HTML5 and JavaScript - 2.1 - Release Notes

2.1.29-funcrel

Resolved Issues

Customer Ticket Id	Details
43212	Fixes an issue where the HTML5 extension crashes during an analysis with the following message: "IndexError: tuple index out of range".
42544	Fixes an issue causing missing call links between JSP eFile objects and JSP Content objects.

Other Updates

Details
A change has been implemented to ensure that the "metric.codeLines" property setting is computed by the analyzer and not during the post analysis stage.
The following libraries/paths were added to the filters.json file and will be ignored by default: /text-angular/, /ui-calendar/, /ui-grid/, /components-font-awesome*/, /font-awesome*/, /uikit/, /nib/.
A change has been implemented to create include links when .css files are imported from .js files.
A change has been implemented to create include links when .css files are imported from .css files.
Fixes an issue causing the analysis to fail when code is inside "define(function (require) {...})".
A change has been implemented to ensure that .mts and .cts files are no longer analyzed by the HTML5 extension.
Fixes an issue causing the analysis to fail when code is inside "define(function (require) {...})".

New Support

Summary	Details
Support of *.hbs and *.handlebars source file extensions (for Handlebars.js templates - https://handlebarsjs.com/)	See https://doc.castsoftware.com/display/TECHNOS/HTML5+and+JavaScript+-+2.1#HTML5andJavaScript2.1-handlebarsSpecificcaseofhandlebarsfile.
Support other CSS file extensions: '.less','.sass', '*.styl', '*.stylus', '*.cssm', '*.pcss', '*.postcss'	See https://doc.castsoftware.com/display/TECHNOS/HTML5+and+JavaScript+-+2.1#HTML5andJavaScript2.1-Filesanalyzed

2.1.28-funcrel

Resolved Issues

Customer Ticket Id	Details
42628	Fixes an issue wherein the analysis stuck on HTML5 analyser.

Other Updates

Details
Added libraries to skip.
Fixes an issue wherein some links were not found with prototype framework.
Function call with "this." prefix is resolved to a function present at the root level of a JS File.
Fixes a resolution problem where an identifier was resolved to a variable instead of class.
In some cases, a link to a class should be created from an identifier.
An identifier corresponding to a class passed as parameter of a function call should always be resolved to the class.
Fixes the traceback error: "IndexError: list index out of range".
Fixes the resolution problem in some cases.
Fixes the resolution problem in some cases (depending on the order of parsing).
Fixes the "get_returns" method which does not return statements with arrow functions.
Fixes an issue wherein evaluate_ast on an integer did not return a function when the integer pointed to a function.
Traceback error: AttributeError: 'NoneType' object has no attribute 'get_kb_object' (in debug mode).
Traceback error: TypeError: 'in <string>' requires string as left operand, not NoneType.

New Support

Summary	Details
Support of *.mts and *.cts source files - contain ECMAScript Modules.	See documentation: https://doc.castsoftware.com/display/TECHNOS/HTML5+and+JavaScript+-+2.1#HTML5andJavaScript2.1-Filesanalyzed.
Support of *.ngt files for angular	See documentation. See https://doc.castsoftware.com/display/TECHNOS/HTML5+and+JavaScript+-+2.1#HTML5andJavaScript2.1-Filesanalyzed.
Support of *.vt and *.vtl source file extensions (secondary file extension for Apache Velocity templates)	See documentation. See https://doc.castsoftware.com/display/TECHNOS/HTML5+and+JavaScript+-+2.1#HTML5andJavaScript2.1-Filesanalyzed.

2.1.27-funcrel

Resolved Issues

Customer Ticket Id	Details
42477	Fixes an issue causing the "Install extension" step to fail with the error: "SQL Error: ERROR: value too long for type character varying (255)".
42159	Fixes a false positive violation of the rule 1020052: "Avoid using import with external URI".

