This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.


2.1.29-funcrel

Resolved Issues

Customer Ticket IdDetails
43212Fixes an issue where the HTML5 extension crashes during an analysis with the following message: "IndexError: tuple index out of range".
42544Fixes an issue causing missing call links between JSP eFile objects and JSP Content objects.

Other Updates

Details
A change has been implemented to ensure that the "metric.codeLines" property setting is computed by the analyzer and not during the post analysis stage.
The following libraries/paths were added to the filters.json file and will be ignored by default: /text-angular/, /ui-calendar/, /ui-grid/, /components-font-awesome*/, /font-awesome*/, /uikit/, /nib/.
A change has been implemented to create include links when .css files are imported from .js files.
A change has been implemented to create include links when .css files are imported from .css files.
Fixes an issue causing the analysis to fail when code is inside "define(function (require) {...})".
A change has been implemented to ensure that .mts and .cts files are no longer analyzed by the HTML5 extension.
Fixes an issue causing the analysis to fail when code is inside "define(function (require) {...})".

New Support

SummaryDetails
Support of *.hbs and *.handlebars source file extensions (for Handlebars.js templates - https://handlebarsjs.com/)See https://doc.castsoftware.com/display/TECHNOS/HTML5+and+JavaScript+-+2.1#HTML5andJavaScript2.1-handlebarsSpecificcaseofhandlebarsfile.
Support other CSS file extensions: '.less','.sass', '*.styl', '*.stylus', '*.cssm', '*.pcss', '*.postcss'See https://doc.castsoftware.com/display/TECHNOS/HTML5+and+JavaScript+-+2.1#HTML5andJavaScript2.1-Filesanalyzed

2.1.28-funcrel

Resolved Issues

Customer Ticket IdDetails
42628Fixes an issue wherein the analysis stuck on HTML5 analyser.

Other Updates

Details
Added libraries to skip.
Fixes an issue wherein some links were not found with prototype framework.
Function call with "this." prefix is resolved to a function present at the root level of a JS File.
Fixes a resolution problem where an identifier was resolved to a variable instead of class.
In some cases, a link to a class should be created from an identifier.
An identifier corresponding to a class passed as parameter of a function call should always be resolved to the class.
Fixes the traceback error: "IndexError: list index out of range".
Fixes the resolution problem in some cases.
Fixes the resolution problem in some cases (depending on the order of parsing).
Fixes the "get_returns" method which does not return statements with arrow functions.
Fixes an issue wherein evaluate_ast on an integer did not return a function when the integer pointed to a function.
Traceback error: AttributeError: 'NoneType' object has no attribute 'get_kb_object' (in debug mode).
Traceback error: TypeError: 'in <string>' requires string as left operand, not NoneType.

New Support

SummaryDetails
Support of *.mts and *.cts source files - contain ECMAScript Modules.See documentation: https://doc.castsoftware.com/display/TECHNOS/HTML5+and+JavaScript+-+2.1#HTML5andJavaScript2.1-Filesanalyzed.
Support of *.ngt files for angularSee documentation. See https://doc.castsoftware.com/display/TECHNOS/HTML5+and+JavaScript+-+2.1#HTML5andJavaScript2.1-Filesanalyzed.
Support of *.vt and *.vtl source file extensions (secondary file extension for Apache Velocity templates)See documentation. See https://doc.castsoftware.com/display/TECHNOS/HTML5+and+JavaScript+-+2.1#HTML5andJavaScript2.1-Filesanalyzed.

2.1.27-funcrel

Resolved Issues

Customer Ticket IdDetails
42477Fixes an issue causing the "Install extension" step to fail with the error: "SQL Error: ERROR: value too long for type character varying (255)".
42159Fixes a false positive violation of the rule 1020052: "Avoid using import with external URI".

