|Technology||Component/s||Situation||Symptoms||Workaround||Affected Version/s||Internal ID|
Export the list of violation via Rest API by using the Preferred Media Type: text/csv
Internal Server Error - Response Status 500
|Upgrade CAST schemata from 8.2.x to 8.3.x using Server Manager |
AND the C-Family extension is installed in the 8.2.x schemata before upgrade
AND the C-Family extension is not present in your 8.3.x extension folder
(Note: As a consequence, the C-Family extension is removed from CAST schemata during upgrade.)
|When opening CAST Management Studio (CAST-MS) and verifying the Assessment Model, you will see warnings in the Assessment Model Validation View: |
Missing Associated Value
Missing Number of Associated Value
Missing Computing Configuration
Missing XXL Quality Rule
Note: These warnings have no consequence on snapshot results and can be safely ignored.
As a workaround, you can removing all C-Family quality rules from Assessment Models before upgrading schemata.
These are quality rules with IDs between 1050000 and 1050050
# | Rule ID | Rule Name
1 1050000 Avoid using the call of web service with iOS/Objective-C API inside a loop
2 1050002 Avoid using NSString stringWithFormat on behalf of NSURL instance
3 1050004 Avoid using NSPredicate predicateWithFormat
4 1050006 Avoid using NSException raise:format: and raise:format:arguments:
5 1050008 Avoid using NSMutableString appendFormat: on behalf of NSURL instance
6 1050010 Avoid using NSURLRequest setAllowsAnyHTTPSCertificate:forHost
7 1050012 Objective-C interface overrides the isEqual: method but not the hash method
8 1050014 UIApplication delegate applicationDidEnterBackground: must delete sensitive data
9 1050016 Never use strcat() function
10 1050018 Never use strcpy() function
11 1050020 Avoid return statement in @finally block
12 1050022 Avoid using deprecated SSL protocol
13 1050024 Avoid using kSecAttrAccessibleAlways attribute when storing data in the Keychain
14 1050026 Avoid using non thread-safe Objective-C singleton pattern
15 1050028 Always use LAContext canEvaluatePolicy: before using evaluatePolicy:
16 1050030 Ensure the Objective-C error condition check is not fragile
17 1050032 Ensure that LAContext evaluatePolicy: reply block success is checked
18 1050034 Ensure that LAContext evaluatePolicy: reply block is not empty
19 1050036 Ensure that iOS Projects are ARC enabled
20 1050038 Avoid using NSURLRequestUseProtocolCachePolicy for NSURLRequest
21 1050040 Avoid using SecTransform API
22 1050042 Avoid synchronizing the credentials with iCloud
23 1050044 Avoid weak encryption providing sufficient key size
24 1050046 Avoid weak encryption algorithm
25 1050048 Avoid creating file without protection
26 1050050 Avoid using cryptography hash without salt
|Using Extension Downloader to install Technology Extension For Flex (com.castsoftware.flex), version 1.0.2, 1.0.3, or 1.0.4.||Installation fails with following error: |
The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters.
Set your default temporary folder (as defined by Windows environment variable %TMP%) to a path of 10 characters and launch Extension Downloader from the command line. For instance:
|Delivery Manager Tool||Upgrade CAST schemata from 8.2.x to 8.3.x using Server Manager |
And the schemata contain a Business Objects (BO) application
|After upgrade with Server Manager, it is impossible to open Delivery Manager Tool (DMT). You get following error message: |
|Using CAST Server Manager to upgrade using Assessment Model option "default AM". |
Look at logs under %TEMP%\CAST\CAST\8.3\Servman
|The log file contains this warning message: "WRN: :- Cannot find: CAST 8.3.3 Assessment Model"||8.3.3||SCRAIP-31507|
|Analyzing an application made of 2 (or more) technologies. E.g. C++ and PHP |
And source code of different technologies shares a common parent folder. E.g.:
Note: For each folder in the source code path, AIP creates a "Directory" object. Directory objects have specific types, such as "C++ Directory" or "UA Directory" (PHP is analyzed with the Universal Analyzer, UA).
|Following quality rules can report less violations than expected: |
-- .NET: Consistent File full name and directory structure (DIAG_SCOPE_ASPBEST008)
-- .NET: Index pages and global.asa location in the root directory (DIAG_SCOPE_ASPBEST009)
-- C++: Count of Objects likely to use structures (DIAG_CPP_ANA_USING_STR_TOTAL)
In Enlighten and in Development view of CAST Engineering Dashboard (CED):
Only a single Directory object is created for the parent folder. The type of the Directory object for the parent folder depends on the analysis order of the technologies. The Directory object takes the type of the first technology analyzed within the application.
Expected are as many Directory objects as there are different technologies underneath the parent folder, each having the type of the respective technology.