Other Updates

Details
Technical code refactoring work done for object resolution.
The library exclusion mechanism (filters.json) has been updated to exclude additional third party libraries: datetimepicker.js, miframe.js, ext-ux-miframe.js, http://paramquery.com, http://www.rainforestnet.com, class Ext.ux.ManagedIFrame.
Improved support of names with enlarged utf8 characters.
The library exclusion mechanism (filters.json) has been updated to exclude additional third party libraries: https://github.com/microsoft/monaco-editor or tsWorker.js.
Fixes an issue where functions defined with parentheses are resolved with the wrong name (NONAME).

Rules

Rule Id	New Rule	Details
1020052	FALSE	Fixes a false positive violation of the rule 1020052: "Avoid using import with external URI".

New Support

Summary	Details
Support for '*.cjs' source files	Added support for '*.cjs' source files - containing JavaScript Common.js modules.
Support for '*.jspf', '*.tag', '*.tags', '*.tagf', '*.tagx' source files	Added support for '*.jspf', '*.tag', '*.tags', '*.tagf', '*.tagx' source files - containing JSP code.

2.1.26-funcrel

Note

This release has been withdrawn.

2.1.25-funcrel

Resolved Issues

Customer Ticket Id	Details
41897	Fixes an issue where links were missing from JSP to JavaScript Functions when function calls were defined in java code inside the JSP files.

Other Updates

Details
The library exclusion mechanism (filters.json) has been updated to exclude additional third party libraries.
Fixes an issue where analyzing the third party library Viz.js (Graphviz in your browser) was taking a long time to complete and consumed an excessive amount of memory. This library has now been excluded via the filters.json.
An update has been added to ensure that during an analysis, paths are normalized before being searched.
Fixes issues related to the parsing of functions defined inside a function (note that some properties such as checksum, complexity and codeLinesCount may change in rare cases).

New Support

Summary	Details
Support for interpolations and # from HTML5 analyzer	Support provided for interpolations and # from HTML5 analyzer (in .ftl and .ftlh files).
Support for *.vm source file extension	Support provided for *.vm source file extension (Apache Velocity).

2.1.24-funcrel

Resolved Issues

Customer Ticket Id	Details
41510	Fixes an issue causing the analysis to fail with the error "Error code 255".
41526	Fixes an issue where the analysis hung during the parsing of a ".cache.js" file. This type of file is now automatically skipped.
41649	Fixes an issue causing the analysis to fail while parsing file "index_new.js" (caused by a concatenation of strings in "generateCollapse").

Other Updates

Details
Added the following file types to the filters.json file so that they are skipped during the analysis: *.cache.js, *.nocache.js, *.cache.html and *.nocache.html where the file name is composed of hexadecimal characters only.
Fixes an issue with broadcasted external libraries (internal technical issue).
Fixes an issue where arrow functions defined through return statements were not handled correctly.
Fixes an issue where a duplicate guid was being created for an external library.

New Support

Summary	Details
Support of *.ftl file extensions (Apache Freemarker)	These files are now managed as .html extensions.

2.1.23-funcrel

Resolved Issues

Customer Ticket Id	Details
41220	Fixes an issue where the Imaging export failed due to duplicate checksum for some javascript functions.

Other Updates

Details
Support of "import" statement with ".vue" files.
Support of "import" statement with ".json" files for evaluation.
External libraries must be broadcasted for typescript extensions.
Added libraries to skip.
Fixes an issue where the Checksum was saved twice for some javascript functions.
Fixes an issue where the resolution failed if "export default ident;" was present with ident pointing to an object value.
Fixes an issue where the External libraries were not created for "import" statements containing no "from" clause.
Fixes an issue where the analysis got stuck for more than 12hrs while analysing/parsing ond of the *.js file "\tsWorker.js.

New Support

Summary	Details
Support for *.jsm source files	Support provided for *.jsm source files. Source code contained in *.jsm files will be analyzed by HTML5/Javascript extension.

2.1.22-funcrel

Resolved Issues

Customer Ticket Id	Details
40732	Fixes an issue where the analyzer was not creating a HTTP service object from a form action.

