A bug has been discovered that is causing the values for Total Checks and Number of Violations to be erroneous (the total number Number of violations Violations is higher than the total number of checks performed, which then generated an erroneous Compliance value) for the following User Input Security related rules:
- Avoid using insufficient random values for cookies - 8242
- Avoid weak cryptographic algorithm - 8414
- Avoid use of a reversible one-way hash - 8416
- Avoid using hard-coded HMAC keys - 8424
This bug has now been fixed therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. Number of violations should be equal to or less than the Total checks, generating a coherent Compliance value.
AIPCORE-571 - False violations on JEE source code