Other Updates

Details
Technical code refactoring work done for object resolution.
The library exclusion mechanism (filters.json) has been updated to exclude additional third party libraries: datetimepicker.js, miframe.js, ext-ux-miframe.js, http://paramquery.com, http://www.rainforestnet.com, class Ext.ux.ManagedIFrame.
Improved support of names with enlarged utf8 characters.
The library exclusion mechanism (filters.json) has been updated to exclude additional third party libraries: https://github.com/microsoft/monaco-editor or tsWorker.js.
Fixes an issue where functions defined with parentheses are resolved with the wrong name (NONAME).

Rules

Rule IdNew RuleDetails
1020052FALSEFixes a false positive violation of the rule 1020052: "Avoid using import with external URI".

New Support

SummaryDetails
Support for '*.cjs' source filesAdded support for '*.cjs' source files - containing JavaScript Common.js modules.
Support for '*.jspf', '*.tag', '*.tags', '*.tagf', '*.tagx' source filesAdded support for '*.jspf', '*.tag', '*.tags', '*.tagf', '*.tagx' source files - containing JSP code.

2.1.26-funcrel

Note

This release has been withdrawn.

2.1.25-funcrel

Resolved Issues

Customer Ticket IdDetails
41897Fixes an issue where links were missing from JSP to JavaScript Functions when function calls were defined in java code inside the JSP files.

Other Updates

Details
The library exclusion mechanism (filters.json) has been updated to exclude additional third party libraries.
Fixes an issue where analyzing the third party library Viz.js (Graphviz in your browser) was taking a long time to complete and consumed an excessive amount of memory. This library has now been excluded via the filters.json.
An update has been added to ensure that during an analysis, paths are normalized before being searched.
Fixes issues related to the parsing of functions defined inside a function (note that some properties such as checksum, complexity and codeLinesCount may change in rare cases).

New Support

SummaryDetails
Support for interpolations and # from HTML5 analyzerSupport provided for interpolations and # from HTML5 analyzer (in .ftl and .ftlh files).
Support for *.vm source file extensionSupport provided for *.vm source file extension (Apache Velocity).

2.1.24-funcrel

Resolved Issues

Customer Ticket IdDetails
41510Fixes an issue causing the analysis to fail with the error "Error code 255".
41526Fixes an issue where the analysis hung during the parsing of a ".cache.js" file. This type of file is now automatically skipped.
41649Fixes an issue causing the analysis to fail while parsing file "index_new.js" (caused by a concatenation of strings in "generateCollapse").

Other Updates

Details
Added the following file types to the filters.json file so that they are skipped during the analysis: *.cache.js, *.nocache.js, *.cache.html and *.nocache.html where the file name is composed of hexadecimal characters only.
Fixes an issue with broadcasted external libraries (internal technical issue).
Fixes an issue where arrow functions defined through return statements were not handled correctly.
Fixes an issue where a duplicate guid was being created for an external library.

New Support

SummaryDetails
Support of *.ftl file extensions (Apache Freemarker)These files are now managed as .html extensions.

2.1.23-funcrel

Resolved Issues

Customer Ticket IdDetails
41220Fixes an issue where the Imaging export failed due to duplicate checksum for some javascript functions.

Other Updates

Details
Support of "import" statement with ".vue" files.
Support of "import" statement with ".json" files for evaluation.
External libraries must be broadcasted for typescript extensions.
Added libraries to skip.
Fixes an issue where the Checksum was saved twice for some javascript functions.
Fixes an issue where the resolution failed if "export default ident;" was present with ident pointing to an object value.
Fixes an issue where the External libraries were not created for "import" statements containing no "from" clause.
Fixes an issue where the analysis got stuck for more than 12hrs while analysing/parsing ond of the *.js file "\tsWorker.js.

New Support

SummaryDetails
Support for *.jsm source filesSupport provided for *.jsm source files. Source code contained in *.jsm files will be analyzed by HTML5/Javascript extension.

2.1.22-funcrel

Resolved Issues

Customer Ticket IdDetails
40732Fixes an issue where the analyzer was not creating a HTTP service object from a form action.

Other Updates

Details
Improvements added for support fo the "evaluate_ast" statement (technical).
The extension's object metamodel description has been updated to ensure objects generated by the extension are named in a uniform way. See https://doc.castsoftware.com/display/TECHNOS/HTML5+and+JavaScript+-+2.1#HTML5andJavaScript2.1-objectsObjects.
An updated has been implemented to ensure that DWR files (which are classed as external or generated) are skipped during the analysis.
An update has been implemented to ensure that the file Scripts\Pako\pako.esm.mjs is skipped during the analysis - Pako is a third party open source component.
Fixes an issue causing a missing link related to prototype functions.
Fixes an issue causing resolution and evaluation to fail when "module.exports" is not at file level.
Fixes an issue where "export default new Vuex.Store()" ast is incorrect and therefore causes issues with link resolution.
Fixes an issue where functions with names defined between square brackets are not correctly evaluated.

New Support

SummaryDetails
New support for "spread operator"Support introduced for "spread operator" as a unary expression (technical).
New support for (<html-el:rewrite page=...)Support introduced for a new pattern on a header JavaScript JavaScript: (<html-el:rewrite page=...) (technical).

2.1.21-funcrel

Resolved Issues

Customer Ticket IdDetails
40579Fixes the issue wherein HTML analysis was stuck on a js file during the post resolution of the file.
40303Fixes the missing links between JavaScript functions due to incorrect resolution of var.
40348Fixes the missing links from JavaScript function to JavaScript function.

Other Updates

Details
Added libraries to skip.
Represent libraries which should have been in node_module directory and are referrenced in package.json files, and libraries refered by html files through <script src="http:..."> (see documentation).
Internal issue with jsp files containing "<%@ include file="./userForm.js"%>".
Simple declaration without "var" keyword is badly parsed.
Empty evaluation through a ternary if expression.
Evaluation does not work when 2 statements contributing to the evaluation are in the same var declaration.
Return statement are badly parsed (some complexities linked to these statements may change).
Resolution and evaluation are bad when several variables are defined with "var" in the same bloc.
Evaluation does not work for "return ["product", "addproduct", "opportunity", opportunity].join("/")".

2.1.20-funcrel

Resolved Issues

Customer Ticket IdDetails
39776Fixes an issue where HTML analyzer stopped analysis with the following warning: AttributeError: 'NoneType' object has no attribute 'text'.
39824Fixes an issue where JQuery analys was getting stuck while creating ajax resources for file.

Other Updates

Details
Filtering added to some files.
Support provided for "encodeURI" and "encodeURIComponent" for url evaluations.
Fixes an issue where resolution did not work in a specific case.
Fixes an issue where evaluation did not work in specific case.

2.1.19-funcrel

Resolved Issues

Customer Ticket IdDetails
39220Fixes an issues where HTML Request Services were not created post upgrade.

Other Updates

Details
Create resource service even if url is empty (in jsp files).
Added a new parameter to evaluation to evaluate a parameter of a function call (technical).
Fixes an issue where Url evaluation does not work when a variable is set in another function of the same object value as the function calling the url.
Fixes an issue where evaluation was wrong when a string contains a function call between ${...}.
Fixes an issue where Url evaluation did not work when a function defined with only a string return was called.

2.1.18-funcrel

Resolved Issues

Customer Ticket IdDetails
39138Fixes an issue where following an upgrade from 2.1.16 to 2.1.17, and no change in source code, new analysis results showed modified transactions due to deleted HTML objects.
34049Fixes a spelling mistake in rule documentation for the rule 1020006 "Avoid calling a function in a termination loop".

Other Updates

Details
Technical update implemented to add an option for evaluating nodes in the evaluation.
The pattern /npm/ has been removed from filters.json file. This means that source code that matches this pattern will no longer be excluded from analysis.
Fixes an issue where the URL for NodeJS Post HttpRequest services were not resolved correctly.
Technical update implemented to fix an issue where evaluation does not work when "format" function is used.
Changes the behaviour to ensure that fetch() should is no longer considered as a URL call when the fetch function is a client specific function.
Technical update implemented to ensure that a resource service is created even if the URL is empty.

Rules

Rule IdNew RuleDetails
1020006FALSERule documentation updated to fix a spelling error in the rule 1020006 "Avoid calling a function in a termination loop".

2.1.17-funcrel

Resolved Issues

Customer Ticket IdDetails
38546Fixes an issue causing an analysis error due to excessive use of RAM memory by the analyzer, caused in turn by presence of the "fusioncharts" library.

Other Updates

Details
Additional filtering rules have been added to filters.json for test files and external libraries.
Fixes an issue causing a missing link when a function has an object value as a parameter.
Changes the behaviour of the analyzer to ensure that when a .JSX file is an externally called library, the object created by the analyzer is JSX content, instead of JavaScript content as previously.
Fixes an issue causing a missing link when a function is passed through parameters.

2.1.16-funcrel

Resolved Issues

Customer Ticket IdDetails
38185Fixes an issue where HTML Analysis was going into an infinite loop (running for 3 days) with an error. After the fix the analysis ends in a reasonable time.
28703Corrects the reference link for the rule (1020010): "Avoid using for Each()".

Other Updates

Details
Fixes an issue related to HTML interpretor refactoring (technical).
Fixes an issue where http services found in jsp or asp files have name and fullname containing the url part after "?" and are very long.
Fixes an issue where Javascript fragments were not analyzed when type is empty in <script type="">.
Fixes an issue where urls containing "wiki:Link" were not well handled.
Fixes an issue where urls containing "@string.Format" were not well handled in CSHTML files.

Rules

Rule IdNew RuleDetails
1020106TRUEAvoid hidden form field to prevent parameter tampering (Javascript/HTML5).
1020108TRUEAvoid dangerous file inclusion (JSTL).
1020010FALSECorrects the reference link of the rule: "Avoid using forEach()".

2.1.15-funcrel

Resolved Issues

Customer Ticket IdDetails
36536Support of function calls in Kendo framework within .cshtml files when templating is used.
37116Fixes a missing link between JavaScript functions causing false positive violations.
37578Fixes an issue where an analysis was crashing with the message "Evaluation may be partial to avoid combinatory explosion (1)".
38071Fixes an issue where there was amissing link between a jQuery Operation and a Struts Operation.

Other Updates

Details
The field "kind" has been added to all existing entries in the "filters.json" to help explain why the file is skipped.
Fixes an issue where the message "HTML5-005 Internal issue in parsing one statement" is recorded in the log for files containing React code.
Fixes an issue causing the error "AttributeError: 'NoneType' object has no attribute 'startswith'" to be displayed incorrectly in the log file.
Fixes an issue causing a traceback error "'NoneType' object has no attribute 'data_bind_list'".
Fixes an issue where the analysis error "Ending tag "XXX" with no corresponding opening" was caused by the analysis of a JSP tag property "<%=selected%>".
Fixes an issue where the evaluation of a "database" variable was failing.
Implements support of object destructuring for resolution.
Implements support of list destructuring for resolution.
Implements support for evaluation with member access to evaluate a list.
Add get_returns method to Functions and Methods
Evaluation refactoring (technical)
Call link to JavaScript class instead of constructor

New Support

SummaryDetails
Support of Knockout.js frameworkImplements support of "data-bind" attributes in html files, in order to create more links from these file types.

2.1.14-funcrel

Resolved Issues

Customer Ticket IdDetails
36650Provided a fix for an analysis failing at "Run Analysis" Phase - python stack overflow.
35637Fixes an issue where the HTML analysis is taking a long time to analyze a JS file.
37064Fixes an issue where post upgrade to a new release, NodeJS unknown database table objects are deleted.

Other Updates

Details
The HTML5/JavaScript analyzer is now able to scan the contents of the "node_modules" folder (which contains external libraries) and for every external item in the "node_modules" which is called by analyzed source code, a corresponding object will be created by the HTML5/JavaScript analyzer. The items in the "node_modules" folder are not actually analyzed as such and are still ignored via an entry in the filters.json file. This is the first step in a project to expose (in CAST Imaging) called external libraries located in the "node_modules" folder. CAST Console and CAST Imaging will also need to be modified before this information will be available.
Provided a fix for for a situation where too many resource services are created with the same URL for the same line of code.
Provided a fix for a situation where some URLs are truncated when the last part is an integer initialized with an empty string.
Provided a fix for a situation where an evaluation was when a string contains variables.

New Support

SummaryDetails
Support of .mjs files (Michael Jackson scripts)Files with .mjs extensions are considered as javascript files.

2.1.13-funcrel

Resolved Issues

Customer Ticket IdDetails
36490JQUERY - AJAX missing resource services.
36514Mock and SAPUI5 should be automatically excluded of CAST AIP quality results.
36338Missing links between JS functions, leads to false violations.

Other Updates

Details
Support of resolution when modules are defined through "define".

2.1.12-funcrel

Resolved Issues

Customer Ticket IdDetails
36037Fixed bad evaluation for some AngularJS services.
35910Fixed false Violations for the rule (1020092): "Avoid direct definition of JavaScript Functions in a Web page (JavaScript/HTML5)".

Other Updates

Details
Fixed an issue where "export default" is badly parsed for a function defined with "=>".
Fixed an internal issue where "get_ast_caller" was returning the wrong ast node.
Fixed an issue causing a regression in the resolution of an identifier.

Rules

Rule IdNew RuleDetails
1020092FALSEAvoid direct definition of JavaScript Functions in a Web page (Javascript/HTML5).

2.1.11-funcrel

Resolved Issues

Customer Ticket IdDetails
35630Missing link between UI and Backend layer.
35535HTML5 analyzer creates POST/GET Operations with wrong name and no links to Struts Operations.
35539JQuery analyzer creates POST/GET Resource Services with wrong name and no links to Struts Operations.
35577Support of function calls in Kendo framework in CSHTML files.

Other Updates

Details
Skip libraries from analysis.
Add methods to know if a framework is used (technical).
Support of evaluation in "for" statement (including support of list evaluation).
PB with stack overflow with new version of Python.
Fixes an issue where .CSHTML files containing C# code within "@{...}" were not correctly resolved as links.

New Support

SummaryDetails
Support of new logical assignment operators (&&=, ||=, and ??=)They are processed as the '=' assignment, evaluation will work with them now.

2.1.10-funcrel

Resolved Issues

Customer Ticket IdDetails
34386CAST HTML Analysis stuck on a js file.
34589Missing links from Javascript Method and NodeJS MongoDB collection.
34289Missing links from JS to DotNet Controller Action.
34785Missing links between JavaScript methods.
34976Missing links between JavaScript methods.
34995Extension com.castsoftware.html5 has encountered an issue : token = next(self.tokens) StopIteration.
34246Remediation missing in the description of the rule "Avoid return statement in finally block (Javascript)".

2.1.9-funcrel

Resolved Issues

Customer Ticket IdDetails
31080False positive for rule (rule id: 1020084): "Avoid unreferenced (Functions Javascript/ HTML5)".
33966Rule name (rule id: 1020060): "Avoid using console.log()" should be renamed according to technology as "Avoid using console.log() (Javascript)".
33688False positives for rule (rule id: 1020092): "Avoid direct definition of JavaScript Functions in a Web page (Javascript/HTML5)"
33381Deleted JQUERY GET resource service.
33595False positive for the rule (rule id: 7388): "Avoid artifacts having recursive calls".
33450Extension com.castsoftware.html5 has encountered an issue: Traceback (most recent call last):MemoryError .
33255Transactions change due to deleted link between HTML5 ASP content.
33169Added and Modified Transaction due to added and deleted HTML5 Get HTTPREquest objects.