Other Updates

Details
Improvements added for support fo the "evaluate_ast" statement (technical).
The extension's object metamodel description has been updated to ensure objects generated by the extension are named in a uniform way. See https://doc.castsoftware.com/display/TECHNOS/HTML5+and+JavaScript+-+2.1#HTML5andJavaScript2.1-objectsObjects.
An updated has been implemented to ensure that DWR files (which are classed as external or generated) are skipped during the analysis.
An update has been implemented to ensure that the file Scripts\Pako\pako.esm.mjs is skipped during the analysis - Pako is a third party open source component.
Fixes an issue causing a missing link related to prototype functions.
Fixes an issue causing resolution and evaluation to fail when "module.exports" is not at file level.
Fixes an issue where "export default new Vuex.Store()" ast is incorrect and therefore causes issues with link resolution.
Fixes an issue where functions with names defined between square brackets are not correctly evaluated.

New Support

Summary	Details
New support for "spread operator"	Support introduced for "spread operator" as a unary expression (technical).
New support for (<html-el:rewrite page=...)	Support introduced for a new pattern on a header JavaScript JavaScript: (<html-el:rewrite page=...) (technical).

2.1.21-funcrel

Resolved Issues

Customer Ticket Id	Details
40579	Fixes the issue wherein HTML analysis was stuck on a js file during the post resolution of the file.
40303	Fixes the missing links between JavaScript functions due to incorrect resolution of var.
40348	Fixes the missing links from JavaScript function to JavaScript function.

Other Updates

Details
Added libraries to skip.
Represent libraries which should have been in node_module directory and are referrenced in package.json files, and libraries refered by html files through <script src="http:..."> (see documentation).
Internal issue with jsp files containing "<%@ include file="./userForm.js"%>".
Simple declaration without "var" keyword is badly parsed.
Empty evaluation through a ternary if expression.
Evaluation does not work when 2 statements contributing to the evaluation are in the same var declaration.
Return statement are badly parsed (some complexities linked to these statements may change).
Resolution and evaluation are bad when several variables are defined with "var" in the same bloc.
Evaluation does not work for "return ["product", "addproduct", "opportunity", opportunity].join("/")".

2.1.20-funcrel

Resolved Issues

Customer Ticket Id	Details
39776	Fixes an issue where HTML analyzer stopped analysis with the following warning: AttributeError: 'NoneType' object has no attribute 'text'.
39824	Fixes an issue where JQuery analys was getting stuck while creating ajax resources for file.

Other Updates

Details
Filtering added to some files.
Support provided for "encodeURI" and "encodeURIComponent" for url evaluations.
Fixes an issue where resolution did not work in a specific case.
Fixes an issue where evaluation did not work in specific case.

2.1.19-funcrel

Resolved Issues

Customer Ticket Id	Details
39220	Fixes an issues where HTML Request Services were not created post upgrade.

Other Updates

Details
Create resource service even if url is empty (in jsp files).
Added a new parameter to evaluation to evaluate a parameter of a function call (technical).
Fixes an issue where Url evaluation does not work when a variable is set in another function of the same object value as the function calling the url.
Fixes an issue where evaluation was wrong when a string contains a function call between ${...}.
Fixes an issue where Url evaluation did not work when a function defined with only a string return was called.

2.1.18-funcrel

Resolved Issues

Customer Ticket Id	Details
39138	Fixes an issue where following an upgrade from 2.1.16 to 2.1.17, and no change in source code, new analysis results showed modified transactions due to deleted HTML objects.
34049	Fixes a spelling mistake in rule documentation for the rule 1020006 "Avoid calling a function in a termination loop".

Other Updates

Details
Technical update implemented to add an option for evaluating nodes in the evaluation.
The pattern /npm/ has been removed from filters.json file. This means that source code that matches this pattern will no longer be excluded from analysis.
Fixes an issue where the URL for NodeJS Post HttpRequest services were not resolved correctly.
Technical update implemented to fix an issue where evaluation does not work when "format" function is used.
Changes the behaviour to ensure that fetch() should is no longer considered as a URL call when the fetch function is a client specific function.
Technical update implemented to ensure that a resource service is created even if the URL is empty.