For the example given in "Situation", 3 Directory objects are created:
-- A "C++ Directory" for "Sources" folder (if C++ is analyzed before PHP, otherwise it will be a "UA Directory")
-- A "C++ Directory" for "CPP" folder
-- A "UA Directory" for "PHP" folder
-- A "C++ Directory" for "Sources" folder
-- A "UA Directory" for "Sources" folder
-- A "C++ Directory" for "CPP" folder
-- A "UA Directory" for "PHP" folder
|When analyzing an application containing T-SQL code that includes tables with indexes.||Results for all Quality Rules related to table indexes are incomplete (some violations are missing) and metrics related to table indexes (for example Line number where no index is used in a WHERE clause) are below their real value.||8.2.3||SCRAIP-24977|
|Application Engineering Dashboard (AED)||Analyzing a JEE application |
and a module is shared between several analysis units of the application
and shared modules are in violations,
|The information displayed for quality rule "Avoid cyclical calls and inheritances between packages" are inconsistent. For instance: |
* The grades is shown as evolving while no violation is added
* The number of object in violation is inconsistant with the number of failed checks
Violations are not counted consistently, resulting in the issues listed above.
|During a quality analysis of .ABAP, PowerBuilder, C++, C#, VB.NET or JEE||Violationof rule 'Avoid Classes with a High Lack of Cohesion' is raised for classes without any member variable (function container)||None. |
The standard "cohesion" metric is defined to be 1 for this kind of class, which are not really recommended in an object oriented environment. This will mark them as in violation, even though this can be considered as a valid programming pattern in some context.
|when you load the CED page "Investigation - Application Drilldown" multiple times without having results displayed||Depending on application size, it can takes time to display results, then if you try to reload the page, it will duplicate a dashboard job that is going to insert data in the database. As a result, you will have duplicated information in the page for "number of violated rules", "number of objects with violations", "number of violations"||Don't reload the page until the page display results||8.2.0||SCRAIP-21320|
|Any analysis where the Module configuration does not use the "Full content module" option.||The execution report, available in CMS at the end of the snapshot procedure, indicate one extra module, compared to what is configured and displayed elsewhere in the product (Modules tab in CMS, Dashboard)||None. This is a pure display bug, without any consequence on the results.||8.1.0||SCRAIP-18678|
|Running the first analysis of an application just after upgrade from a version older that 8.0.0||CMS verification view shows an error similar to "[Object ID] :Code xxx does not correspond to an active type". |
It comes from the facts that some object types linked to the legacy VB.NET analyzer (version 7.3 and older) don't have an exact matching type in recent versions. They are left in the configuration as is, but are considered invalid.
This will happen most often for an applcation which uses C# or VB.NET, but these type be used (by mistake) in any application.
|The objects indicated in the error (module definition, AU definition) must be edited in CMS, removing the legacy type, and making them use the new types as applicable.||8.0.0||SCRAIP-13699|
|Transaction Configuration Center (TCC)||With the .NET technology, you can create a dependency link either directly between two projects, or between one project and an assembly that was generated by another project. In the second case, if you have several copies of the same DLL (possibly with different versions), you should always reference the same file in all projects. If several versions of the file (even identical but in different paths) are selected, they will conflict with each other.||Some objects and links may be missing from the analysis results (and therefore transactions may also be missing and the Function Point count may be incorrect), with no message about unresolved calls even when looking at the log in debug mode.||If you are in this situation, you can, before packaging the application with the Delivery Manager Tool, change the project files to manually ensure only one file is referenced. You can do this in Visual Studio, or manually in the .csproj files. |
Alternatively, if you reference an assembly that is built by another project in your delivery, you can also replace all assembly references to it with a project reference, which will bring more benefits.
|CMS Snapshot/Analysis - Generate Modules||Re-analysis of an application, where the execution split has been changed. That is, grouping of analysis units in execution units has been updated, in order to work around memory issues, or for any other reason.||In the Dashboard, some modules appear empty, or some objects are marked as deleted even though they exist in the code. When checking the module content in CAST Management Studio, the objects still appear. |
There is no easy workaround for that problem. The data used to compute final results of the analysis have been corrupted by the execution units reorganization. Please get in touch with CAST Support, they will help you fix the problem.
|CAST Dashboard||When upgrading from CAST AIP 7.0.x to CAST AIP 7.3.x and looking at the dates listed for the current and previous snapshots in the CAST Engineering Dashboard.||A discrepancy is displayed regarding the dates if the snapshot that was generated at the end of the CAST migration process is deleted and re-generated. In this situation the current snapshot date is displayed correctly, but the previous snapshot date is incorrect and refers to an older snapshot.||7.3.4||SCRAIP-7119|
|The violations on diag 'Avoid having SQL code in Triggers named pre-record' disappear when there is no squirrel package in the version.||Missing violations on the diag 'Avoid having SQL code in Triggers named pre-record'.||7.3.0||SCRAIP-3057|
|CAST Update Tool (CUT)||Migrating from 7.2 to 7.3 using CAST Update Tool (CUT). |
And having a delivery folder shared among mutiple Mangement Bases (MB).
And having all MBs of the delivery folder ticked in CUT for update.
|CUT displays incorrectly a "Confirmation" dialog box. The dialog box reads: |
"You must select all MBs that manage applications within a delivery folder. Refer to the documentation.
Database(s) missing in folder <delivery folder>:
And <n> MBs not listed in the connection profiles.
