On this page:
|Summary: CAST AIP 8.3.16 introduces a number of features and changes as listed below. To view the impacts of these changes on analysis results, see: Changes in results post upgrade|
Supported Platforms - storage
Support of PostgreSQL ≥ 10 for storage
Support has been introduced for PostgreSQL 10 and 11 (64bit) as storage, i.e. AIP schemas can now be created on these versions and analyses will run as expected. Some prerequisites do apply:
- Minimum required release of CAST AIP core: 8.3.16
- Minimum required version of specific extensions:
|JEE Analyzer extension||com.castsoftware.jee||1.0.19||The required versions of these extensions are those that are delivered as "shipped extensions" in AIP 8.3.16.|
|.NET Analyzer extension||com.castsoftware.dotnet||1.0.13|
|SAP BusinessObjects Analyzer extension||com.castsoftware.businessobject||1.0.4 (LTS)|
|C and Cpp Analyzer extension||com.castsoftware.cpp||2.0.5-funcrel||-|
|iOS - Objective-C Analyzer extension||com.castsoftware.cfamily||1.5.2-funcrel||-|
Support levels are as follows:
Mainframe Analyzer - support for IBM MQSeries
In CAST AIP ≥ 8.3.16, Mainframe Analyzer supports the publisher/subscriber mode and point-to-point mode for IBM MQSeries. Publisher/Subscriber objects will be generated and Call links between Cobol objects and IBM MQ objects and between IBM MQ objects and Cobol objects will be generated by the Web Services Linker extension - you must ensure that v. ≥ 1.6.8 of this extension is installed, otherwise no links will be generated.
You can find out more information about this support in Mainframe - Technical notes.
CAST Database Extractor
The CAST Database Extractor now supports:
- (by reference) the extraction of schemas on Oracle 18c and above in line with Oracle's updated release cycle, however the extractor will handle the schemas as Oracle 12c schemas and no new syntax or features introduced in these newer releases is supported.
- Case sensitive passwords (introduced in Oracle 12c R2).
User Input Security related
Rule documentation changes
Total field updated
For several User Input Security related rules, the Total field has been updated to state "Number of potentially vulnerable methods" instead of "Number of methods calling user input methods". This is to better reflect what is returned by the rule. You can see details of these changes in Assessment Model updates in the chapter AIP 8.3.15 - 8.3.16.
External reference links updated
Links to external references have been updated for several User Input Security related rules to provide more up-to-date references. You can see details of these changes in Assessment Model updates in the chapter AIP 8.3.15 - 8.3.16.
SAP / ABAP rules
"CX_ROOT" should not be used in TRY .. CATCH.. ENDTRY block (8412)
The parent technical criterion for this rule was incorrectly set to " 61020: Programming Practices - Modularity and OO Encapsulation Conformity", but it has been changed to "61014: Programming Practices - Error and Exception Handling". See also Changes in results post upgrade - 8.3.16.
- Avoid Artifacts with High Depth of Nested Subqueries (7130)
- Avoid using BREAK or BREAK-POINT statement (7524)
- Never use the ON CHANGE OF statement (7528)
- Avoid "SELECT *" or "SELECT SINGLE *" queries (7530)
- Avoid nested SELECT ... ENDSELECT statements (7532)
- Avoid using AT events in combination of LOOP AT .... WHERE constructs (7536)
- Avoid using SELECT ... INTO CORRESPONDING FIELDS OF (7538)
- Avoid using SELECT ... ENDSELECT statement (7544)
- Avoid using "ORDER BY" in SELECTS (7592)
- Avoid using "SELECT DISTINCT", use DELETE-ADJACENT (7594)
- Avoid using SELECT ... ENDSELECT statement on XXL tables (7666)
- Avoid using EXIT statement in Include (7672)
- Avoid empty catch blocks (7788)
- Avoid Artifacts with Group By (7806)
- Avoid Artifacts with SQL statement including subqueries (7808)
- Avoid Artifacts with a Complex SELECT Clause (7810)
- Never use SQL queries with a cartesian product (7820)
- Avoid Artifacts with queries on more than 4 Tables (7822)
- Avoid using Native SQL (7882)
- Avoid SQL queries that no index can support (7902)
The following multi-techno rules have been disabled in 8.3.16 specifically and only for .NET technology and will no longer be triggered during an analysis. These rules often generated a large amount of false positive violations:
- Avoid unreferenced Classes - 7832
- Avoid unreferenced Data Members - 7912
- Avoid unreferenced Methods - 7908
Dynamic Links rule files
Dynamic Links rule files now function with SAP BusinessObjects and SAP PowerBuilder analysis results.
Some changes have been made to the structure of the Dashboard and Analysis Service schemas to reduce the potential size of the Dashboard Service schema tables DSS_LINKS and DSS_LINK_INFO:
Note that these changes mean that the following Dashboards and RestAPI deployments must be used with CAST AIP 8.3.16 schemas:
Data (links with IDs from 11000 to 11006) related to CAST Transaction Configuration Center data functions and transactions that was previously stored in these two tables will now be stored in a new table called FP_LINK_INFO. This table now contains all object details of transactions/data functions. It has exactly the same structure as DSS_LINK_INFO: