Summary: this page lists:
- Impacts of changes made to CAST AIP 8.3.27 on Quality Model results post upgrade
Other impacts of changes made in CAST AIP 8.3.27
All changes in results related to extensions are now listed in the extension documentation and will not appear in this page.
Impacts of changes made in CAST AIP 8.3.27 on Quality Model results post upgrade
User Input Security - new rules
The following new rules have been implemented, therefore after an upgrade to 8.3.27 and the generation of a consistency snapshot on unchanged source code, results may change: additional violations may be visible for these new rules:
|Rule ID||CWE ID||Rule name||Input name||Target name||.NET support||JEE support|
|8518||400||Avoid regular expression injection||Network.read||Regexp.write||Yes (already supported in 8.3.26)||Yes (support added in 8.3.27)|
8518 - Avoid regular expression injection
A bug has been identified where the Quality Standards tags added for this rule were incorrect. This bug has now been fixed and the correct tags have been applied. Therefore after an upgrade to 8.3.27 and the generation of a consistency snapshot on unchanged source code, results may change: reports generated through Report Generator may change and the SQL Injection tile in the Security Dashboard will now display correct information.