Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This rule has been updated to add specific sanitization targets for both .NET and JEE. The following are now take into account, therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. You may have violations for this syntax where previously there were none.

.NET

  • System.Net.HttpListenerResponse.AddHeader([mscorlib]System.String,[mscorlib]System.String) // Arg 2
  • System.Web.HttpResponseBase.AddHeader([mscorlib]System.String,[mscorlib]System.String) // Arg 2
  • System.Web.HttpResponse.AddHeader([mscorlib]System.String,[mscorlib]System.String) // Arg 2
  • System.Web.HttpCookieCollection.Add(System.Web.HttpCookie) // Arg 1
  • System.Web.HttpCookieCollection.Set(System.Web.HttpCookie) // Arg 1

Java

  • javax.servlet.http.HttpServletResponse.addCookie(javax.servlet.http.Cookie) // Arg 1
  • javax.servlet.http.HttpServletResponse.addHeader([ext]java.lang.String,[ext]java.lang.String) // Arg 2
  • javax.servlet.http.HttpServletResponse.setHeader([ext]java.lang.String,[ext]java.lang.String) // Arg 2
  • org.apache.http.impl.client.BasicCookieStore.addCookie(org.apache.http.cookie.Cookie) // Arg 1
  • org.apache.http.client.CookieStore.addCookie(org.apache.http.cookie.Cookie) // Arg 1
  • javax.servlet.http.HttpServletResponseWrapper.setHeader([ext]java.lang.String,[ext]java.lang.String) // Arg 2
  • javax.servlet.http.HttpServletResponseWrapper.addHeader([ext]java.lang.String,[ext]java.lang.String) // Arg 2

AIPCORE-873 - Avoid NoSql injection - 8418

This rule existed for .NET technologies, however there was no support for JEE. This has now been fixed and therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change if you have JEE / NoSQL source code. You may have violations where previously there were none.


Other impacts of changes made in CAST AIP 8.3.16

...