Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Impacts of changes made in CAST AIP 8.3.16 on Quality Model results post upgrade

.NET

Various rules

The following multi-techno rules have been disabled in 8.3.16 specifically and only for .NET technology and will no longer be triggered during an analysis. These rules often generated a large amount of false positive violations. As a result of this change, results may be impacted - no violations will be triggered for any of these rules, therefore potentially impacting grades and existing results:

Mainframe

MAINFRAME-283 - Prefer using indexes instead of subscripts - 8142

...

This rule has been updated to add specific target methods for both .NET and JEE. The methods listed below are now take into account, therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. You may have violations where previously there were none.

.NET

  • System.Net.HttpListenerResponse.AddHeader([mscorlib]System.String,[mscorlib]System.String) // Arg 2
  • System.Web.HttpResponseBase.AddHeader([mscorlib]System.String,[mscorlib]System.String) // Arg 2
  • System.Web.HttpResponse.AddHeader([mscorlib]System.String,[mscorlib]System.String) // Arg 2
  • System.Web.HttpCookieCollection.Add(System.Web.HttpCookie) // Arg 1
  • System.Web.HttpCookieCollection.Set(System.Web.HttpCookie) // Arg 1

...

  • Avoid using insufficient random values for cookies - 8242
  • Avoid weak cryptographic algorithm - 8414
  • Avoid use of a reversible one-way hash - 8416
  • Avoid using hard-coded HMAC keys - 8424

...