2.1.21-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 40579 | Fixes the issue wherein HTML analysis was stuck on a js file during the post resolution of the file. |
| 40303 | Fixes the missing links between JavaScript functions due to incorrect resolution of var. |
| 40348 | Fixes the missing links from JavaScript function to JavaScript function. |
Other Updates
| Details |
|---|
| Added libraries to skip. |
| Represent libraries which should have been in node_module directory and are referrenced in package.json files, and libraries refered by html files through <script src="http:..."> (see documentation). |
| Internal issue with jsp files containing "<%@ include file="./userForm.js"%>". |
| Simple declaration without "var" keyword is badly parsed. |
| Empty evaluation through a ternary if expression. |
| Evaluation does not work when 2 statements contributing to the evaluation are in the same var declaration. |
| Return statement are badly parsed (some complexities linked to these statements may change). |
| Resolution and evaluation are bad when several variables are defined with "var" in the same bloc. |
| Evaluation does not work for "return ["product", "addproduct", "opportunity", opportunity].join("/")". |
2.1.20-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 39776 | Fixes an issue where HTML analyzer stopped analysis with the following warning: AttributeError: 'NoneType' object has no attribute 'text'. |
| 39824 | Fixes an issue where JQuery analys was getting stuck while creating ajax resources for file. |
Other Updates
| Details |
|---|
| Filtering added to some files. |
| Support provided for "encodeURI" and "encodeURIComponent" for url evaluations. |
| Fixes an issue where resolution did not work in a specific case. |
| Fixes an issue where evaluation did not work in specific case. |
2.1.19-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 39220 | Fixes an issues where HTML Request Services were not created post upgrade. |
Other Updates
| Details |
|---|
| Create resource service even if url is empty (in jsp files). |
| Added a new parameter to evaluation to evaluate a parameter of a function call (technical). |
| Fixes an issue where Url evaluation does not work when a variable is set in another function of the same object value as the function calling the url. |
| Fixes an issue where evaluation was wrong when a string contains a function call between ${...}. |
| Fixes an issue where Url evaluation did not work when a function defined with only a string return was called. |
2.1.18-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 39138 | Fixes an issue where following an upgrade from 2.1.16 to 2.1.17, and no change in source code, new analysis results showed modified transactions due to deleted HTML objects. |
| 34049 | Fixes a spelling mistake in rule documentation for the rule 1020006 "Avoid calling a function in a termination loop". |
Other Updates
| Details |
|---|
| Technical update implemented to add an option for evaluating nodes in the evaluation. |
| The pattern /npm/ has been removed from filters.json file. This means that source code that matches this pattern will no longer be excluded from analysis. |
| Fixes an issue where the URL for NodeJS Post HttpRequest services were not resolved correctly. |
| Technical update implemented to fix an issue where evaluation does not work when "format" function is used. |
| Changes the behaviour to ensure that fetch() should is no longer considered as a URL call when the fetch function is a client specific function. |
| Technical update implemented to ensure that a resource service is created even if the URL is empty. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1020006 | FALSE | Rule documentation updated to fix a spelling error in the rule 1020006 "Avoid calling a function in a termination loop". |
2.1.17-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 38546 | Fixes an issue causing an analysis error due to excessive use of RAM memory by the analyzer, caused in turn by presence of the "fusioncharts" library. |
Other Updates
| Details |
|---|
| Additional filtering rules have been added to filters.json for test files and external libraries. |
| Fixes an issue causing a missing link when a function has an object value as a parameter. |
| Changes the behaviour of the analyzer to ensure that when a .JSX file is an externally called library, the object created by the analyzer is JSX content, instead of JavaScript content as previously. |
| Fixes an issue causing a missing link when a function is passed through parameters. |
2.1.16-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 38185 | Fixes an issue where HTML Analysis was going into an infinite loop (running for 3 days) with an error. After the fix the analysis ends in a reasonable time. |
| 28703 | Corrects the reference link for the rule (1020010): "Avoid using for Each()". |
Other Updates
| Details |
|---|
| Fixes an issue related to HTML interpretor refactoring (technical). |
| Fixes an issue where http services found in jsp or asp files have name and fullname containing the url part after "?" and are very long. |
| Fixes an issue where Javascript fragments were not analyzed when type is empty in <script type="">. |
| Fixes an issue where urls containing "wiki:Link" were not well handled. |
| Fixes an issue where urls containing "@string.Format" were not well handled in CSHTML files. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1020106 | TRUE | Avoid hidden form field to prevent parameter tampering (Javascript/HTML5). |
| 1020108 | TRUE | Avoid dangerous file inclusion (JSTL). |
| 1020010 | FALSE | Corrects the reference link of the rule: "Avoid using forEach()". |
2.1.15-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 36536 | Support of function calls in Kendo framework within .cshtml files when templating is used. |
| 37116 | Fixes a missing link between JavaScript functions causing false positive violations. |
| 37578 | Fixes an issue where an analysis was crashing with the message "Evaluation may be partial to avoid combinatory explosion (1)". |
| 38071 | Fixes an issue where there was amissing link between a jQuery Operation and a Struts Operation. |
Other Updates
| Details |
|---|
| The field "kind" has been added to all existing entries in the "filters.json" to help explain why the file is skipped. |
| Fixes an issue where the message "HTML5-005 Internal issue in parsing one statement" is recorded in the log for files containing React code. |
| Fixes an issue causing the error "AttributeError: 'NoneType' object has no attribute 'startswith'" to be displayed incorrectly in the log file. |
| Fixes an issue causing a traceback error "'NoneType' object has no attribute 'data_bind_list'". |
| Fixes an issue where the analysis error "Ending tag "XXX" with no corresponding opening" was caused by the analysis of a JSP tag property "<%=selected%>". |
| Fixes an issue where the evaluation of a "database" variable was failing. |
| Implements support of object destructuring for resolution. |
| Implements support of list destructuring for resolution. |
| Implements support for evaluation with member access to evaluate a list. |
| Add get_returns method to Functions and Methods |
| Evaluation refactoring (technical) |
| Call link to JavaScript class instead of constructor |
New Support
| Summary | Details |
|---|---|
| Support of Knockout.js framework | Implements support of "data-bind" attributes in html files, in order to create more links from these file types. |
2.1.14-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 36650 | Provided a fix for an analysis failing at "Run Analysis" Phase - python stack overflow. |
| 35637 | Fixes an issue where the HTML analysis is taking a long time to analyze a JS file. |
| 37064 | Fixes an issue where post upgrade to a new release, NodeJS unknown database table objects are deleted. |
Other Updates
| Details |
|---|
| The HTML5/JavaScript analyzer is now able to scan the contents of the "node_modules" folder (which contains external libraries) and for every external item in the "node_modules" which is called by analyzed source code, a corresponding object will be created by the HTML5/JavaScript analyzer. The items in the "node_modules" folder are not actually analyzed as such and are still ignored via an entry in the filters.json file. This is the first step in a project to expose (in CAST Imaging) called external libraries located in the "node_modules" folder. CAST Console and CAST Imaging will also need to be modified before this information will be available. |
| Provided a fix for for a situation where too many resource services are created with the same URL for the same line of code. |
| Provided a fix for a situation where some URLs are truncated when the last part is an integer initialized with an empty string. |
| Provided a fix for a situation where an evaluation was when a string contains variables. |
New Support
| Summary | Details |
|---|---|
| Support of .mjs files (Michael Jackson scripts) | Files with .mjs extensions are considered as javascript files. |
2.1.13-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 36490 | JQUERY - AJAX missing resource services. |
| 36514 | Mock and SAPUI5 should be automatically excluded of CAST AIP quality results. |
| 36338 | Missing links between JS functions, leads to false violations. |
Other Updates
| Details |
|---|
| Support of resolution when modules are defined through "define". |
2.1.12-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 36037 | Fixed bad evaluation for some AngularJS services. |
| 35910 | Fixed false Violations for the rule (1020092): "Avoid direct definition of JavaScript Functions in a Web page (JavaScript/HTML5)". |
Other Updates
| Details |
|---|
| Fixed an issue where "export default" is badly parsed for a function defined with "=>". |
| Fixed an internal issue where "get_ast_caller" was returning the wrong ast node. |
| Fixed an issue causing a regression in the resolution of an identifier. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1020092 | FALSE | Avoid direct definition of JavaScript Functions in a Web page (Javascript/HTML5). |
2.1.11-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 35630 | Missing link between UI and Backend layer. |
| 35535 | HTML5 analyzer creates POST/GET Operations with wrong name and no links to Struts Operations. |
| 35539 | JQuery analyzer creates POST/GET Resource Services with wrong name and no links to Struts Operations. |
| 35577 | Support of function calls in Kendo framework in CSHTML files. |
Other Updates
| Details |
|---|
| Skip libraries from analysis. |
| Add methods to know if a framework is used (technical). |
| Support of evaluation in "for" statement (including support of list evaluation). |
| PB with stack overflow with new version of Python. |
| Fixes an issue where .CSHTML files containing C# code within "@{...}" were not correctly resolved as links. |
New Support
| Summary | Details |
|---|---|
| Support of new logical assignment operators (&&=, ||=, and ??=) | They are processed as the '=' assignment, evaluation will work with them now. |
2.1.10-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 34386 | CAST HTML Analysis stuck on a js file. |
| 34589 | Missing links from Javascript Method and NodeJS MongoDB collection. |
| 34289 | Missing links from JS to DotNet Controller Action. |
| 34785 | Missing links between JavaScript methods. |
| 34976 | Missing links between JavaScript methods. |
| 34995 | Extension com.castsoftware.html5 has encountered an issue : token = next(self.tokens) StopIteration. |
| 34246 | Remediation missing in the description of the rule "Avoid return statement in finally block (Javascript)". |
2.1.9-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 31080 | False positive for rule (rule id: 1020084): "Avoid unreferenced (Functions Javascript/ HTML5)". |
| 33966 | Rule name (rule id: 1020060): "Avoid using console.log()" should be renamed according to technology as "Avoid using console.log() (Javascript)". |
| 33688 | False positives for rule (rule id: 1020092): "Avoid direct definition of JavaScript Functions in a Web page (Javascript/HTML5)" |
| 33381 | Deleted JQUERY GET resource service. |
| 33595 | False positive for the rule (rule id: 7388): "Avoid artifacts having recursive calls". |
| 33450 | Extension com.castsoftware.html5 has encountered an issue: Traceback (most recent call last):MemoryError . |
| 33255 | Transactions change due to deleted link between HTML5 ASP content. |
| 33169 | Added and Modified Transaction due to added and deleted HTML5 Get HTTPREquest objects. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1020084 | FALSE | False positives removed for the rule: "Avoid unreferenced (Functions Javascript/ HTML5)". |
