|Summary: CAST AIP 8.3.19 introduces a number of features and changes as listed below. To view the impacts of these changes on analysis results, see: Changes in results post upgrade.|
IMS/DC - support introduced
Support for IMS/DC (Data Communications) has been introduced. See Mainframe - IMS DC support for more information. As a result, some changes have been implemented:
- The Mainframe Discoverer will detect a project (and therefore automatically create an Analysis Unit) for each *.tra file discovered in a folder. See Mainframe - Application qualification specifics for more information about how to generate this file type using JCL.
- .tra files have been added to the list of files that will be automatically analyzed - see for example Mainframe - Analysis configuration
- New object types will be resolved - see Mainframe - Analysis results:
|IMS Transaction File|
- A new option has been added to the Delivery Manager Tool when delivering a PDS dump file, specifically to collect IMS DC related items - click to enlarge:
JCL - Support for INZUTILB and DSNTIAUL
Support for SQL embedded in INZUTILB and DSNTIAUL items has been added.
User Input Security
AIPCORE-1373 - support for Ektorp Java API for CouchDB
NoSQL injections for applications using Ektorp Java API for CouchDB can now be detected.
AIPCORE-1371 - support for LightCouch for Java
NoSQL injections for applications using LightCouch for Java can now be detected. Results are provided via the rule 8418 - Avoid NoSQL injection.
AIPCORE-1348 - improved coverage of logger methods
Methods like "logError", "logInfo", etc. used in loggers are now automatically taken into account.
AIPCORE-1301 - improved logs
Where a blackbox contains a duplicated type (according to their mangling), the log of the tool will contain more detailed information about the issue (the name of the duplicated type or the name of the duplicated blackbox, etc.).
AIPCORE-1238 - improved handling of duplicate paths
In previous releases some violations were removed if other violation paths were found in other files with a similar position of the starting path and the ending path (same row and same column for both). The algorithm for detecting these duplicate paths has now been rewritten to provide more accurate results.
AIPCORE-1226 - support for NoSQL - Azure Cosmos DB (.NET)
NoSQL injections for applications using Azure Cosmos DB for .NET can now be detected. Results are provided via the rule 8418 - Avoid NoSQL injection.
AIPCORE-1225 - support for NoSQL - Azure Cosmos DB (Java)
NoSQL injections for applications using Azure Cosmos DB for Java can now be detected. Results are provided via the rule 8418 - Avoid NoSQL injection.
AIPCORE-1142 - improved detection of targets of the method java.io.Console.format
The targets of the method java.io.Console.format - String fmt, Object... args etc. - are now correctly detected.