This extension was previously (in version 1.0, 1.1, and 1.2) known as TypeScript and Angular.
1.6.0-funcrel
Note
This release of the extension contains a number of rule related improvements, which will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 25529 | Removed false positives for rule "Avoid using javascript HTTP request in Angular Application" |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1020804 | FALSE | Avoid using console logging. Increased the Threshold. Changed scope. Grade Impact Changed. |
| 1020808 | FALSE | Avoid using eval(). Increased the Threshold. Changed scope. |
| 1020810 | FALSE | Avoid bypassing angular security trust. Increased the Threshold. Changed scope. |
| 1020814 | FALSE | Avoid using web service calls inside a loop. Increased the threshold. Refined the scope. |
| 1020818 | FALSE | Avoid disabling xsrf check in HttpClientXsrfModule. Increased the Threshold. Changed scope. |
| 1020820 | FALSE | Avoid hardcoded passwords. Increased the Threshold. |
| 1020826 | FALSE | Avoid hardcoded network resource names. Increased the Threshold. Grade Impact Changed. |
| 1020832 | FALSE | Avoid using javascript HTTP request in Angular Application. Increased the Threshold. Refined the scope. |
| 1020852 | FALSE | Avoid using <script> tag in HTML template used by React.js components. Increased the threshold. Grade Impact Changed. |
| 1020854 | FALSE | Avoid using React dangerouslySetInnerHTML. Increased the Threshold. |
| 1020896 | FALSE | Avoid using risky cryptographic hash with nodejs. Increased the Threshold. Grade Impact Changed. |
| 1020904 | FALSE | Avoid using url.parse() with vulnerable nodejs versions. Increased the Threshold. Grade Impact Changed. |
| 1020906 | FALSE | Avoid using TLS library before Node.js 9.11.2 and 10.4.1. Increased the Threshold. Grade Impact Changed. |
| 1020908 | FALSE | Avoid using the file path validation with Node.js 8.5.0. Increased the Threshold. Grade Impact Changed. |
| 1020910 | FALSE | Avoid using path library parsing functions with vulnerable nodejs versions. Increased the Threshold. Grade Impact Changed. |
| 1020912 | FALSE | Avoid using HTTP/2 library with vulnerable nodejs versions. Increased the Threshold. Grade Impact Changed. |
| 1020914 | FALSE | Avoid using Buffer.fill() and/or Buffer.alloc() with vulnerable nodejs versions. Increased the Threshold. Grade Impact Changed. |
| 1020916 | FALSE | Avoid using Buffer library and UCS-2 encoding with vulnerable versions. Increased the Threshold. Grade Impact Changed. |
| 1020924 | FALSE | Avoid using net.Socket object as stream with vulnerable version of Node.js. Increased the Threshold. Grade Impact Changed. |
| 1020906 | FALSE | Avoid using TLS library before Node.js 9.11.2 and 10.4.1. Changed scope. |
| 1020912 | FALSE | Avoid using HTTP/2 library with vulnerable nodejs versions. Changed scope. |
| 1020916 | FALSE | Avoid using Buffer library and UCS-2 encoding with vulnerable versions. Changed scope. |
| 1020924 | FALSE | Avoid using net.Socket object as stream with vulnerable version of Node.js. Changed scope. |
| 1020886 | FALSE | Avoid using unsecured cookie with express. Grade Impact Changed. |
| 1020894 | FALSE | Avoid using string concatenation when using nodejs __dirname and __filename variables. Grade Impact Changed. |
| 1020802 | FALSE | Avoid having errors without throwing them. Refined the scope. |
| 1020828 | FALSE | Avoid String concatenation in loops. Refined the scope. |
