Created by user-1a1b1, last modified by N Padmavathi on Sep 17, 2020
This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.


On this page:

  • 1.3.3-funcrel
  • 1.3.2-funcrel
  • 1.3.1-funcrel
  • 1.3.0-funcrel
  • 1.3.0-beta1
  • 1.3.0-alpha2
  • 1.3.0-alpha1


    • 1.3.9

    Other Updates

    Details
    Remove false positive for rule: "Avoid using exec (Python)", Rule ID: 1021038.

    Rules

    Rule IdNew RuleDetails
    1021038FALSEAvoid using exec (Python)

    1.3.8

    Other Updates

    Details
    Error during Full parsing of files. Fix diverse parsing errors and bug during database analysis.
    Python Analyzer is not Linux compliant. Linux compliant extension version.

    1.3.7

    Resolved Issues

    Customer Ticket IdDetails
    28660Improve rule "Avoid hard-coded network resource names (Python)"
    28661Avoid artifacts having recursive (includeLink) calls
    28612Better support of python (namespace) packages (without "init.py" files). Fixes missing links between python methods.
    29690Fix bug when parsing empty dictionary definitions
    29822Fix bug in program call interpreter leading to inner crash

    Other Updates

    Details
    Skip analysis of folders containing external libraries: python code in "site-packages" and "dist-packages" is skipped by default by the analyzer

    1.3.6

    Resolved Issues

    Customer Ticket IdDetails
    25623Python rule (Rule ID:1021030): "Avoid hardcoded network resource names" does not operate as described.
    27785False Violation on Python Analysis for the rule (Rule ID:1021004): "Avoid using a web service with Python requests inside a loop".

    Other Updates

    Details
    Scope not correctly configured for rule (Rule ID:1021054): "Avoid long docstring lines".
    Minor update of description for the rule (Rule ID:1021042): "Avoid hard-coded passwords (Python)".

    1.3.5

    Resolved Issues

    Customer Ticket IdDetails
    26122Corrects resolution of imported classes, inherited classes, and calls inside inherited methods for classes inheriting from "themselves". It also corrects an internal error showed in a warning message.

    1.3.4

    Note

    Python - 1.3.4 is now in LTS (Long Term Support).

    1.3.4-funcrel

    Resolved Issues

    Customer Ticket IdDetails
    23067Correct internal error when handling ternary conditional expression in loops.

    Other Updates

    Details
    Fixed issues on method names and calls with (possibly deprecated) keywords: print, exec and await.
    Fix internal error (minor impact).

    1.3.3-funcrel

    Updates

    • Corrected configuration for the common rule "Avoid Too Many Copy Pasted Artifacts". Now new violations in Python code might be visible in the dashboard.

    Resolved issues

    Internal IDTicket IDSummary
    PYTHON-19722189Corrected bug on string evaluation leading to a crash with message "Analysis Runner has stopped working .."

    1.3.2-funcrel

    Updates

    • TCC rules defining default entry/end points corrected from previous changes (1.3.1-funcrel) so that their effect is bounded to Python objects only.
    • TCC rule for default entry-points on Python Script objects only applies when scripts are not called from elsewhere.
    • TCC rule on SQL-related objects in Python (Standard End Point - Python - Query) now applies to "Python Query", "Python ORM Mapping" and "Python File Query" objects (removed previous reference to "SQL Named Query").
    • Change from 'callLink' to 'useLink' between Python File Query objects and Dml Script (or SQL Script in older versions of the sqlanalyzer extension) objects.

    1.3.1-funcrel

    Updates

    • Reference list in quality rule 1021044 (Avoid Python string interpolations to prevent SQL injections) is updated.
    • Support for Python super(). This feature corrects a number of incorrect call-links  to methods out of the enclosing class hierarchy.
    • URL resolution of web services involving global variables are improved.
    • TCC default entry/end points from specific types to general categories (concerning web services) are generalized.

    New rule

    Following rule has been added in this release: 

    1021076Avoid mutable default parameter values

    1.3.0-funcrel

    Updates

    • Support for urllib3 (creation of objects). Partial support for quality rules (see Limitations main text)
    • Corrected code line counting of objects using decorators
    • Improved resolution of method calls

    1.3.0-beta1

    New features

    • A Python discoverer is shipped together with the extension to automatically create Python analysis units when .py files are present.

    Resolved issues

    Following table lists the bugs resolved in the current release.

    Internal IDTicket IDSummary
    PYTHON-174
    		Update quality rule description (1021016): 'Avoid weak encryption algorithm (Python)''
    PYTHON-175
    		Improvements in robustness based on analysis performed in diverse Python applications.
    PYTHON-181
    		Incorrect link from Flask Operation to Python Class (now the link is correctly created to the method)

    1.3.0-alpha2

    Resolved issues

    Following table lists the bugs resolved in the current release.

    Internal IDTicket IDSummary
    PYTHON-170
    		Detect SQL queries coming from SQL files
    PYTHON-171
    		SQLAlchemy (Python SQL toolkit) support
    PYTHON-172
    		Enhance detection of Python Flask web services

    1.3.0-alpha1

    Updates

    New rules

    The following rules have been added in this release: 

    1021072Avoid shadowing class variables
    1021074Avoid manipulating a list while iterating over it

    For the complete list of rules in 1.3.0-alpha1, seehttps://technologies.castsoftware.com/rules?sec=srs_python&ref=||1.3.0-alpha1

    Resolved issues

    Internal IDTicket IDSummary
    PYTHON-163
    		Links between Python and SQL for raw() calls used in Django framework