Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Summary: CAST AIP 8.3.19 introduces a number of features and changes as listed below. To view the impacts of these changes on analysis results, see: Changes in results post upgrade.

User Input Security

AIPCORE-1348 - improved coverage of logger methods

Methods like "logError", "logInfo", etc. used in loggers are now automatically taken into account.

AIPCORE-1238 - improved handling of duplicate paths

In previous releases some violations were removed if other violation paths were found in other files with a similar position of the starting path and the ending path (same row and same column for both). The algorithm for detecting these duplicate paths has now been rewritten to provide more accurate results.

AIPCORE-1226 - support for NoSQL - Azure Cosmos DB (.NET)

NoSQL injections for applications using Azure Cosmos DB for .NET can now be detected. Results are provided via the rule 8418 - Avoid NoSQL injection.

AIPCORE-1225 - support for NoSQL - Azure Cosmos DB (Java)

NoSQL injections for applications using Azure Cosmos DB for Java can now be detected. Results are provided via the rule 8418 - Avoid NoSQL injection.

AIPCORE-1142 - improved detection of targets of the method java.io.Console.format

The targets of the method java.io.Console.format - String fmt, Object... args etc. - are now correctly detected.

AIPCORE-1301 - Improved logs

Where a blackbox contains a duplicated type (according to their mangling), the log of the tool will contain more detailed information about the issue (the name of the duplicated type or the name of the duplicated blackbox, etc.).

  • No labels