This extension was previously (in version 1.0, 1.1, and 1.2) known as TypeScript and Angular.
Summary: This document provides information about changes and new features introduced in this release.
1.4.0-funcrel
Updates
- Node.js Web services are supported
- Methods defined within maps (i.e. dictionaries) are supported
New rules
Below table lists the new rules added in this release of the extension.
| 1020898 | Avoid having multiple routes for the same path with Node.js Express App (TypeScript) |
| 1020900 | Avoid enabling unsecure Node.js (TypeScript) |
| 1020902 | Ensure the Content-Security-Policy is activated with express (TypeScript) |
| 1020904 | Avoid using url.parse() with vulnerable Nodejs versions (TypeScript) |
| 1020906 | Avoid using TLS library before Node.js 9.11.2 and 10.4.1 (TypeScript) |
| 1020908 | Avoid using the file path validation with Node.js 8.5.0 (TypeScript) |
| 1020910 | Avoid using path library parsing functions with vulnerable nodejs versions (TypeScript) |
| 1020912 | Avoid using HTTP/2 library with vulnerable nodejs versions (TypeScript) |
| 1020914 | Avoid using Buffer.fill() and/or Buffer.alloc() with vulnerable nodejs versions (TypeScript) |
| 1020916 | Avoid using Buffer library and UCS-2 encoding with vulnerable versions (TypeScript) |
| 1020918 | Avoid using Node.js query-mysql third-party (TypeScript) |
| 1020920 | Avoid disabling SSL verification in node-curl (TypeScript) |
| 1020922 | Avoid bypassing self-signed ssl certificate with Node.js (TypeScript) |
| 1020924 | Avoid using net.Socket object as stream with vulnerable version of Node.js (TypeScript) |
| 1020926 | Avoid string interpolations to prevent SQL injections (TypeScript) |
| 7156 | Avoid too many copy pasted artifacts |
The rule "Avoid too many copy pasted artifacts" depends on com.castsoftware.html5 extension. It will be activated automatically for TypeScript source code when using a version of com.castsoftware.html5 >= 2.0.15-funcrel.
1.4.0-beta1
Updates
- Added support for Sequelize framework
- Added support for TypeORM framework
- The fullname and parents of mongoose MongoDB connection and collection objects were changed for consistency with other extensions.
- New rules added, see https://technologies.castsoftware.com/rules?sec=srs_typescript&ref=||1.4.0-beta1
New rules
Below table lists the new rules added in this release of the extension.
| 1020860 | Avoid using setInterval() (TypeScript) |
1020870 | Avoid using setTimeout() (TypeScript) |
| 1020874 | Avoid the lack of error handling in the Node.js callbacks (TypeScript) |
| 1020876 | Avoid using the Node.js process.exit() (TypeScript) |
| 1020878 | Ensure the express X-XSS-Protection header is enabled (TypeScript) |
| 1020880 | Ensure the express X-Powered-By header is disabled (TypeScript) |
| 1020882 | Ensure the express X-Frame-Options header is setup (TypeScript) |
| 1020884 | Ensure that the browser cannot cache or store a page when using express (TypeScript) |
| 1020886 | Avoid using an unsecured cookie with express (TypeScript) |
| 1020888 | Avoid unsecured connection to the express Node.js server (TypeScript) |
| 1020890 | Ensure that CSRF Protection is enabled when using express (TypeScript) |
| 1020892 | Ensure Node.js filesystem are closed (TypeScript) |
| 1020894 | Avoid using string concatenation when using Node.js __dirname and __filename variables (TypeScript) |
| 1020896 | Avoid using a risky cryptographic hash with Node.js (TypeScript) |
Resolved issues
Internal ID | Call ID | Summary |
|---|---|---|
| ANGTS-114 | - | Extend the rule "Avoid using web service calls inside a loop" to rxjs/ajax web service calls |
| ANGTS-266 | 20864 | Missing links between Angular Delete Service and JAX-RS Operation |
| ANGTS-287 | 21710 | Missing angular operation |
Dependency issue
This version of the analyzer requires a version of com.castsoftware.nodejs >= 2.2.1-funcrel. This dependency is not specified in the analyzer and a recent enough version of nodejs will not be downloaded by default.
