Created by N Padmavathi on Jan 15, 2021
1.1.4-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|
| 34949 | Fixed rule (1060022) description. |
1.1.3-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|
| 34435 | Fixes a false positive violation of the rule: 1060114 - Always enable authorization checks at function level for functions called on by APIs. |
Rules
| Rule Id | New Rule | Details |
|---|
| 1060114 | FALSE | False positive for the rule: Always enable authorization checks at function level for functions called on by APIs |
| 1060110 | FALSE | deprecate : Avoid filtering sensitive data using front-end |
| 1060108 | FALSE | deprecate : Avoid data fields binded to columns to return sensitive data via APIs |
| 1060106 | FALSE | deprecate: Avoid using generic methods such as 'ToJson' or 'ToString' to save sensitive or PII data |
| 1060104 | FALSE | deprecate : Always review APIs returning sensitive data fields |
| 1060116 | FALSE | deprecate : Always avoid http redirects to unknown or untrusted URLs |
1.1.2-funcrel
New Support
| Summary | Details |
|---|
| Support installation of extension under Linux OS | Fix some path incompatibilities when installing extension under Linux. |
1.1.1-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|
| 31662 | Spring Security scope added to the rule Always enable authorization checks at function level for functions called on by APIs |
| 31554 | Spring Security scope added to the rule Always enable authorization checks at function level for functions called on by APIs |
| 30366 | Spring Security scope added to the rule Always enable authorization checks at function level for functions called on by APIs |
Rules
| Rule Id | New Rule | Details |
|---|
| 1060114 | FALSE | "Always enable authorization checks at function level for functions called on by APIs" - false positives removed and scope changed to add "Spring Security". |
1.1.0-funcrel
Rules
| Rule Id | New Rule | Details |
|---|
| 1060116 | TRUE | Always avoid http redirects to unknown or untrusted URLs |
| 1060114 | TRUE | Always enable authorization checks at function level for functions called on by APIs |
| 1060112 | TRUE | Review APIs not accessed by frontend functions |
| 1060110 | TRUE | Avoid filtering sensitive data using front-end |
| 1060108 | TRUE | Avoid data fields binded to columns to return sensitive data via APIs |
| 1060106 | TRUE | Avoid using generic methods such as 'ToJson' or 'ToString' to save sensitive or PII data |
| 1060104 | TRUE | Review APIs returning sensitive data fields |