Rules

Rule Id	New Rule	Details
1020006	FALSE	Rule documentation updated to fix a spelling error in the rule 1020006 "Avoid calling a function in a termination loop".

2.1.17-funcrel

Resolved Issues

Customer Ticket Id	Details
38546	Fixes an issue causing an analysis error due to excessive use of RAM memory by the analyzer, caused in turn by presence of the "fusioncharts" library.

Other Updates

Details
Additional filtering rules have been added to filters.json for test files and external libraries.
Fixes an issue causing a missing link when a function has an object value as a parameter.
Changes the behaviour of the analyzer to ensure that when a .JSX file is an externally called library, the object created by the analyzer is JSX content, instead of JavaScript content as previously.
Fixes an issue causing a missing link when a function is passed through parameters.

2.1.16-funcrel

Resolved Issues

Customer Ticket Id	Details
38185	Fixes an issue where HTML Analysis was going into an infinite loop (running for 3 days) with an error. After the fix the analysis ends in a reasonable time.
28703	Corrects the reference link for the rule (1020010): "Avoid using for Each()".

Other Updates

Details
Fixes an issue related to HTML interpretor refactoring (technical).
Fixes an issue where http services found in jsp or asp files have name and fullname containing the url part after "?" and are very long.
Fixes an issue where Javascript fragments were not analyzed when type is empty in <script type="">.
Fixes an issue where urls containing "wiki:Link" were not well handled.
Fixes an issue where urls containing "@string.Format" were not well handled in CSHTML files.

Rules

Rule Id	New Rule	Details
1020106	TRUE	Avoid hidden form field to prevent parameter tampering (Javascript/HTML5).
1020108	TRUE	Avoid dangerous file inclusion (JSTL).
1020010	FALSE	Corrects the reference link of the rule: "Avoid using forEach()".

2.1.15-funcrel

Resolved Issues

Customer Ticket Id	Details
36536	Support of function calls in Kendo framework within .cshtml files when templating is used.
37116	Fixes a missing link between JavaScript functions causing false positive violations.
37578	Fixes an issue where an analysis was crashing with the message "Evaluation may be partial to avoid combinatory explosion (1)".
38071	Fixes an issue where there was amissing link between a jQuery Operation and a Struts Operation.

Other Updates

Details
The field "kind" has been added to all existing entries in the "filters.json" to help explain why the file is skipped.
Fixes an issue where the message "HTML5-005 Internal issue in parsing one statement" is recorded in the log for files containing React code.
Fixes an issue causing the error "AttributeError: 'NoneType' object has no attribute 'startswith'" to be displayed incorrectly in the log file.
Fixes an issue causing a traceback error "'NoneType' object has no attribute 'data_bind_list'".
Fixes an issue where the analysis error "Ending tag "XXX" with no corresponding opening" was caused by the analysis of a JSP tag property "<%=selected%>".
Fixes an issue where the evaluation of a "database" variable was failing.
Implements support of object destructuring for resolution.
Implements support of list destructuring for resolution.
Implements support for evaluation with member access to evaluate a list.
Add get_returns method to Functions and Methods
Evaluation refactoring (technical)
Call link to JavaScript class instead of constructor

New Support

Summary	Details
Support of Knockout.js framework	Implements support of "data-bind" attributes in html files, in order to create more links from these file types.

2.1.14-funcrel

Resolved Issues

Customer Ticket Id	Details
36650	Provided a fix for an analysis failing at "Run Analysis" Phase - python stack overflow.
35637	Fixes an issue where the HTML analysis is taking a long time to analyze a JS file.
37064	Fixes an issue where post upgrade to a new release, NodeJS unknown database table objects are deleted.