| 1020092 | FALSE | False positives removed for the rule: "Avoid direct definition of JavaScript Functions in a Web page (Javascript/HTML5)". |
| 1020060 | FALSE | Rule name: "Avoid using console.log()" is renamed according to technology as "Avoid using console.log() (Javascript)". |
| 7388 | FALSE | False positives removed for the rule: "Avoid artifacts having recursive calls". |
New Support
| Summary | Details |
|---|---|
| Support for Dojo web service calls | See documentation: https://doc.castsoftware.com/display/TECHNOS/HTML5+and+JavaScript+-+2.1#HTML5andJavaScript2.1-dojo |
2.1.8-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 32225 | HTML analysis is stuck for long time while analyzing one of the JSP file. |
| 32926 | False violation for the rule: "Avoid using unsecured cookie" (Javascript) (Rule ID: 1020096). |
Other Updates
| Details |
|---|
| Support for sprintf-js for evaluating strings. |
| Evaluation problem when evaluating several struct members when one points to an unknown variable. |
| Many errors of type Traceback in log file in debug mode. |
| Several property 'Total code lines count' (id 1020073) values found on CAST_HTML5_JavaScript_SourceCode_Fragment. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1020096 | FALSE | "Avoid using unsecured cookie (Javascript)" - Removed false positives. |
2.1.7-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 30758 | Missing Razor objects from CSHTML leading to missing links to Dotnet Controller action. |
| 31243 | False positive for rule: "Avoid hardcoded passwords(Javascript)." |
| 31521 | No resource service is created for href=@Url.Action("Index", "ProcessSelection") in CSHTML file. |
| 31709 | Upload sources to Local db is failing due to multiple values in table ObjFilRef for HTML5 CSS Fragment objects. |
| 31628 | Missing links to HTML5 JS methods from JS functions. |
| 30598 | Analysis is taking too long, taking lot of time to analyze JS files. |
| 31801 | Missing links from HTML5 JavaScript function to other JavaScript Functions. |
| 30784 | False violation for the rule Avoid hard-coded network resource names (Javascript). |
| 31046 | HTML analysis crash: most files not being analyzed properly. |
| 31402 | False positive for the rule: "Avoid using a break statement in 'for' loops". |
| 30741 | CSHTML files were skipped after upgrading HTML extension. |
| 31831 | HTML Analysis got stuck at a JSP file. |
Other Updates
| Details |
|---|
| Add filtering of libraries. |
| Remove METRICABLE inheritance from HTML like objects. |
| Add a method to get the declaration of a variable (get_declarations). |
| Better name resolution for 'HTML5 Get HttpRequest service' Object when url is like "something?action=something_else". |
2.1.6-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 30063 | Missing Get HttpRequest Service after analysis. |
Other Updates
| Details |
|---|
| No HttpRequest service should be created when property binding is used in angular app |
| Broadcast *.template file for extensions above HTML5 (as NodeJS) |
| Error CAST AIP Console: [com.castsoftware.html5] HTML5-005 Internal issue in parsing one statement |
| Blocking recursion (for NodeJS) |
2.1.5-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 29756 | Missing JavaScript Methods after analysis. |
| 29267 | HTML5 service name is wrong for certain objects with href="@Url.RouteUrl |
Link Improvements
| Callee Type | Caller Type | Details |
|---|---|---|
| .NET WEB operations | CSHTML files | These links are now more complete. |
Other Updates
| Details |
|---|
| Front end objects of CSHTML in ASP.NET Core MVC project not appearing in AIP console |
Transaction Improvements
| Type | Framework |
|---|---|
| Links from CSHTML files to .NET WEB operations | razor |
2.1.4-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 29278 | The rule, 1020006: "Avoid calling a function in a termination loop" not in the correct technical criteria. |
Other Updates
| Details |
|---|
| Add filtering of libraries |
| Links from html fragments should have the fragment as caller instead of the method containing the fragment. |
| Resolution corrections on HTML5 |
| Bad evaluations for some urls |
| Problem with parsing with html files when an attribute name is bracketed (ex: [href]="myurl")' |
