ValidateInput on controller
1043010Avoid creating cookie without enabling httponly option (ASP.NET)
1043012Always enable HttpOnly for cookies in Config file
1043014Avoid disabling ValidateRequest in Config file
1043016Always enable ValidateRequest in ASPX page
1043018Avoid storing passwords in the config files
  • No labels