Other Updates

Details
The HTML5/JavaScript analyzer is now able to scan the contents of the "node_modules" folder (which contains external libraries) and for every external item in the "node_modules" which is called by analyzed source code, a corresponding object will be created by the HTML5/JavaScript analyzer. The items in the "node_modules" folder are not actually analyzed as such and are still ignored via an entry in the filters.json file. This is the first step in a project to expose (in CAST Imaging) called external libraries located in the "node_modules" folder. CAST Console and CAST Imaging will also need to be modified before this information will be available.
Provided a fix for for a situation where too many resource services are created with the same URL for the same line of code.
Provided a fix for a situation where some URLs are truncated when the last part is an integer initialized with an empty string.
Provided a fix for a situation where an evaluation was when a string contains variables.

New Support

Summary	Details
Support of .mjs files (Michael Jackson scripts)	Files with .mjs extensions are considered as javascript files.

2.1.13-funcrel

Resolved Issues

Customer Ticket Id	Details
36490	JQUERY - AJAX missing resource services.
36514	Mock and SAPUI5 should be automatically excluded of CAST AIP quality results.
36338	Missing links between JS functions, leads to false violations.

Other Updates

Details
Support of resolution when modules are defined through "define".

2.1.12-funcrel

Resolved Issues

Customer Ticket Id	Details
36037	Fixed bad evaluation for some AngularJS services.
35910	Fixed false Violations for the rule (1020092): "Avoid direct definition of JavaScript Functions in a Web page (JavaScript/HTML5)".

Other Updates

Details
Fixed an issue where "export default" is badly parsed for a function defined with "=>".
Fixed an internal issue where "get_ast_caller" was returning the wrong ast node.
Fixed an issue causing a regression in the resolution of an identifier.

Rules

Rule Id	New Rule	Details
1020092	FALSE	Avoid direct definition of JavaScript Functions in a Web page (Javascript/HTML5).

2.1.11-funcrel

Resolved Issues

Customer Ticket Id	Details
35630	Missing link between UI and Backend layer.
35535	HTML5 analyzer creates POST/GET Operations with wrong name and no links to Struts Operations.
35539	JQuery analyzer creates POST/GET Resource Services with wrong name and no links to Struts Operations.
35577	Support of function calls in Kendo framework in CSHTML files.

Other Updates

Details
Skip libraries from analysis.
Add methods to know if a framework is used (technical).
Support of evaluation in "for" statement (including support of list evaluation).
PB with stack overflow with new version of Python.
Fixes an issue where .CSHTML files containing C# code within "@{...}" were not correctly resolved as links.

New Support

Summary	Details
Support of new logical assignment operators (&&=, ||=, and ??=)	They are processed as the '=' assignment, evaluation will work with them now.

2.1.10-funcrel

Resolved Issues

Customer Ticket Id	Details
34386	CAST HTML Analysis stuck on a js file.
34589	Missing links from Javascript Method and NodeJS MongoDB collection.
34289	Missing links from JS to DotNet Controller Action.
34785	Missing links between JavaScript methods.
34976	Missing links between JavaScript methods.
34995	Extension com.castsoftware.html5 has encountered an issue : token = next(self.tokens) StopIteration.
34246	Remediation missing in the description of the rule "Avoid return statement in finally block (Javascript)".

2.1.9-funcrel

Resolved Issues

Customer Ticket Id	Details
31080	False positive for rule (rule id: 1020084): "Avoid unreferenced (Functions Javascript/ HTML5)".
33966	Rule name (rule id: 1020060): "Avoid using console.log()" should be renamed according to technology as "Avoid using console.log() (Javascript)".
33688	False positives for rule (rule id: 1020092): "Avoid direct definition of JavaScript Functions in a Web page (Javascript/HTML5)"
33381	Deleted JQUERY GET resource service.
33595	False positive for the rule (rule id: 7388): "Avoid artifacts having recursive calls".
33450	Extension com.castsoftware.html5 has encountered an issue: Traceback (most recent call last):MemoryError .
33255	Transactions change due to deleted link between HTML5 ASP content.
33169	Added and Modified Transaction due to added and deleted HTML5 Get HTTPREquest objects.

