Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Redirect
visiblefalse
locationAIPCORE:Changes in results post upgrade - 8.3.7

Panel

On this page:

Table of Contents

Target audience:

CAST AI Administrator

...

A bug has been discovered which has meant that the rule "CWE-73: Avoid file path manipulation vulnerabilities - 7752" is returning false positive violations. This bug has been fixed and after an upgrade to CAST AIP 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may be impacted: reduced number of violations increasing accuracy.

SCRAIP-33723 - False violation for the rule "CWE-79: Avoid cross-site scripting DOM vulnerabilities - 7740"

A bug has been discovered which has meant that the rule "CWE-79: Avoid cross-site scripting DOM vulnerabilities - 7740" is returning false positive violations for methods that are correctly sanitized in the code. This bug has been fixed and after an upgrade to CAST AIP 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may be impacted: reduced number of violations increasing accuracy.

C/C++

SCRAIP-32901 - "Ensure you provide a user-defined copy constructor or disable copy when a class allocates memory in its constructor - 592"

A bug has been discovered which has meant that the rule "Ensure you provide a user-defined copy constructor or disable copy when a class allocates memory in its constructor - 592" returns false positives. This bug is now fixed, therefore, after an upgrade to CAST AIP 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may differ: reduced number of violations and improved accuracy.

Mainframe Cobol

SCRAIP-32899 - False violation for the rule - "Never truncate data in MOVE statements - 7688"

...

A bug has been discovered which is causing the transaction status in the CAST Transaction Configuration Center to remain as unchanged, even when objects are JCL Jobs, JCL Data Sets, and JCL Steps are deleted from the call path. This was due to the fact that a checksum value was never calculated for these specific Mainframe objects (JCL Job, JCL Data Set, and JCL Step) therefore any changes to them were effectively ignored by CAST AIP. This behaviour has now been changed and checksum values are now calculated for JCL Jobs, JCL Data Sets, and JCL Steps, therefore after an upgrade to CAST AIP 8.3.7 and the generation of a post-upgrade consistency snapshot on the same source code, results may be impacted.:

  • Vales for modified EFP may increase: objects that are now given checksum values will be recorded as "modified"
  • Transactions may change

Mainframe CICS

SCRAIP-33007 and SCRAIP-33068

...