Supported Platforms - storage
Support of PostgreSQL ≥ 10 for storage
Support has been introduced for PostgreSQL 10 and 11 (64bit) as storage, i.e. AIP schemas can now be created on these versions and analyses will run as expected. Some prerequisites do apply:
- Minimum required release of CAST AIP core: 8.3.16
- Minimum required version of specific extensions:
|JEE Analyzer extension||com.castsoftware.jee||1.0.19||The required versions of these extensions are those that are delivered as "shipped extensions" in AIP 8.3.16.|
|.NET Analyzer extension||com.castsoftware.dotnet||1.0.13|
|SAP BusinessObjects Analyzer extension||com.castsoftware.businessobject||1.0.4 (LTS)|
|C and Cpp Analyzer extension||com.castsoftware.cpp||2.0.5-funcrel||-|
|iOS - Objective-C Analyzer extension||com.castsoftware.cfamily||1.5.2-funcrel||-|
Mainframe Analyzer - support for IBM MQSeries
In CAST AIP ≥ 8.3.16, Mainframe Analyzer supports the publisher/subscriber mode and point-to-point mode for IBM MQSeries. Publisher/Subscriber objects will be generated and Call links between Cobol objects and IBM MQ objects and between IBM MQ objects and Cobol objects will be generated by the Web Services Linker extension - you must ensure that v. ≥ 1.6.8 of this extension is installed, otherwise no links will be generated.
You can find out more information about this support in Mainframe - Technical notes.
CAST Database Extractor
The CAST Database Extractor now supports:
- (by reference) the extraction of schemas on Oracle 18c and above in line with Oracle's updated release cycle, however the extractor will handle the schemas as Oracle 12c schemas and no new syntax or features introduced in these newer releases is supported.
- Case sensitive passwords (introduced in Oracle 12c R2).
User Input Security related
Rule documentation changes
Total field updated
For several User Input Security related rules, the Total field has been updated to state "Number of potentially vulnerable methods" instead of "Number of methods calling user input methods". This is to better reflect what is returned by the rule. You can see details of these changes in Assessment Model updates in the chapter AIP 8.3.15 - 8.3.16.
External reference links updated
Links to external references have been updated for several User Input Security related rules to provide more up-to-date references. You can see details of these changes in Assessment Model updates in the chapter AIP 8.3.15 - 8.3.16.
SAP / ABAP rules
"CX_ROOT" should not be used in TRY .. CATCH.. ENDTRY block (8412)
The parent technical criterion for this rule was incorrectly set to 61020: Programming Practices - Modularity and OO Encapsulation Conformity, but it has been changed to 61014: Programming Practices - Error and Exception Handling. See also Changes in results post upgrade - 8.3.16.
Source code bookmarks implemented
Bookmarks indicating the position of violations in the source code have been implemented for the following SAP/ABAP rules:
- Avoid Artifacts with High Depth of Nested Subqueries (7130)
- Avoid using BREAK or BREAK-POINT statement (7524)
- Never use the ON CHANGE OF statement (7528)
- Avoid "SELECT *" or "SELECT SINGLE *" queries (7530)
- Avoid nested SELECT ... ENDSELECT statements (7532)
- Avoid using AT events in combination of LOOP AT .... WHERE constructs (7536)
- Avoid using SELECT ... INTO CORRESPONDING FIELDS OF (7538)
- Avoid using SELECT ... ENDSELECT statement (7544)
- Avoid using "ORDER BY" in SELECTS (7592)
- Avoid using "SELECT DISTINCT", use DELETE-ADJACENT (7594)
- Avoid using SELECT ... ENDSELECT statement on XXL tables (7666)
- Avoid using EXIT statement in Include (7672)
- Avoid empty catch blocks (7788)
- Avoid Artifacts with Group By (7806)
- Avoid Artifacts with SQL statement including subqueries (7808)
- Avoid Artifacts with a Complex SELECT Clause (7810)
- Never use SQL queries with a cartesian product (7820)
- Avoid Artifacts with queries on more than 4 Tables (7822)
- Avoid using Native SQL (7882)
- Avoid SQL queries that no index can support (7902)
The following multi-techno rules have been disabled in 8.3.16 specifically and only for .NET technology and will no longer be triggered during an analysis. These rules often generated a large amount of false positive violations:
- Avoid unreferenced Classes - 7832
- Avoid unreferenced Data Members - 7912
- Avoid unreferenced Methods - 7908
Dynamic Links rule files
Dynamic Links rule files now function with SAP BusinessObjects and SAP PowerBuilder analysis results.
Changes to the structure of the Dashboard and Analysis Services schemas
Some changes have been made to the structure of the Dashboard and Analysis Service schemas to reduce the potential size of the Dashboard Service schema tables DSS_LINKS and DSS_LINK_INFO:
Note that these changes mean that the following Dashboards and RestAPI deployments must be used with CAST AIP 8.3.16 schemas:
- Version ≥ 1.11.2 of standalone dashboard WARs
- Version ≥ 1.12.0 of CAST AIP Console for embedded dashboards
- The dashboard WARS delivered with CAST AIP (in the WARS folder). Note that these dashboards are set to version 1.5 and do not contain any enhancement introduced in more recent standalone dashboard package WARS.
FP_LINK_INFO table (new)
Data (links with IDs from 11000 to 11006) related to CAST Transaction Configuration Center data functions and transactions that was previously stored in these two tables will now be stored in a new table called FP_LINK_INFO. This table now contains all object details of transactions/data functions. It has exactly the same structure as DSS_LINK_INFO:
|SNAPSHOT_ID||the snapshot id|
|PREVIOUS_OBJECT_ID||data function or transaction|
|LINK_TYPE_ID||between 11000 and 11006|
|NEXT_OBJECT_ID||detail object of a transaction/data function|
Impact on Analysis Services schema
Details of transactions and data functions are now sent to a new table called DSS_FPLINKS (previously DSS_LINKS was used).
Transfer from Analysis to Dashboard Service schema
The links in DSS_FPLINKS in the Analysis Service schema are sent to the Dashboard Service schema via a new table called DSS_IN_FPLINKS (previously DSS_IN_LINKS was used).
Impact on Dashboard Services schema
The data related to details of transactions and data functions are now stored in a new table called FP_LINK_INFO (previously DSS_LINK_INFO was used).
Upgrade and impact
This change is handled by the CAST upgrade process and does not require any manual steps. All occurences of link_type_id between 11000 and 11006 will be:
- Moved from DSS_LINK_INFO to FP_LINK_INFO
- Removed from both DSS_LINK_INFO and DSS_LINKS
If you have custom scripts that fetch data from any of the existing tables, please ensure that you update these scripts yourself.