Created by user-1a1b1, last modified by N Padmavathi on Sep 07, 2020
This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.

  • 1.3.3-funcrel
  • 1.3.2-funcrel
  • 1.3.1-funcrel
  • 1.3.0-funcrel
  • 1.3.0-beta1
  • 1.3.0-alpha3
  • 1.3.0-alpha2
  • 1.3.0-alpha1

    • 1.3.5

    Resolved Issues

    Customer Ticket IdDetails
    25995Jeerules has encountered issue: RuntimeError: property is not registered for given object type

    1.3.4

    Note

    JEE Rules - 1.3.4 is now in LTS (Long Term Support).

    Resolved Issues

    Customer Ticket IdDetails
    24267False positive violations for "Avoid using unsecured cookie (JEE)".

    Rules

    Rule IdNew RuleDetails
    1039028FALSEThe rule Avoid weak encryption providing not sufficient key size (JEE) incorrectly checks for a key size of 4096 creating false positive violations.

    1.3.4-funcrel

    Resolved Issues

    Customer Ticket IdDetails
    25117ValueError: invalid literal for int() with base 10: 'newExpireTime' has been resolved.
    25159AttributeError: 'NoneType' object has no attribute 'text' has been resolved.

    1.3.3-funcrel

    Other Updates

    Details
    The analysis crashes with the following error: "The Extension com.castsoftware.jeerules has encountered an issue". The specific error is "During start_type on a specific Type (xxx)".
    Missing violation
    The analysis crashes with the following error: "The Extension com.castsoftware.jeerules has encountered an issue". The specific error is "AttributeError: 'NoneType' object has no attribute 'get_begin_line' ".

    1.3.2-funcrel

    Other Updates

    Details
    Performance code optimization for concatenation of value using + instead use .join() function
    CASTONCAST: Duplicate CRITICAL violation on Avoid using SAXParserFactory without restriction of XML External Entity Reference (XXE) Rule ID: 1039034
    Extension jeeRule not linux compliant: Do not use '\\'

    1.3.1-funcrel

    Other Updates

    Details
    Extension com.castsoftware.jeerules has encountered an issue
    Internal issue while posting bannedapi Traceback

    1.3.0-funcrel

    Other Updates

    Details
    Review description

    1.3.0-beta1

    Rules

    Rule IdNew RuleDetails
    1039024FALSENo violations for Avoid using unsecured cookie (JEE)
    1039026FALSENo violations for Cookie HttpOnly
    1039058FALSEFalse positives for the rule "Avoid generating key with insufficient random generator in cookies"

    1.3.0-alpha3

    Other Updates

    Details
    EVOLLIS - SI- <Agile 2.1> - Extension com.castsoftware.jeerules has encountered an issue

    Rules

    Rule IdNew RuleDetails
    1039074FALSEAvoid using Apache ActiveMQ 5.x before 5.13.0
    1039072TRUEAvoid using jYAML to deserialize YAML (JEE)

    1.3.0-alpha2

    Rules

    Rule IdNew RuleDetails
    1039070TRUEAvoid using URL.equals(Object obj) or URL.hashCode()

    1.3.0-alpha1

    Resolved Issues

    Customer Ticket IdDetails
    18065Mismatch in grades between original and simulated grade in Action Plan Optimizer due to one JEE QR: 1039014: Avoid using Cipher with no HMAC to ensure data integrity

    Other Updates

    Details
    Updated the description of the rule: 1039058: Avoid generating key with insufficient random generator in cookies

    Rules

    Rule IdNew RuleDetails
    1039068TRUEAvoid using the Non-Serializable Object Stored in Session
    1039066TRUEEnsure you do not allow access to all domain when defining cookie path (JEE)
    1039064TRUEAvoid having cookie with an overly broad domain (JEE)

    1.3.3-funcrel

    Resolved issues

    Following table lists the issues resolved in this release of the extension.

    Internal IDCall IDSummary
    JEEQRS-180, JEEQRS-181-The analysis crashes with the following error: "The Extension com.castsoftware.jeerules has encountered an issue". The specific error is "AttributeError: 'NoneType' object has no attribute 'get_begin_line' ".
    JEEQRS-182-During an analysis the following message is seen in the log: 'Failed to post violation on Object (xxx)'.
    JEEQRS-183-The analysis crashes with the following error: "The Extension com.castsoftware.jeerules has encountered an issue". The specific error is "During start_type on a specific Type (xxx)".

    1.3.2-funcrel

    Resolved issues

    Following table lists the issues resolved in this release of the extension.

    Internal IDCall IDSummary

    JEEQRS-172

    		-

    CASTONCAST: duplicate CRITICAL violation on Avoid using SAXParserFactory without restriction of XML External Entity Reference (XXE) Rule ID: 1039034

    JEEQRS-173

    		-

    Extension jeeRule not linx compliant: Do not use '\\'

    JEEQRS-174

    		-

    Performance code optimization for concatenation of value using + instead use .join() function

    1.3.1-funcrel

    Resolved issues

    Following table lists the issues resolved in this release of the extension.

    Internal IDCall IDSummary
    JEEQRS-171-Internal issue while posting bannedapi Traceback
    JEEQRS-169-AIP Console - Onboarding : Extension com.castsoftware.jeerules has encountered an issue

    1.3.0-funcrel

    Resolved issues

    Following table lists the issues resolved in this release of the extension.

    Internal IDCall IDSummary
    JEEQRS-167-Reviewed the Description of the extension

    1.3.0-beta1

    Resolved issues

    Following table lists the issues resolved in this release of the extension.

    Internal IDCall IDSummary
    JEEQRS-162 -False positives for the rule "Avoid generating key with insufficient random generator in cookies"
    JEEQRS-163 -No violations for Cookie HttpOnly
    JEEQRS-165-

    No violations for Cookie setSecure (1039024: Avoid using unsecured cookie (JEE))

    1.3.0-alpha3

    The following new rules have been added in this release of the extension.

    1039072Avoid using jYAML to deserialize YAML (JEE)
    1039074Avoid using Apache ActiveMQ 5.x before 5.13.0

    Resolved issues

    Following table lists the bug resolved in this release of the extension.

    Internal ID

    Call ID

    Summary

    JEEQRS-144-EVOLLIS - SI- <Agile 2.1> - Extension com.castsoftware.jeerules has encountered an issue

    1.3.0-alpha2

    New feature

    The following new rule has been added in this release of the extension.

    1039070Avoid using URL.equals(Object obj) or URL.hashCode()

    1.3.0-alpha1

    New feature

    The following new rules have been added in this release of the extension.

    1039064Avoid having cookie with an overly broad domain (JEE)
    1039066Ensure you do not allow access to all domain when defining cookie path (JEE)
    1039068Avoid using the Non-Serializable Object Stored in Session

    Resolved issues

    Following table lists the bug resolved in this release of the extension.

    Internal IDCall IDSummary
    JEEQRS-107-

    Updated the description of the rule: 1039058: Avoid generating key with insufficient random generator in cookies 

    JEEQRS-112 18065Mismatch in grades between original and simulated grade in Action Plan Optimizer due to one JEE QR: 1039014: Avoid using Cipher with no HMAC to ensure data integrity