User Input Security
Rule documentation updates
The following changes have been applied to rule documentation (no impact on analysis results):
Avoid code injection
The Reference section has been updated to change the CWE reference from 78 to 94 and 95.
Misc - Internal
Change to SET_DEFINITIONS table
The table SET_DEFINITIONS (Analysis schema) has been modified: the column "setprocedure" will now accept a procedure name up to 255 characters in CAST AIP ≥ 8.3.24. Previously this column only accepted procedure names with a maximum of 30 characters. Note that if extensions are to be compatible with older releases of CAST AIP, they must still use 30 characters max.