Rules

Rule IdNew RuleDetails
1020084FALSEFalse positives removed for the rule: "Avoid unreferenced (Functions Javascript/ HTML5)".
1020092FALSEFalse positives removed for the rule: "Avoid direct definition of JavaScript Functions in a Web page (Javascript/HTML5)".
1020060FALSERule name: "Avoid using console.log()" is renamed according to technology as "Avoid using console.log() (Javascript)".
7388FALSEFalse positives removed for the rule: "Avoid artifacts having recursive calls".

New Support

SummaryDetails
Support for Dojo web service callsSee documentation: https://doc.castsoftware.com/display/TECHNOS/HTML5+and+JavaScript+-+2.1#HTML5andJavaScript2.1-dojo

2.1.8-funcrel

Resolved Issues

Customer Ticket IdDetails
32225HTML analysis is stuck for long time while analyzing one of the JSP file.
32926False violation for the rule: "Avoid using unsecured cookie" (Javascript) (Rule ID: 1020096).

Other Updates

Details
Support for sprintf-js for evaluating strings.
Evaluation problem when evaluating several struct members when one points to an unknown variable.
Many errors of type Traceback in log file in debug mode.
Several property 'Total code lines count' (id 1020073) values found on CAST_HTML5_JavaScript_SourceCode_Fragment.

Rules

Rule IdNew RuleDetails
1020096FALSE"Avoid using unsecured cookie (Javascript)" - Removed false positives.

2.1.7-funcrel

Resolved Issues

Customer Ticket IdDetails
30758Missing Razor objects from CSHTML leading to missing links to Dotnet Controller action.
31243False positive for rule: "Avoid hardcoded passwords(Javascript)."
31521No resource service is created for href=@Url.Action("Index", "ProcessSelection") in CSHTML file.
31709Upload sources to Local db is failing due to multiple values in table ObjFilRef for HTML5 CSS Fragment objects.
31628Missing links to HTML5 JS methods from JS functions.
30598Analysis is taking too long, taking lot of time to analyze JS files.
31801Missing links from HTML5 JavaScript function to other JavaScript Functions.
30784False violation for the rule Avoid hard-coded network resource names (Javascript).
31046HTML analysis crash: most files not being analyzed properly.
31402False positive for the rule: "Avoid using a break statement in 'for' loops".
30741CSHTML files were skipped after upgrading HTML extension.
31831HTML Analysis got stuck at a JSP file.

Other Updates

Details
Add filtering of libraries.
Remove METRICABLE inheritance from HTML like objects.
Add a method to get the declaration of a variable (get_declarations).
Better name resolution for 'HTML5 Get HttpRequest service' Object when url is like "something?action=something_else".

2.1.6-funcrel

Resolved Issues

Customer Ticket IdDetails
30063Missing Get HttpRequest Service after analysis.

Other Updates

Details
No HttpRequest service should be created when property binding is used in angular app
Broadcast *.template file for extensions above HTML5 (as NodeJS)
Error CAST AIP Console: [com.castsoftware.html5] HTML5-005 Internal issue in parsing one statement
Blocking recursion (for NodeJS)

2.1.5-funcrel

Resolved Issues

Customer Ticket IdDetails
29756Missing JavaScript Methods after analysis.
29267HTML5 service name is wrong for certain objects with href="@Url.RouteUrl
Callee TypeCaller TypeDetails
.NET WEB operationsCSHTML filesThese links are now more complete.

Other Updates

Details
Front end objects of CSHTML in ASP.NET Core MVC project not appearing in AIP console

Transaction Improvements

TypeFramework
Links from CSHTML files to .NET WEB operationsrazor

2.1.4-funcrel

Resolved Issues

Customer Ticket IdDetails
29278The rule, 1020006: "Avoid calling a function in a termination loop" not in the correct technical criteria.

Other Updates

Details
Add filtering of libraries
Links from html fragments should have the fragment as caller instead of the method containing the fragment.
Resolution corrections on HTML5
Bad evaluations for some urls
Problem with parsing with html files when an attribute name is bracketed (ex: [href]="myurl")'

New Support

SummaryDetails
Add support for pug filesAdd support for .pug files, these files are now transaction entry-points.

2.1.3-funcrel

Resolved Issues

Customer Ticket IdDetails
28065Missing link from JavaScript method "getAuditDetails" to "getEngagementDetails".
28407Wrong links to JS functions from ASPX files or other JS Functions in HTML5 analysis.
28116HTML5-005: Internal issue in parsing one statement.
28591HTML5 analysis crash warning: Extension com.castsoftware.html5 has encountered an issue.

2.1.2-funcrel

Resolved Issues

Customer Ticket IdDetails
26922HTML warning: [com.castsoftware.html5] HTML5-005 Internal issue in parsing one statement
26932REACT Warning : [com.castsoftware.reactjs] REACTJS-001 Internal issue in <source file path>
27481Missing Angular Resource services
26876JQUERY Post resource service object that is not created
27128HTML5 Get HTTPRequest Object Deleted in current run
27299HTML5-005 Internal issue in parsing one statement
27423NodeJS Objects not discovered and missing links in an NodeJS application
26221HTML analysis warning: HTML5-005 Internal issue in parsing one statement

Other Updates

Details
Functions that are dynamically called are not being resolved. This issue is now fixed.
Following files must be skipped (libraries).
A callLink between function and returned function when returned function has no name has been added.
Performance issue in HTML5 extension for executing query in remove_files_with_no_children. This is now fixed.
Error in parsing nodejs syntax (function*() {}). This is now fixed.

2.1.1-funcrel

Resolved Issues

Customer Ticket IdDetails
25924PB:[COFACE][COFANET]Console : Onboarding : HTML5-005 Internal issue in parsing one statement
26452PB:[AT&T][BD]Issue with transactions due to missing 10K+ HTML HTTPRequest Service objects after migration from 2.0.10 to 2.0.19
25962HTML analysis is taking long time and it is stuck while parsing one JS file
26087HTML Warning: [com.castsoftware.html5] HTML5-005 Internal issue in parsing one statement
26041PB:Missing links between XHTML files and java methods and link between xhtml file of JEE to HTML source code of html5..

Other Updates

Details
Preparation for api publication
aspx improvement (links to OnInit and OnLoad)
JSX contents must be added in diags definitions where JS contents are included (total).
Remove traceback errors from logs
Some classes are not parsed as classes (class PurposeField extends React.Component<PurposeFieldProps> {})
Some reactjs files are badly parsed because jsx parts are found when it should not.
Support of import statement with default keyword in curly brackets
Fix false violations of unreferenced functions in last version of Imaging
Following libraries must be skipped: cypress, fastclick.js
Methods are not detected in some reactjs classes because some jsx ends are not well detected.
Better support of iteration protocol "..."
HTML5 has to handle vuejs mixins
resolution through imports enhancement
Support of resolution through different components (package.json)
Support of resolution through imports redirections (jsconfig.json)
Exporting a list of object does not work

2.1.0-funcrel

Note

This release of the extension contains a large number of rule related improvements, which will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented.

