This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.

Summary: This document provides information about changes and new features introduced in this release.

1.5.3-funcrel

Resolved Issues

Customer Ticket IdDetails
44244Fixes missing links between .NET methods due to warnings generated by the Roslyn compiler used in the analyzer.
44932Fixes an issue seen after upgrading CAST Imaging Console from 2.10.1 to 2.10.3: the Analysis Report was erroneously displaying analyzed files as unanalyzed.
44521Fixes and removes the cause of the warning displayed in the analysis log "Issue encountered while processing visitor:LinqToSQLVisitor: System.IndexOutOfRangeException: Index was outside the bounds of the array" impacting analysis results..
44546Fixes an issue causing the .NET Analyzer to incorrectly handle "ImplicitUsings" in csproj files.

Other Updates

Details
Fixes duplicate types errors in assemblies that have the same name despite the removal of similar assemblies.

1.5.2-funcrel

Resolved Issues

Customer Ticket IdDetails
43329Fixes an issue wherein a warning message was displayed in the log. DOTNET.0142:No ressource found for nuget package Microsoft.NET.Sdk.Functions version 4.1.3 warning when the dll existed in the relevant folder.

Other Updates

Details
Fixes an issue wherein CASTIL was creating a static link. After the fix, the property physicalLink.inferenceEngineRequests is put only on deduced links (the double link is removed).
False positive for the rule (1027088): "Avoid non-public custom exception types".
Fixes an issue wherein the Exception PathTooLongException on one dependency was preventing to get the other dependencies.
Fixes an issue wherein the main C# method was an entry point when it was called (C# method should NOT be an entry point).

Rules

Rule IdNew RuleDetails
1027088FALSEFixes false positive on sealed class for the rule "Avoid non-public custom exception types".

1.5.1-funcrel

Note

This extension has been withdrawn and is no longer available. All updates and fixes are provided in 1.5.2-funcrel.

1.5.0-funcrel

New Support

SummaryDetails
Support.NET Core 7 / ASP.NET Core 7Support for NET Core 7 and ASP.NET Core 7 frameworks.
Support C# 11Support for version 11 of the C# language.

1.5.0-beta4

Resolved Issues

Customer Ticket IdDetails
41935Fixes a false violation of rule 3612: "Avoid missing release of SQL connection after an effective lifetime (C#, VB.NET)" when using declaration syntax.
42558Fixes an issue wherein the cs files included in SDK projects were considered as 'dead code' because new syntaxes to declare sdk-style were not supported. Now support is provided for all syntaxes.
41637Fixes an issue where incorrect violation count was displayed in Engineering Dashboard for the rule "Avoid comparing passwords against hard-coded strings".

Other Updates

Details
.NET is provided with a new option to disable linking .NET Client code to SQL Database Tables. By default, this option is disabled.
Corrected the wrong generic type for nested class or enum of a generic class in extraction files.
Corrected the metamodel property of quality rules to correct violation count displayed in Dashboard.

Rules

Rule IdNew RuleDetails
7198FALSEFixed false positive for the rule (7198): "Avoid String concaténation in loops (.NET)" when the concatenation was done inside the initialization during variable declaration.

New Support

SummaryDetails
Support for .NET 5+ OS-specific TFMsSupport added for.NET 5+ OS-specific TFMs. The syntax is "framework TFM" + "-" + "OS-specific".

1.5.0-beta3

Resolved Issues

Customer Ticket IdDetails
41374Fixes a false violation of the rule 7862: "Avoid catching an exception of type Exception, RuntimeException, or Throwable".
41802Fixes an issue causing the analysis to fail with the error "System.ArgumentException: An item with the same key has already been added".
Callee TypeCaller TypeDetails
Type (class)C# MethodWhen no variable is declared in a catch we now have a catchLink to the actual exception class used and Exception as callee.
Type (class)C# MethodWhen there is a filter with a IsExpression, the callee of the catchLink is the exception(s) present in the filter.

Other Updates

Details
A new option has been added to select and remove automatically similar input assemblies. Set to disabled by default.
The analysis behaviour has been updated to add a Finalise() method in all visitors and call them before saving violations: this method can be called in rules defined in User Community extensions to filter violations at the end of the project analysis.
Fixes an issue causing the analysis to stop with the error "Unknown exception System.NullReferenceException: Object reference not set to an instance of an object".
Fixes an issue causing the DotNetCmd.exe utility to exit with the error code -1073740940.
Fixes two issues related to catchLinks: 1) When no variable is declared in a catch the .NET Analyzer had a catchLink to the "Exception" as a callee and not the actual "Exception class" used; 2) when there is a filter with an "IsExpression", the callee of the catchLink wasn't the exception(s) present in the filter.
The analysis behaviour has been updated to ensure that the symbols comparison process is completed with the current project's .NET version.
The analysis behaviour has been updated to avoid an argument exception caused by a duplicate key entry in the dictionary used by the diagnostic AvoidRaisingExceptionsInUnexpectedLocation.

