Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This rule has been updated to raise a violation when the use of Triple DES (3DES or TDES) is detected (previously the use of Triple DES would not raise a violation. Therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. You may have violations where previously there were none.

AIPCORE-93 - Avoid hard-coded credentials - 8222

Improvements have been made to improve the detection of signatures for the DBCP and SSH libraries' sendcredential methods. Therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. You may have violations where previously there were none.

AIPCORE-571 - False violations on JEE source code

...

  • java.util.Scanner is no longer considered as an input method
  • Some constructors of types with Exception in their name are incorrectly blackboxed as target "files" therefore improvements have been made. Examples:

    • Blackbox on the fly: [classpath]java.io.IOException.+ctor(ref [classpath]java.lang.String) with target file
    • Blackbox on the fly: [classpath]java.io.FileNotFoundException.+ctor() with target file
    • Blackbox on the fly: [mscorlib]System.IO.FileNotFoundException.+ctor([mscorlib]System.String) with target file
    • Blackbox on the fly: [mscorlib]System.IO.DirectoryNotFoundException.+ctor([mscorlib]System.String) with target file
  • The definition of class java.io.ObjectInputStream was missing and this has now been corrected
  • The target web (XSS) for the javax.servlet.http.HttpServletResponse.sendError class was missing and this has now been corrected

...