CAST AIP 8.3.x Documentation
Page tree

Versions Compared

Old Version 23

changes.mady.by.user James Hurrell

Saved on

compared with

New Version 24

changes.mady.by.user James Hurrell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Avoid using AT Events in combination of LOOP AT .... WHERE constructs (7536)This rule has been found to not function correctly in previous releases of CAST AIP. This bug has now been fixed, therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. You may have violations for this rule where previously there were none.
Avoid empty catch blocks (7788)

A bug has been discovered which was causing violations to be not reported for the following syntax:

Code Block
CATCH SYSTEM-EXCEPTIONS.

ENDCATCH.

This bug has now been fixed, therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. You may have violations for this syntax where previously there were none.

Avoid using hardcoded paths (7526)

A bug has been discovered which was causing violations to be not reported if they occurred in the VALUE part of DATA statements, for example:

Code Block
DATA d TYPE char22 VALUE 'c:/mypath'.

This bug has now been fixed, therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. You may have violations for this syntax where previously there were none.

User Input Security related

AIPCORE-571 - Avoid HTTP response splitting - 7740

This rule has been updated to add specific sanitization targets for both .NET and JEE. The following are now take into account, therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. You may have violations for this syntax where previously there were none.

.NET

  • System.Net.HttpListenerResponse.AddHeader([mscorlib]System.String,[mscorlib]System.String) // Arg 2
  • System.Web.HttpResponseBase.AddHeader([mscorlib]System.String,[mscorlib]System.String) // Arg 2
  • System.Web.HttpResponse.AddHeader([mscorlib]System.String,[mscorlib]System.String) // Arg 2
  • System.Web.HttpCookieCollection.Add(System.Web.HttpCookie) // Arg 1
  • System.Web.HttpCookieCollection.Set(System.Web.HttpCookie) // Arg 1

Java

  • javax.servlet.http.HttpServletResponse.addCookie(javax.servlet.http.Cookie) // Arg 1
  • javax.servlet.http.HttpServletResponse.addHeader([ext]java.lang.String,[ext]java.lang.String) // Arg 2
  • javax.servlet.http.HttpServletResponse.setHeader([ext]java.lang.String,[ext]java.lang.String) // Arg 2
  • org.apache.http.impl.client.BasicCookieStore.addCookie(org.apache.http.cookie.Cookie) // Arg 1
  • org.apache.http.client.CookieStore.addCookie(org.apache.http.cookie.Cookie) // Arg 1
  • javax.servlet.http.HttpServletResponseWrapper.setHeader([ext]java.lang.String,[ext]java.lang.String) // Arg 2
  • javax.servlet.http.HttpServletResponseWrapper.addHeader([ext]java.lang.String,[ext]java.lang.String) // Arg 2

Other impacts of changes made in CAST AIP 8.3.16

...