Page tree
Skip to end of metadata
Go to start of metadata


2.1.12-funcrel

Resolved Issues

Customer Ticket IdDetails
36037Fixed bad evaluation for some AngularJS services.
35910Fixed false Violations for the rule (1020092): "Avoid direct definition of JavaScript Functions in a Web page (JavaScript/HTML5)".

Other Updates

Details
Fixed an issue where "export default" is badly parsed for a function defined with "=>".
Fixed an internal issue where "get_ast_caller" was returning the wrong ast node.
Fixed an issue causing a regression in the resolution of an identifier.

Rules

Rule IdNew RuleDetails
1020092FALSEAvoid direct definition of JavaScript Functions in a Web page (Javascript/HTML5).

2.1.11-funcrel

Resolved Issues

Customer Ticket IdDetails
35630Missing link between UI and Backend layer.
35535HTML5 analyzer creates POST/GET Operations with wrong name and no links to Struts Operations.
35539JQuery analyzer creates POST/GET Resource Services with wrong name and no links to Struts Operations.
35577Support of function calls in Kendo framework in CSHTML files.

Other Updates

Details
Skip libraries from analysis.
Add methods to know if a framework is used (technical).
Support of evaluation in "for" statement (including support of list evaluation).
PB with stack overflow with new version of Python.
Missing links from CSHTML files in LMS application.

New Support

SummaryDetails
Support of new logical assignment operators (&&=, ||=, and ??=)They are processed as the '=' assignment, evaluation will work with them now.

2.1.10-funcrel

Resolved Issues

Customer Ticket IdDetails
34386CAST HTML Analysis stuck on a js file.
34589Missing links from Javascript Method and NodeJS MongoDB collection.
34289Missing links from JS to DotNet Controller Action.
34785Missing links between JavaScript methods.
34976Missing links between JavaScript methods.
34995Extension com.castsoftware.html5 has encountered an issue : token = next(self.tokens) StopIteration.
34246Remediation missing in the description of the rule "Avoid return statement in finally block (Javascript)".

2.1.9-funcrel

Resolved Issues

Customer Ticket IdDetails
31080False positive for rule (rule id: 1020084): "Avoid unreferenced (Functions Javascript/ HTML5)".
33966Rule name (rule id: 1020060): "Avoid using console.log()" should be renamed according to technology as "Avoid using console.log() (Javascript)".
33688False positives for rule (rule id: 1020092): "Avoid direct definition of JavaScript Functions in a Web page (Javascript/HTML5)"
33381Deleted JQUERY GET resource service.
33595False positive for the rule (rule id: 7388): "Avoid artifacts having recursive calls".
33450Extension com.castsoftware.html5 has encountered an issue: Traceback (most recent call last):MemoryError .
33255Transactions change due to deleted link between HTML5 ASP content.
33169Added and Modified Transaction due to added and deleted HTML5 Get HTTPREquest objects.

Rules

Rule IdNew RuleDetails
1020084FALSEFalse positives removed for the rule: "Avoid unreferenced (Functions Javascript/ HTML5)".
1020092FALSEFalse positives removed for the rule: "Avoid direct definition of JavaScript Functions in a Web page (Javascript/HTML5)".
1020060FALSERule name: "Avoid using console.log()" is renamed according to technology as "Avoid using console.log() (Javascript)".
7388FALSEFalse positives removed for the rule: "Avoid artifacts having recursive calls".

New Support

SummaryDetails
Support for Dojo web service callsSee documentation: https://doc.castsoftware.com/display/TECHNOS/HTML5+and+JavaScript+-+2.1#HTML5andJavaScript2.1-dojo

2.1.8-funcrel

Resolved Issues

Customer Ticket IdDetails
32225HTML analysis is stuck for long time while analyzing one of the JSP file.
32926False violation for the rule: "Avoid using unsecured cookie" (Javascript) (Rule ID: 1020096).

Other Updates

Details
Support for sprintf-js for evaluating strings.
Evaluation problem when evaluating several struct members when one points to an unknown variable.
Many errors of type Traceback in log file in debug mode.
Several property 'Total code lines count' (id 1020073) values found on CAST_HTML5_JavaScript_SourceCode_Fragment.

Rules

Rule IdNew RuleDetails
1020096FALSE"Avoid using unsecured cookie (Javascript)" - Removed false positives.

2.1.7-funcrel

Resolved Issues

Customer Ticket IdDetails
30758Missing Razor objects from CSHTML leading to missing links to Dotnet Controller action.
31243False positive for rule: "Avoid hardcoded passwords(Javascript)."
31521No resource service is created for href=@Url.Action("Index", "ProcessSelection") in CSHTML file.
31709Upload sources to Local db is failing due to multiple values in table ObjFilRef for HTML5 CSS Fragment objects.
31628Missing links to HTML5 JS methods from JS functions.
30598Analysis is taking too long, taking lot of time to analyze JS files.
31801Missing links from HTML5 JavaScript function to other JavaScript Functions.
30784False violation for the rule Avoid hard-coded network resource names (Javascript).
31046HTML analysis crash: most files not being analyzed properly.
31402False positive for the rule: "Avoid using a break statement in 'for' loops".
30741CSHTML files were skipped after upgrading HTML extension.
31831HTML Analysis got stuck at a JSP file.

Other Updates

Details
Add filtering of libraries.
Remove METRICABLE inheritance from HTML like objects.
Add a method to get the declaration of a variable (get_declarations).
Better name resolution for 'HTML5 Get HttpRequest service' Object when url is like "something?action=something_else".

2.1.6-funcrel

Resolved Issues

Customer Ticket IdDetails
30063Missing Get HttpRequest Service after analysis.

Other Updates

Details
No HttpRequest service should be created when property binding is used in angular app
Broadcast *.template file for extensions above HTML5 (as NodeJS)
Error CAST AIP Console: [com.castsoftware.html5] HTML5-005 Internal issue in parsing one statement
Blocking recursion (for NodeJS)

2.1.5-funcrel

Resolved Issues

Customer Ticket IdDetails
29756Missing JavaScript Methods after analysis.
29267HTML5 service name is wrong for certain objects with href="@Url.RouteUrl
Callee TypeCaller TypeDetails
.NET WEB operationsCSHTML filesThese links are now more complete.

Other Updates

Details
Front end objects of CSHTML in ASP.NET Core MVC project not appearing in AIP console

Transaction Improvements

TypeFramework
Links from CSHTML files to .NET WEB operationsrazor

2.1.4-funcrel

Resolved Issues

Customer Ticket IdDetails
29278The rule, 1020006: "Avoid calling a function in a termination loop" not in the correct technical criteria.

Other Updates

Details
Add filtering of libraries
Links from html fragments should have the fragment as caller instead of the method containing the fragment.
Resolution corrections on HTML5
Bad evaluations for some urls
Problem with parsing with html files when an attribute name is bracketed (ex: [href]="myurl")'

New Support

SummaryDetails
Add support for pug filesAdd support for .pug files, these files are now transaction entry-points.

2.1.3-funcrel

Resolved Issues

Customer Ticket IdDetails
28065Missing link from JavaScript method "getAuditDetails" to "getEngagementDetails".
28407Wrong links to JS functions from ASPX files or other JS Functions in HTML5 analysis.
28116HTML5-005: Internal issue in parsing one statement.
28591HTML5 analysis crash warning: Extension com.castsoftware.html5 has encountered an issue.

2.1.2-funcrel

Resolved Issues

Customer Ticket IdDetails
26922HTML warning: [com.castsoftware.html5] HTML5-005 Internal issue in parsing one statement
26932REACT Warning : [com.castsoftware.reactjs] REACTJS-001 Internal issue in <source file path>
27481Missing Angular Resource services
26876JQUERY Post resource service object that is not created
27128HTML5 Get HTTPRequest Object Deleted in current run
27299HTML5-005 Internal issue in parsing one statement
27423NodeJS Objects not discovered and missing links in an NodeJS application
26221HTML analysis warning: HTML5-005 Internal issue in parsing one statement

Other Updates

Details
Functions that are dynamically called are not being resolved. This issue is now fixed.
Following files must be skipped (libraries).
A callLink between function and returned function when returned function has no name has been added.
Performance issue in HTML5 extension for executing query in remove_files_with_no_children. This is now fixed.
Error in parsing nodejs syntax (function*() {}). This is now fixed.

2.1.1-funcrel

Resolved Issues

Customer Ticket IdDetails
25924PB:[COFACE][COFANET]Console : Onboarding : HTML5-005 Internal issue in parsing one statement
26452PB:[AT&T][BD]Issue with transactions due to missing 10K+ HTML HTTPRequest Service objects after migration from 2.0.10 to 2.0.19
25962HTML analysis is taking long time and it is stuck while parsing one JS file
26087HTML Warning: [com.castsoftware.html5] HTML5-005 Internal issue in parsing one statement
26041PB:Missing links between XHTML files and java methods and link between xhtml file of JEE to HTML source code of html5..

Other Updates

Details
Preparation for api publication
aspx improvement (links to OnInit and OnLoad)
JSX contents must be added in diags definitions where JS contents are included (total).
Remove traceback errors from logs
Some classes are not parsed as classes (class PurposeField extends React.Component<PurposeFieldProps> {})
Some reactjs files are badly parsed because jsx parts are found when it should not.
Support of import statement with default keyword in curly brackets
Fix false violations of unreferenced functions in last version of Imaging
Following libraries must be skipped: cypress, fastclick.js
Methods are not detected in some reactjs classes because some jsx ends are not well detected.
Better support of iteration protocol "..."
HTML5 has to handle vuejs mixins
resolution through imports enhancement
Support of resolution through different components (package.json)
Support of resolution through imports redirections (jsconfig.json)
Exporting a list of object does not work

2.1.0-funcrel

Note

This release of the extension contains a large number of rule related improvements, which will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented.