New Support
| Summary | Details |
|---|---|
| Add support for pug files | Add support for .pug files, these files are now transaction entry-points. |
2.1.3-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 28065 | Missing link from JavaScript method "getAuditDetails" to "getEngagementDetails". |
| 28407 | Wrong links to JS functions from ASPX files or other JS Functions in HTML5 analysis. |
| 28116 | HTML5-005: Internal issue in parsing one statement. |
| 28591 | HTML5 analysis crash warning: Extension com.castsoftware.html5 has encountered an issue. |
2.1.2-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 26922 | HTML warning: [com.castsoftware.html5] HTML5-005 Internal issue in parsing one statement |
| 26932 | REACT Warning : [com.castsoftware.reactjs] REACTJS-001 Internal issue in <source file path> |
| 27481 | Missing Angular Resource services |
| 26876 | JQUERY Post resource service object that is not created |
| 27128 | HTML5 Get HTTPRequest Object Deleted in current run |
| 27299 | HTML5-005 Internal issue in parsing one statement |
| 27423 | NodeJS Objects not discovered and missing links in an NodeJS application |
| 26221 | HTML analysis warning: HTML5-005 Internal issue in parsing one statement |
Other Updates
| Details |
|---|
| Functions that are dynamically called are not being resolved. This issue is now fixed. |
| Following files must be skipped (libraries). |
| A callLink between function and returned function when returned function has no name has been added. |
| Performance issue in HTML5 extension for executing query in remove_files_with_no_children. This is now fixed. |
| Error in parsing nodejs syntax (function*() {}). This is now fixed. |
2.1.1-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 25924 | PB:[COFACE][COFANET]Console : Onboarding : HTML5-005 Internal issue in parsing one statement |
| 26452 | PB:[AT&T][BD]Issue with transactions due to missing 10K+ HTML HTTPRequest Service objects after migration from 2.0.10 to 2.0.19 |
| 25962 | HTML analysis is taking long time and it is stuck while parsing one JS file |
| 26087 | HTML Warning: [com.castsoftware.html5] HTML5-005 Internal issue in parsing one statement |
| 26041 | PB:Missing links between XHTML files and java methods and link between xhtml file of JEE to HTML source code of html5.. |
Other Updates
| Details |
|---|
| Preparation for api publication |
| aspx improvement (links to OnInit and OnLoad) |
| JSX contents must be added in diags definitions where JS contents are included (total). |
| Remove traceback errors from logs |
Some classes are not parsed as classes (class PurposeField extends React.Component<PurposeFieldProps> {}) |
| Some reactjs files are badly parsed because jsx parts are found when it should not. |
| Support of import statement with default keyword in curly brackets |
| Fix false violations of unreferenced functions in last version of Imaging |
| Following libraries must be skipped: cypress, fastclick.js |
| Methods are not detected in some reactjs classes because some jsx ends are not well detected. |
| Better support of iteration protocol "..." |
| HTML5 has to handle vuejs mixins |
| resolution through imports enhancement |
| Support of resolution through different components (package.json) |
| Support of resolution through imports redirections (jsconfig.json) |
| Exporting a list of object does not work |
2.1.0-funcrel
Note
This release of the extension contains a large number of rule related improvements, which will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 24807 | Missing links between HTML5 POST service operation to Struts Operation |
| 24781 | HTML5 missing resource service object when src attribute with iframe tag is used |
| 24586 | HTML analysis: missing resource service object due to which link is not created to struts operation |
| 24732 | HTML analysis warning: HTML5-005 Internal issue in parsing one statement |
| 25060 | Missing link between jsp page and js function |
| 25503 | HTML analysis Warning: HTML5-005 Internal issue in parsing one statem |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1020070 | FALSE | Avoid hardcoded network resource names in Javascript (updated contribution) |
