Created by Shared Doc User, last modified by N Padmavathi on Nov 06, 2020
1.4.1-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|
| 34909 | Correct the false violation for the rule (1021044): 'Avoid string interpolations to prevent SQL injections (Python)' when using f-strings. Removed false positives. |
Rules
| Rule Id | New Rule | Details |
|---|
| 1021044 | FALSE | Removed false positives for the rule (1021044): "Avoid string interpolations to prevent SQL injections (Python)". |
1.4.0-funcrel
Other Updates
| Details |
|---|
| Create a maximum of one S3 unknown bucket per project |
| Handle correctly "botocore.client.S3.copy()" method: create useSelectLink and useInsertLink |
New Support
| Summary | Details |
|---|
| Support web service operations in Bottle Web framework | Creation of web service operations configured by the Bottle framework and links to the respective Python handler methods. |
| Support web service operations in Sanic Web framework | Creation of web service operations configured by the Sanic framework and links to the respective Python handler methods. |
1.4.0-beta8
Other Updates
| Details |
|---|
| Generalize app-level linking for any type of objects linkable to Lambda handlers (links representing AWS Lambda triggers). |
| Interpret calls inside Python Lambda expressions to AWS DynamoDB client objects. |
| Create non-CRUD links for Boto3 API methods acting on S3 bucket. |
| Remove "S3 region" objects from modelization of AWS S3. |
New Support
| Summary | Details |
|---|
| Support Falcon web framework | Creation of REST operations and links to the Python handler methods. |
| Support CherryPy web framework | Creation of REST operations and links to the Python handler methods. |
| Support FastAPI web framework | Creation of REST operations and links to the Python handler methods. |
| Support for Lambdas in AWS-CDK | Creation of (Python) AWS Lambda objects and links to the Python handler methods. Enabled only when no corresponding CloudFormation template files are detected. |
1.4.0-beta7
Note
If your application contains AWS code it is highly recommended to add the com.castsoftware.cloudconfig extension, so that proper migration of AWS objects takes place upon upgrading com.castsoftware.python extension from previous versions (v< 1.4.0-beta7).
Other Updates
| Details |
|---|
| Support of Cloudformation, SAM and Serverless framework is removed from this extension. The support is now provided by com.castsoftware.cloudconfig. The com.castsoftware.python extension remains responsible for linking AWS objects that have Python methods as handlers. |
1.4.0-beta6
Resolved Issues
| Customer Ticket Id | Details |
|---|
| 33241 | Filter out standard library packages from analysis |
| 33452 | Avoid crashing the analysis when errors are found during object saving |
Other Updates
| Details |
|---|
| Metamodel Python function (used for methods and functions indistinctly) now inherits from "APM Methods". |
| Improved search algorithm of AWS Lambda handlers. |
| Improved resolution of SQS queue names in AWS framework analysis. |
| Remove false positive for rule: "Avoid using exec (Python)", Rule ID: 1021038. |
Rules
| Rule Id | New Rule | Details |
|---|
| 1021038 | FALSE | Avoid using exec (Python). |
New Support
| Summary | Details |
|---|
| Support positional-only arguments | Positional-only arguments are recognized when analyzing method definition signatures. This is part of the support for new features in Python 3.8. |
1.4.0-beta5
New Support
| Summary | Details |
|---|
| Support for SNS in boto3 | Support Amazon Simple Notification Service (SNS) for Python in boto3 (Python SDK for Amazon Web Services) |
1.4.0-beta4
Note
This release introduces major improvements in method call resolution, notably for those calls involving class instance attributes. These improvements should reduce considerably the number of false call links. Some correct call links might get impacted by these changes, in particular, for calls contained in large and complex classes.
Other Updates
| Details |
|---|
| Fix bug leading to innocuous error message during application level |
| Linux compliant extension version |
New Support
| Summary | Details |
|---|
| Support for AWS dynamoDB (boto3 sdk) | Creation of dynamoDB tables and CRUD links |
| Support for Web2py calls to web services | Support for calls to web services via fetch method (GET) |
1.4.0-beta3
Note
In this release, the Python analyzer will accept YAML files (.yaml, .yml) in addition to the already handled PYTHON files (.py, .jy).
Resolved Issues
| Customer Ticket Id | Details |
|---|
| 28660 | Improve rule "Avoid hard-coded network resource names (Python)" |
| 28661 | Avoid artifacts having recursive (includeLink) calls |
| 28612 | Better support of python (namespace) packages (without "init.py" files). Fixes missing links between python methods. |
| 29690 | Fix bug when parsing empty dictionary definitions |
| 29822 | Fix bug in program call interpreter leading to inner crash |
Other Updates
| Details |
|---|
| Skip analysis of folders containing external libraries: python code in "site-packages" and "dist-packages" is skipped by default by the analyzer |
New Support
| Summary | Details |
|---|
| Support for Boto3: Amazon Web Services SDK for Python | Creation of Lambda function objects, SQS messages and S3 buckets |
| Support for Serverless, SAM, CloudFormation: Amazon Web Service deployment frameworks | Support for AWS deployment frameworks using YAML configuration files, constrained to the Python runtime elements. |
1.4.0-beta2
Note
This release officially supports injection of interpreters via different UA extensions (for example for development of custom Python quality rules).
Resolved Issues
| Customer Ticket Id | Details |
|---|
| 28631 | Add default value to BackFired Function Point (24) |
Other Updates
| Details |
|---|
| Update rule title: 'Avoid Python string interpolations to prevent SQL injections' to 'Avoid string interpolations to prevent SQL injections (Python)' |
| Python Analyzer Openess for external interpreters (e.g. custom quality rules) |
1.4.0-beta1
Resolved Issues
| Customer Ticket Id | Details |
|---|
| 25623 | Python rule (Rule ID:1021030): "Avoid hardcoded network resource names" does not operate as described. |
| 27785 | False Violation on Python Analysis for the rule (Rule ID:1021004): "Avoid using a web service with Python requests inside a loop". |
Other Updates
| Details |
|---|
| Minor update of description for the rule (Rule ID:1021042): "Avoid hard-coded passwords (Python)". |
| Scope not correctly configured for rule (Rule ID:1021054): "Avoid long docstring lines". |
| Overall enhancement of method call resolutions, and fixed issues with cross-file method calls. |
1.4.0-alpha2
Resolved Issues
| Customer Ticket Id | Details |
|---|
| 23067 | Correct internal error when handling ternary conditional expression in loops. |
Other Updates
| Details |
|---|
| Fixed issues on method names and calls with (possibly deprecated) keywords: print, exec and await. |
| Fixed internal error (minor impact). |
| Corrections in analysis of framework "plac". Fixed internal error that could lead to a crash. |
| Web Service objects are name after their url (complying with other analyzers) instead of their HTTP method name. |
1.4.0-alpha1
Other Updates
New Support
| Summary | Details |
|---|
| Support to "Plac framework" | Added support to "Plac framework" for command-line argument handling. |