Resolved Issues

Customer Ticket IdDetails
24807Missing links between HTML5 POST service operation to Struts Operation
24781HTML5 missing resource service object when src attribute with iframe tag is used
24586HTML analysis: missing resource service object due to which link is not created to struts operation
24732HTML analysis warning: HTML5-005 Internal issue in parsing one statement
25060Missing link between jsp page and js function
25503HTML analysis Warning: HTML5-005 Internal issue in parsing one statem

Rules

Rule IdNew RuleDetails
1020070FALSEAvoid hardcoded network resource names in Javascript (updated contribution)
1020094FALSEAvoid creating cookie without setting httpOnly option (Javascript) (updated contribution)
1020096FALSEAvoid using unsecured cookie (Javascript) (updated contribution)
1020098FALSEAvoid creating cookie with overly broad path (Javascript) (updated contribution)
1020100FALSEAvoid having cookie with an overly broad domain (Javascript) (updated contribution)
1020002FALSEAvoid programs with low comment/code ratio (HTML5/Javascript) (updated thresholds)
1020004FALSEAvoid to use querySelectorAll (updated thresholds)
1020006FALSEAvoid to call a function in a termination loop (updated thresholds)
1020008FALSEAvoid for-in loop (updated thresholds)
1020010FALSEAvoid using forEach() (updated thresholds)
1020012FALSEAvoid using a web service with WebSocket inside a loop (updated thresholds)
1020014FALSEAvoid using a web service with XMLHttpRequest inside a loop (updated thresholds)
1020016FALSEAvoid using too much dot notation in loop (updated thresholds)
1020018FALSEAvoid using Web SQL databases (updated thresholds)
1020020FALSEAvoid blocking page loading with synchronous Javascript import (updated thresholds)
1020022FALSEAvoid using submitted markup containing "form" and "formaction" attributes (updated thresholds)
1020024FALSEAvoid "id" attributes for forms as well as submit (updated thresholds)
1020026FALSEAvoid using autofocus and onfocus in submitted markup (updated thresholds)
1020028FALSEAvoid using autofocus and onblur in submitted markup (updated thresholds)
1020030FALSEAvoid using javascript or expression in the CSS file (updated thresholds)
1020032FALSEAvoid using video poster attributes in combination with javascript (updated thresholds)
1020034FALSEAvoid hosting HTML code in iframe srcdoc (updated thresholds)
1020036FALSEAvoid using onscroll event with autofocus input (updated thresholds)
1020038FALSEAvoid defining and calling functions inside loops (updated thresholds)
1020040FALSEAvoid using delete with no object properties (updated thresholds)
1020042FALSEAvoid having iframe inside a tag (updated thresholds)
1020044FALSEAvoid using setData in ondragstart with attribute draggable set to true (updated thresholds)
1020046FALSEAvoid using oninput in body containing input autofocus (updated thresholds)
1020048FALSEAvoid using source tag in video/audio with event handler (updated thresholds)
1020050FALSEAvoid white-listing the "dirname" attribute in user generated content (updated thresholds)
1020052FALSEAvoid using import with external URI (updated thresholds)
1020054FALSEAvoid using delete on arrays (updated thresholds)
1020056FALSEAvoid using Javascript Document.all collection (updated thresholds)
1020060FALSEAvoid using console.log() (updated thresholds)
1020062FALSEAvoid using non thread-safe Javascript singleton pattern (updated thresholds)
1020064FALSEAvoid Superclass knowing Subclass in Javascript (updated thresholds)
1020066FALSEAvoid using Javascript Function constructor (updated thresholds)
1020068FALSEAvoid return statement in finally block (updated thresholds)
1020072FALSEAvoid direct access to Database Tables in Javascript (updated thresholds)
1020074FALSEAvoid enabling autocomplete "on" for inputs/forms (updated thresholds)
1020076FALSEAvoid Artifacts with too many parameters (Javascript) (updated thresholds)
1020078FALSEAvoid using setTimeout() (updated thresholds)
1020080FALSEAvoid using setInterval() (updated thresholds)
1020094FALSEAvoid creating cookie without setting httpOnly option (Javascript) (updated thresholds)
1020096FALSEAvoid using unsecured cookie (Javascript) (updated thresholds)
1020098FALSEAvoid creating cookie with overly broad path (Javascript) (updated thresholds)
1020100FALSEAvoid having cookie with an overly broad domain (Javascript) (updated thresholds)
1020104FALSEAvoid hardcoded passwords (Javascript) (updated thresholds)