| 1020094 | FALSE | Avoid creating cookie without setting httpOnly option (Javascript) (updated contribution) |
| 1020096 | FALSE | Avoid using unsecured cookie (Javascript) (updated contribution) |
| 1020098 | FALSE | Avoid creating cookie with overly broad path (Javascript) (updated contribution) |
| 1020100 | FALSE | Avoid having cookie with an overly broad domain (Javascript) (updated contribution) |
| 1020002 | FALSE | Avoid programs with low comment/code ratio (HTML5/Javascript) (updated thresholds) |
| 1020004 | FALSE | Avoid to use querySelectorAll (updated thresholds) |
| 1020006 | FALSE | Avoid to call a function in a termination loop (updated thresholds) |
| 1020008 | FALSE | Avoid for-in loop (updated thresholds) |
| 1020010 | FALSE | Avoid using forEach() (updated thresholds) |
| 1020012 | FALSE | Avoid using a web service with WebSocket inside a loop (updated thresholds) |
| 1020014 | FALSE | Avoid using a web service with XMLHttpRequest inside a loop (updated thresholds) |
| 1020016 | FALSE | Avoid using too much dot notation in loop (updated thresholds) |
| 1020018 | FALSE | Avoid using Web SQL databases (updated thresholds) |
| 1020020 | FALSE | Avoid blocking page loading with synchronous Javascript import (updated thresholds) |
| 1020022 | FALSE | Avoid using submitted markup containing "form" and "formaction" attributes (updated thresholds) |
| 1020024 | FALSE | Avoid "id" attributes for forms as well as submit (updated thresholds) |
| 1020026 | FALSE | Avoid using autofocus and onfocus in submitted markup (updated thresholds) |
| 1020028 | FALSE | Avoid using autofocus and onblur in submitted markup (updated thresholds) |
| 1020030 | FALSE | Avoid using javascript or expression in the CSS file (updated thresholds) |
| 1020032 | FALSE | Avoid using video poster attributes in combination with javascript (updated thresholds) |
| 1020034 | FALSE | Avoid hosting HTML code in iframe srcdoc (updated thresholds) |
| 1020036 | FALSE | Avoid using onscroll event with autofocus input (updated thresholds) |
| 1020038 | FALSE | Avoid defining and calling functions inside loops (updated thresholds) |
| 1020040 | FALSE | Avoid using delete with no object properties (updated thresholds) |
| 1020042 | FALSE | Avoid having iframe inside a tag (updated thresholds) |
| 1020044 | FALSE | Avoid using setData in ondragstart with attribute draggable set to true (updated thresholds) |
| 1020046 | FALSE | Avoid using oninput in body containing input autofocus (updated thresholds) |
| 1020048 | FALSE | Avoid using source tag in video/audio with event handler (updated thresholds) |
| 1020050 | FALSE | Avoid white-listing the "dirname" attribute in user generated content (updated thresholds) |
| 1020052 | FALSE | Avoid using import with external URI (updated thresholds) |
| 1020054 | FALSE | Avoid using delete on arrays (updated thresholds) |
| 1020056 | FALSE | Avoid using Javascript Document.all collection (updated thresholds) |
| 1020060 | FALSE | Avoid using console.log() (updated thresholds) |
| 1020062 | FALSE | Avoid using non thread-safe Javascript singleton pattern (updated thresholds) |
| 1020064 | FALSE | Avoid Superclass knowing Subclass in Javascript (updated thresholds) |
| 1020066 | FALSE | Avoid using Javascript Function constructor (updated thresholds) |
| 1020068 | FALSE | Avoid return statement in finally block (updated thresholds) |
| 1020072 | FALSE | Avoid direct access to Database Tables in Javascript (updated thresholds) |
| 1020074 | FALSE | Avoid enabling autocomplete "on" for inputs/forms (updated thresholds) |
| 1020076 | FALSE | Avoid Artifacts with too many parameters (Javascript) (updated thresholds) |
| 1020078 | FALSE | Avoid using setTimeout() (updated thresholds) |
| 1020080 | FALSE | Avoid using setInterval() (updated thresholds) |
| 1020094 | FALSE | Avoid creating cookie without setting httpOnly option (Javascript) (updated thresholds) |
| 1020096 | FALSE | Avoid using unsecured cookie (Javascript) (updated thresholds) |
| 1020098 | FALSE | Avoid creating cookie with overly broad path (Javascript) (updated thresholds) |
| 1020100 | FALSE | Avoid having cookie with an overly broad domain (Javascript) (updated thresholds) |
| 1020104 | FALSE | Avoid hardcoded passwords (Javascript) (updated thresholds) |