This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.
1.1.0-funcrel
Updates
Resolved issues
| WEBAPI-130 | QR name (of rule 1043050) changed from "Avoid having long timeout for HttpCookie(>5mts)" to "Avoid having long timeout for HttpCookie (>5mn)". |
|---|
1.1.0-beta1
Resolved issues
| WEBAPI-121 | Renamed the nuspec title of the extension |
|---|---|
| WEBAPI-125 | Replaced the icon for CAST_DotNet_AnyOperation |
| WEBAPI-126 | Bug fixes for WEBAPI-26 and WEBAPI-99 |
1.1.0-alpha3
Updates
New rules
The following rules have been added in this release- see https://technologies.castsoftware.com/rules?sec=srs_dotnetweb&ref=||1.1.0-alpha3
| 1043044 | Ensure that CSRF Protection is enabled (ASP.NET MVC) |
|---|---|
| 1043046 | Avoid creating cookie with overly broad path (C#) |
| 1043048 | Avoid having cookie with an overly broad domain (C#) |
| 1043050 | Session time should not more than 5 min |
| 1043052 | Ensure aspnet:UseLegacyFormsAuthenticationTicketCompatibility is set to true |
Resolved issues
| WEBAPI-116 | Scope issues Alpha2 |
|---|---|
| WEBAPI-118 | Fix Analysis crash in quality rules based on code |
| WEBAPI-109 | source not visible on view file when no book mark is present for the QR violating source |
1.1.0-alpha2
Updates
New rules
The following rules have been added in this release - see also: https://technologies.castsoftware.com/rules?sec=srs_dotnetweb&ref=||1.1.0-alpha2
| 1043020 | Avoid having applications with the debug mode activated |
|---|---|
| 1043022 | Ensure not to disable Secure attribute while creating cookie (C#) |
| 1043024 | Always enable RequireSSL attribute for cookies in Config file (ASP.NET) |
| 1043026 | Avoid disabling EnableViewStateMac in Config file |
| 1043028 | Avoid disabling EnableViewStateMac in ASPX page |
| 1043032 | Avoid having aspx pages with tracing activated |
| 1043034 | Avoid having applications with the tracing activated in the web config file |
| 1043036 | Avoid Impersonate Globally |
| 1043038 | Avoid having applications with the tracing activated in the source code |
Resolved issues
| WEBAPI-102 | glitches in QR names in alpha1 |
|---|---|
| WEBAPI-103 | MongoDB appear in 2 output descriptions in alpha1 |
1.1.0-alpha1
Initial release.
Updates
Support for ASP.NET Core Web API
This release of the extension brings support for ASP.NET Core Web API, alongside existing support for Web API 2.
Improvements
| WEBAPI-62 | Improvements to logic detecting Controllers and derivation of route urls |
|
|---|
New rules
The following rules have been added in this release - see also: https://technologies.castsoftware.com/rules?sec=srs_dotnetweb&ref=||1.1.0-alpha1
| 1043006 | Always enable validation input when doing ASP.NET Http Post/Put Request |
|---|---|
| 1043008 | Avoid disabling ValidateInput on controller |
| 1043010 | Avoid creating cookie without enabling httponly option (ASP.NET) |
| 1043012 | Always enable HttpOnly for cookies in Config file |
| 1043014 | Avoid disabling ValidateRequest in Config file |
| 1043016 | Always enable ValidateRequest in ASPX page |
| 1043018 | Avoid storing passwords in the config files |
