Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel

Table of Contents


Info
Summary: CAST AIP 8.3.19 introduces a number of features and changes as listed below. To view the impacts of these changes on analysis results, see: Changes in results post upgrade.

Mainframe analyzer

User Input Security

AIPCORE-1373 - support for Ektorp Java API for CouchDB

NoSQL injections for applications using Ektorp Java API for CouchDB can now be detected.

AIPCORE-1371 - support for LightCouch for Java

NoSQL injections for applications using LightCouch for Java can now be detected. Results are provided via the rule 8418 - Avoid NoSQL injection.

AIPCORE-1348 - improved coverage of logger methods

Methods like "logError", "logInfo", etc. used in loggers are now automatically taken into account.

AIPCORE-1301 - improved logs

Where a blackbox contains a duplicated type (according to their mangling), the log of the tool will contain more detailed information about the issue (the name of the duplicated type or the name of the duplicated blackbox, etc.).

AIPCORE-1238 - improved handling of duplicate paths

In previous releases some violations were removed if other violation paths were found in other files with a similar position of the starting path and the ending path (same row and same column for both). The algorithm for detecting these duplicate paths has now been rewritten to provide more accurate results.

AIPCORE-1226 - support for NoSQL - Azure Cosmos DB (.NET)

NoSQL injections for applications using Azure Cosmos DB for .NET can now be detected. Results are provided via the rule 8418 - Avoid NoSQL injection.

AIPCORE-1225 - support for NoSQL - Azure Cosmos DB (Java)

NoSQL injections for applications using Azure Cosmos DB for Java can now be detected. Results are provided via the rule 8418 - Avoid NoSQL injection.

AIPCORE-1142 - improved detection of targets of the method java.io.Console.format

The targets of the method java.io.Console.format - String fmt, Object... args etc. - are now correctly detected.