Resolved Issues

Customer Ticket IdDetails
24807Missing links between HTML5 POST service operation to Struts Operation
24781HTML5 missing resource service object when src attribute with iframe tag is used
24586HTML analysis: missing resource service object due to which link is not created to struts operation
24732HTML analysis warning: HTML5-005 Internal issue in parsing one statement
25060Missing link between jsp page and js function
25503HTML analysis Warning: HTML5-005 Internal issue in parsing one statem

Rules

Rule IdNew RuleDetails
1020070FALSEAvoid hardcoded network resource names in Javascript (updated contribution)
1020094FALSEAvoid creating cookie without setting httpOnly option (Javascript) (updated contribution)
1020096FALSEAvoid using unsecured cookie (Javascript) (updated contribution)
1020098FALSEAvoid creating cookie with overly broad path (Javascript) (updated contribution)
1020100FALSEAvoid having cookie with an overly broad domain (Javascript) (updated contribution)
1020002FALSEAvoid programs with low comment/code ratio (HTML5/Javascript) (updated thresholds)
1020004FALSEAvoid to use querySelectorAll (updated thresholds)
1020006FALSEAvoid to call a function in a termination loop (updated thresholds)
1020008FALSEAvoid for-in loop (updated thresholds)
1020010FALSEAvoid using forEach() (updated thresholds)
1020012FALSEAvoid using a web service with WebSocket inside a loop (updated thresholds)
1020014FALSEAvoid using a web service with XMLHttpRequest inside a loop (updated thresholds)
1020016FALSEAvoid using too much dot notation in loop (updated thresholds)
1020018FALSEAvoid using Web SQL databases (updated thresholds)
1020020FALSEAvoid blocking page loading with synchronous Javascript import (updated thresholds)
1020022FALSEAvoid using submitted markup containing "form" and "formaction" attributes (updated thresholds)
1020024FALSEAvoid "id" attributes for forms as well as submit (updated thresholds)
1020026FALSEAvoid using autofocus and onfocus in submitted markup (updated thresholds)
1020028FALSEAvoid using autofocus and onblur in submitted markup (updated thresholds)
1020030FALSEAvoid using javascript or expression in the CSS file (updated thresholds)
1020032FALSEAvoid using video poster attributes in combination with javascript (updated thresholds)
1020034FALSEAvoid hosting HTML code in iframe srcdoc (updated thresholds)
1020036FALSEAvoid using onscroll event with autofocus input (updated thresholds)
1020038FALSEAvoid defining and calling functions inside loops (updated thresholds)
1020040FALSEAvoid using delete with no object properties (updated thresholds)
1020042FALSEAvoid having iframe inside a tag (updated thresholds)
1020044FALSEAvoid using setData in ondragstart with attribute draggable set to true (updated thresholds)
1020046FALSEAvoid using oninput in body containing input autofocus (updated thresholds)
1020048FALSEAvoid using source tag in video/audio with event handler (updated thresholds)
1020050FALSEAvoid white-listing the "dirname" attribute in user generated content (updated thresholds)
1020052FALSEAvoid using import with external URI (updated thresholds)
1020054FALSEAvoid using delete on arrays (updated thresholds)
1020056FALSEAvoid using Javascript Document.all collection (updated thresholds)
1020060FALSEAvoid using console.log() (updated thresholds)
1020062FALSEAvoid using non thread-safe Javascript singleton pattern (updated thresholds)
1020064FALSEAvoid Superclass knowing Subclass in Javascript (updated thresholds)
1020066FALSEAvoid using Javascript Function constructor (updated thresholds)
1020068FALSEAvoid return statement in finally block (updated thresholds)
1020072FALSEAvoid direct access to Database Tables in Javascript (updated thresholds)
1020074FALSEAvoid enabling autocomplete "on" for inputs/forms (updated thresholds)
1020076FALSEAvoid Artifacts with too many parameters (Javascript) (updated thresholds)
1020078FALSEAvoid using setTimeout() (updated thresholds)
1020080FALSEAvoid using setInterval() (updated thresholds)
1020094FALSEAvoid creating cookie without setting httpOnly option (Javascript) (updated thresholds)
1020096FALSEAvoid using unsecured cookie (Javascript) (updated thresholds)
1020098FALSEAvoid creating cookie with overly broad path (Javascript) (updated thresholds)
1020100FALSEAvoid having cookie with an overly broad domain (Javascript) (updated thresholds)
1020104FALSEAvoid hardcoded passwords (Javascript) (updated thresholds)