Rules

Rule IdNew RuleDetails
1027102TRUEAvoid using Regex constructor or static method without timeout

Performance Improvements

Summary
Improve the performance of the 'Dead source detector'

1.5.0-beta2

Resolved Issues

Customer Ticket IdDetails
40482Fixes an issue causing an analysis to fail with the error "DOTNET.0007:Unknown language Unknown. Couldn't load project."
37973Fixes an issue where the analyzer will exclude duplicate projects based on assembly name causing .CS files to be ignored (lack of support of SDK-style project files).
40912Fixes an issue where .csproj and .vbproj files were encoded in UTF-16 causing all .cs and .vb files to be ignored during the analysis. The fix ensures that project files are always streamed in UTF-8 to safely load them.

Other Updates

Details
Unused source files (e.g with the Content or None tag) such as .cs, .vb, etc. in SDK style projects are now logged as unused and made available in CAST Console.
The analyzer has been updated to prevent the analysis of unused source files (e.g with the Content or None tag) such as .cs, .vb, etc. in SDK style projects.
The analyzer has been updated to detect and remove similar input assemblies that are not present in the csproj or vbproj file. Previously these files were analyzed causing the error "The type 'xxx' exists in both 'xxx' and 'yyy'".
The anlayzer has been updated to ensure that memory consumption is logged for each project during the analysis process.
The analyzer has been updated to ensure that generated objects (such as classes) are saved with the properties "external" and "generated" (previously these objects were only saved with the property "external).
Fixes a false positive in rule 1027042 "Avoid having unmatched contracts for exported interfaces" that is triggered when a class does not implement directly the interface but inherits a class that implements it.
Fixes an issue where tags disabling implicit file inclusion in SDK style project files are ignored during an analysis causing unwanted files to be analyzed.
Fixes an issue where the analyzer was previously analyzing the same file multiple times (due to the existence of multiple project files specifying the compilation of the file multiple times).
Fixes an issue causing the analyzer to create the wrong type of link (accessReadLink) when the assignment of an object is done by a deconstruct operation. The analyzer now creates an accessWriteLink link instead.
Fixes a false negative in rule 1027100 "Avoid dangerous File Upload" that is triggered when "HttpPostedFile.SaveAs" is used.

Rules

Rule IdNew RuleDetails
1027042FALSE"Avoid having unmatched contracts for exported interfaces": removed a false positive that was triggered when a class did not implement directly the interface but inherited a class that implemented it.
1027100FALSE"Avoid dangerous File Upload": fixes a false negative that is triggered when "HttpPostedFile.SaveAs" is used.

New Support

SummaryDetails
Support of C# 10The .NET Analyzer now supports the analysis of C# 10.

1.5.0-beta1

Resolved Issues

Customer Ticket IdDetails
39034Fixes an issue causing an analysis crash with the error "Unknown exception System.InvalidOperationException: The project already contains the specified reference."
38601Fixes an issue causing an analysis crash with the error "Unknown exception System.InvalidOperationException: The project already contains the specified reference."
38362Fixes an issue causing an analysis crash with the error: "Unknown exception System.IO.DirectoryNotFoundException: Could not find a part of the path."
39086Fixes a false violation of the rule 8108 - "Avoid missing release of stream connection after an effective lifetime".
37489Fixes an issues where the analysis completed but took a very long time to run.
38509Fixes several incorrect terms in warning messages found in the .NET analysis log file.
38529Fixes an issue where the warning "DOTNET.0012:Could not load assembly" was encountered many times in one analysis. This warning is now not triggered for DLLs that are not .NET assemblies and where there is more than one DLL in a directory of a build of a package, then add all DLLs are added.

Other Updates

Details
Update made to change the behaviour of dataflow for Client/Server link resolution: the flow now does not stop on unknown external method and instead continues the flow.
Changes made to stop the exception being raised when analyzing code with local functions: now the analyzer carefully ignores local function calls in order to avoid exceptions (and so, continue the analysis of the current file).
Fixes an exception raised by the Security Analyzer during log forging analysis due to optional arguments encountered in the code.
Fixes an issue where the log contained many instances of the entry "An exception occurred while generating code for...." when tuple expressions were being analyzed.
Provides automatic blackboxing for the ExternalLinksBuilder component in order to obtain accurate C/S links. In previous releases a custom blackbox was required. Note that with previous releases of the .NET Analyzer, accurate client/server links were only found when standard persistence frameworks (such as Oracle ODP, Npgsql, MySql.Data) were used. Starting from release 1.5.0, even when a custom (in-house) persistence framework is used, accurate client/server links are now found in many cases.

Rules

Rule IdNew RuleDetails
8108FALSEFixes a false violation of the rule 8108 - "Avoid missing release of stream connection after an effective lifetime".

Transaction Improvements

TypeFramework
Client/server linksADO.NET and custom wrappers of ADO.NET