Rules

Rule Id	New Rule	Details
1020084	FALSE	False positives removed for the rule: "Avoid unreferenced (Functions Javascript/ HTML5)".
1020092	FALSE	False positives removed for the rule: "Avoid direct definition of JavaScript Functions in a Web page (Javascript/HTML5)".
1020060	FALSE	Rule name: "Avoid using console.log()" is renamed according to technology as "Avoid using console.log() (Javascript)".
7388	FALSE	False positives removed for the rule: "Avoid artifacts having recursive calls".

New Support

Summary	Details
Support for Dojo web service calls	See documentation: https://doc.castsoftware.com/display/TECHNOS/HTML5+and+JavaScript+-+2.1#HTML5andJavaScript2.1-dojo

2.1.8-funcrel

Resolved Issues

Customer Ticket Id	Details
32225	HTML analysis is stuck for long time while analyzing one of the JSP file.
32926	False violation for the rule: "Avoid using unsecured cookie" (Javascript) (Rule ID: 1020096).

Other Updates

Details
Support for sprintf-js for evaluating strings.
Evaluation problem when evaluating several struct members when one points to an unknown variable.
Many errors of type Traceback in log file in debug mode.
Several property 'Total code lines count' (id 1020073) values found on CAST_HTML5_JavaScript_SourceCode_Fragment.

Rules

Rule Id	New Rule	Details
1020096	FALSE	"Avoid using unsecured cookie (Javascript)" - Removed false positives.

2.1.7-funcrel

Resolved Issues

Customer Ticket Id	Details
30758	Missing Razor objects from CSHTML leading to missing links to Dotnet Controller action.
31243	False positive for rule: "Avoid hardcoded passwords(Javascript)."
31521	No resource service is created for href=@Url.Action("Index", "ProcessSelection") in CSHTML file.
31709	Upload sources to Local db is failing due to multiple values in table ObjFilRef for HTML5 CSS Fragment objects.
31628	Missing links to HTML5 JS methods from JS functions.
30598	Analysis is taking too long, taking lot of time to analyze JS files.
31801	Missing links from HTML5 JavaScript function to other JavaScript Functions.
30784	False violation for the rule Avoid hard-coded network resource names (Javascript).
31046	HTML analysis crash: most files not being analyzed properly.
31402	False positive for the rule: "Avoid using a break statement in 'for' loops".
30741	CSHTML files were skipped after upgrading HTML extension.
31831	HTML Analysis got stuck at a JSP file.

Other Updates

Details
Add filtering of libraries.
Remove METRICABLE inheritance from HTML like objects.
Add a method to get the declaration of a variable (get_declarations).
Better name resolution for 'HTML5 Get HttpRequest service' Object when url is like "something?action=something_else".

2.1.6-funcrel

Resolved Issues

Customer Ticket Id	Details
30063	Missing Get HttpRequest Service after analysis.

Other Updates

Details
No HttpRequest service should be created when property binding is used in angular app
Broadcast *.template file for extensions above HTML5 (as NodeJS)
Error CAST AIP Console: [com.castsoftware.html5] HTML5-005 Internal issue in parsing one statement
Blocking recursion (for NodeJS)

2.1.5-funcrel

Resolved Issues

Customer Ticket Id	Details
29756	Missing JavaScript Methods after analysis.
29267	HTML5 service name is wrong for certain objects with href="@Url.RouteUrl

Link Improvements

Callee Type	Caller Type	Details
.NET WEB operations	CSHTML files	These links are now more complete.

Other Updates

Details
Front end objects of CSHTML in ASP.NET Core MVC project not appearing in AIP console

Transaction Improvements

Type	Framework
Links from CSHTML files to .NET WEB operations	razor

2.1.4-funcrel

Resolved Issues

Customer Ticket Id	Details
29278	The rule, 1020006: "Avoid calling a function in a termination loop" not in the correct technical criteria.

