Due to new support introduced in 8.3.26 for the framework Microsoft.Practices.EnterpriseLibrary by the User Input Security feature, results for the rule Avoid SQL injection vulnerabilities may change after an upgrade to 8.3.26 and the generation of a consistency snapshot on unchanged source code - a decrease in the number of false violations may be visible.

Avoid file path manipulation vulnerabilities - 7752

A bug has been discovered in the User Input Security analysis which is causing false positive violations to be reported for Avoid file path manipulation vulnerabilities. This was due to a bug where the analyzer was programmed to record that the New System.IO.StreamReader for the entry-point opened a file and therefore declares a path manipulation causing a violation of the rule. This bug has been fixed and after an upgrade to 8.3.26 and the generation of a consistency snapshot on unchanged source code results may change: less violations of this rule providing more accuracy.

Other impacts of changes made in CAST AIP 8.3.26

...

Page tree

Versions Compared

Old Version 12

New Version 13

Key

Avoid file path manipulation vulnerabilities - 7752

Other impacts of changes made in CAST AIP 8.3.26

Page tree

Page History

Versions Compared

Old Version 12

New Version 13

Key

Avoid file path manipulation vulnerabilities - 7752

Other impacts of changes made in CAST AIP 8.3.26