Other Updates

Details
Add filtering of libraries
Links from html fragments should have the fragment as caller instead of the method containing the fragment.
Resolution corrections on HTML5
Bad evaluations for some urls
Problem with parsing with html files when an attribute name is bracketed (ex: [href]="myurl")'

New Support

Summary	Details
Add support for pug files	Add support for .pug files, these files are now transaction entry-points.

2.1.3-funcrel

Resolved Issues

Customer Ticket Id	Details
28065	Missing link from JavaScript method "getAuditDetails" to "getEngagementDetails".
28407	Wrong links to JS functions from ASPX files or other JS Functions in HTML5 analysis.
28116	HTML5-005: Internal issue in parsing one statement.
28591	HTML5 analysis crash warning: Extension com.castsoftware.html5 has encountered an issue.

2.1.2-funcrel

Resolved Issues

Customer Ticket Id	Details
26922	HTML warning: [com.castsoftware.html5] HTML5-005 Internal issue in parsing one statement
26932	REACT Warning : [com.castsoftware.reactjs] REACTJS-001 Internal issue in <source file path>
27481	Missing Angular Resource services
26876	JQUERY Post resource service object that is not created
27128	HTML5 Get HTTPRequest Object Deleted in current run
27299	HTML5-005 Internal issue in parsing one statement
27423	NodeJS Objects not discovered and missing links in an NodeJS application
26221	HTML analysis warning: HTML5-005 Internal issue in parsing one statement

Other Updates

Details
Functions that are dynamically called are not being resolved. This issue is now fixed.
Following files must be skipped (libraries).
A callLink between function and returned function when returned function has no name has been added.
Performance issue in HTML5 extension for executing query in remove_files_with_no_children. This is now fixed.
Error in parsing nodejs syntax (function*() {}). This is now fixed.

2.1.1-funcrel

Resolved Issues

Customer Ticket Id	Details
25924	PB:[COFACE][COFANET]Console : Onboarding : HTML5-005 Internal issue in parsing one statement
26452	PB:[AT&T][BD]Issue with transactions due to missing 10K+ HTML HTTPRequest Service objects after migration from 2.0.10 to 2.0.19
25962	HTML analysis is taking long time and it is stuck while parsing one JS file
26087	HTML Warning: [com.castsoftware.html5] HTML5-005 Internal issue in parsing one statement
26041	PB:Missing links between XHTML files and java methods and link between xhtml file of JEE to HTML source code of html5..

Other Updates

Details
Preparation for api publication
aspx improvement (links to OnInit and OnLoad)
JSX contents must be added in diags definitions where JS contents are included (total).
Remove traceback errors from logs
Some classes are not parsed as classes (class PurposeField extends React.Component<PurposeFieldProps> {})
Some reactjs files are badly parsed because jsx parts are found when it should not.
Support of import statement with default keyword in curly brackets
Fix false violations of unreferenced functions in last version of Imaging
Following libraries must be skipped: cypress, fastclick.js
Methods are not detected in some reactjs classes because some jsx ends are not well detected.
Better support of iteration protocol "..."
HTML5 has to handle vuejs mixins
resolution through imports enhancement
Support of resolution through different components (package.json)
Support of resolution through imports redirections (jsconfig.json)
Exporting a list of object does not work

2.1.0-funcrel

Note

This release of the extension contains a large number of rule related improvements, which will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented.

Resolved Issues

Customer Ticket Id	Details
24807	Missing links between HTML5 POST service operation to Struts Operation
24781	HTML5 missing resource service object when src attribute with iframe tag is used
24586	HTML analysis: missing resource service object due to which link is not created to struts operation
24732	HTML analysis warning: HTML5-005 Internal issue in parsing one statement
25060	Missing link between jsp page and js function
25503	HTML analysis Warning: HTML5-005 Internal issue in parsing one statem

Rules

Rule Id	New Rule	Details
1020070	FALSE	Avoid hardcoded network resource names in Javascript (updated contribution)
1020094	FALSE	Avoid creating cookie without setting httpOnly option (Javascript) (updated contribution)
1020096	FALSE	Avoid using unsecured cookie (Javascript) (updated contribution)
1020098	FALSE	Avoid creating cookie with overly broad path (Javascript) (updated contribution)
1020100	FALSE	Avoid having cookie with an overly broad domain (Javascript) (updated contribution)
1020002	FALSE	Avoid programs with low comment/code ratio (HTML5/Javascript) (updated thresholds)
1020004	FALSE	Avoid to use querySelectorAll (updated thresholds)
1020006	FALSE	Avoid to call a function in a termination loop (updated thresholds)
1020008	FALSE	Avoid for-in loop (updated thresholds)
1020010	FALSE	Avoid using forEach() (updated thresholds)
1020012	FALSE	Avoid using a web service with WebSocket inside a loop (updated thresholds)
1020014	FALSE	Avoid using a web service with XMLHttpRequest inside a loop (updated thresholds)
1020016	FALSE	Avoid using too much dot notation in loop (updated thresholds)
1020018	FALSE	Avoid using Web SQL databases (updated thresholds)
1020020	FALSE	Avoid blocking page loading with synchronous Javascript import (updated thresholds)
1020022	FALSE	Avoid using submitted markup containing "form" and "formaction" attributes (updated thresholds)
1020024	FALSE	Avoid "id" attributes for forms as well as submit (updated thresholds)
1020026	FALSE	Avoid using autofocus and onfocus in submitted markup (updated thresholds)
1020028	FALSE	Avoid using autofocus and onblur in submitted markup (updated thresholds)
1020030	FALSE	Avoid using javascript or expression in the CSS file (updated thresholds)
1020032	FALSE	Avoid using video poster attributes in combination with javascript (updated thresholds)
1020034	FALSE	Avoid hosting HTML code in iframe srcdoc (updated thresholds)
1020036	FALSE	Avoid using onscroll event with autofocus input (updated thresholds)
1020038	FALSE	Avoid defining and calling functions inside loops (updated thresholds)
1020040	FALSE	Avoid using delete with no object properties (updated thresholds)
1020042	FALSE	Avoid having iframe inside a tag (updated thresholds)
1020044	FALSE	Avoid using setData in ondragstart with attribute draggable set to true (updated thresholds)
1020046	FALSE	Avoid using oninput in body containing input autofocus (updated thresholds)
1020048	FALSE	Avoid using source tag in video/audio with event handler (updated thresholds)
1020050	FALSE	Avoid white-listing the "dirname" attribute in user generated content (updated thresholds)
1020052	FALSE	Avoid using import with external URI (updated thresholds)
1020054	FALSE	Avoid using delete on arrays (updated thresholds)
1020056	FALSE	Avoid using Javascript Document.all collection (updated thresholds)
1020060	FALSE	Avoid using console.log() (updated thresholds)
1020062	FALSE	Avoid using non thread-safe Javascript singleton pattern (updated thresholds)
1020064	FALSE	Avoid Superclass knowing Subclass in Javascript (updated thresholds)
1020066	FALSE	Avoid using Javascript Function constructor (updated thresholds)
1020068	FALSE	Avoid return statement in finally block (updated thresholds)
1020072	FALSE	Avoid direct access to Database Tables in Javascript (updated thresholds)
1020074	FALSE	Avoid enabling autocomplete "on" for inputs/forms (updated thresholds)
1020076	FALSE	Avoid Artifacts with too many parameters (Javascript) (updated thresholds)
1020078	FALSE	Avoid using setTimeout() (updated thresholds)
1020080	FALSE	Avoid using setInterval() (updated thresholds)
1020094	FALSE	Avoid creating cookie without setting httpOnly option (Javascript) (updated thresholds)
1020096	FALSE	Avoid using unsecured cookie (Javascript) (updated thresholds)
1020098	FALSE	Avoid creating cookie with overly broad path (Javascript) (updated thresholds)
1020100	FALSE	Avoid having cookie with an overly broad domain (Javascript) (updated thresholds)
1020104	FALSE	Avoid hardcoded passwords (Javascript) (updated thresholds)