Do you want to continue?
<OK> / <Cancel>
|Note: If ALL MBs have been ticked, the message is incorrectly displayed and can be safely ignored and you can proceed by clicking "OK". Migration will succeed. |
However, if there are MBs that have not been ticked, you MUST NOT proceed but make sure that you select all MBs first.
|CAST Management Studio (CMS)||- Duplicate a csproj under a folder with a lot of .NET sources|
in DMT, create a package containing duplicated projects
Analyze in one way duplicated projects
|Performance issue occurs in merging phase of analyzer||Remove duplicated sources to restore performances||7.3.0||SCRAIP-2902|
|CMS Snapshot/Analysis - Compute Snapshot||Two Applications (A and B) exist in the CAST Management Studio and objects in Application A have links to objects in Application B. To identify and save these links, a custom dependency is created between the two Applications.||When the "Take a snapshot of each Application" option is run for the first time after defining the dependency, no links between the two Applications are identified.||Re-run the "Take a snapshot of each Application" option to obtain the links between the two Applications.||7.3.0||SCRAIP-1539|
|Using Cast Management Studio or the Delivery Manager Tool on Windows 8 or 10, with a High Resolution Display||Many text fields are not correctly displayed, the text is too big and partially visible.||Change the display scaling factor back to 100%. CMS/DMT do not correctly handle the recent UI scaling introduced by Windows for High DPI screens. |
In Windows 10, right click on the Desktop Background, select "Display settings".
In that window, move the "Change the size of text (...)" slider to 100%, even if it is not the recommended value.
|When using the CAST AIC Portal||When you rename an Application in the CAST AIC Portal, the name change is not reflected when subsequently using the Delivery Manager Tool (the Application name has not been updated).||7.2.3||SCRAIP-14968|
|CMS Snapshot/Analysis||When generating a snapshot in the CAST Management Studio on one machine and having the CAST Storage Service installed on a different machine and each machine is showing different time (or is configured to a different time zone).||The capture date/time of the snapshot is not consistent between the CAST Management Studio and the CAST Storage Service.||7.2.0||SCRAIP-949|
|CAST Dashboard||Occurs on CAST Engineering Dashboard, Investigation - Quality Model Drilldown view when selecting a Distribution.||Depending from which Business Criteria, list of objects selected for the distribution will be not the same if some objects exists without any violations. |
If distribution is selected through Heath Factor indicator, then list of objects are sorted by PRI and so only objects with violations are listed
If distribution is selected through TQI or Rules Compliance indicator, then list of objects are sorted by name and contained all objects even those with no violations
There is no impact on the grade that is similar everywhere.
|CAST Management Studio (CMS)||When synchronizing an Assessment Model on a Dashboard Service after some documentation update||The synchronization fails with "Invalid language symbol 'English' in metric ID <x>||Remove the 'English' translation of the default 'English' text for the indicators with External ID <x>.||7.1.0||SCRAIP-13532|
|When using the CAST Management Studio and editing an Analysis Unit that enables you to include or exclude source files/folders (C/C++ for example).||If you add an exclusion/inclusion and then click the Cancel button, a blank entry is added to the list of exclusion and inclusions.||7.1.0||SCRAIP-14969|
|When changing the path to the Deployment folder in the CAST Management Studio.||The help explanation displayed in the dialog box is truncated.||7.1.0||SCRAIP-14970|
|When using the CAST Delivery Manager Tool to create a remediation item.||On cancelling the remediation creation window, the remediation is added anyway.||7.1.0||SCRAIP-14971|
|- Running analysis of an Application with Castms command line : |
CAST-MS-cli.exe RunAnalysis -connectionProfile myConnectString -deliveryUnit myDU -system mySystem -appli myApplication
- And there is no application "myApplication" in the Delivery Unit.
|All applications are analyzed instead of only the one defined in the command line (myApplication).||Make sure the application defined in command line exists in the Delivery Unit portfolio.||7.0.9||SCRAIP-14981|
|CAST Dashboard||When selecting a Business Criteria in the Investigation view and when working with Internet Explorer 7 or 8.||Selecting a Business Criteria will sometimes cause a different Business Criteria to be selected and updated.||Sort the Business Criterion column using the column header.||7.0.7||SCRAIP-13777|
|New User Defined Table types added after an initial analysis/snapshot are missing from the Analysis Service if they are not called by another SQL object.||You take a snapshot for a database that may contain User Defined Table types. |
You then add a new User Defined Table type and execute a second snapshot. You check in CAST Enlighten to see if this User Defined Table type exists or not. The object is missing.
You then add a new procedure that calls this User Defined Table type and then execute a third snapshot. When you check with Enlighten, the object now exists.
If the User Defined Table type exists in the application before the first analysis/snapshot, it will be saved ; if not, it is saved in your Analysis Service only when it is referenced by another SQL object (eg. : by a stored procedure).
|The Metrics Assistant wizard does not allow the use of functions and procedures defined in 'Object types'||6.4.1||SCRAIP-14984|
|When different languages (java, js, html ...) are present on one single line of code, the computed 'number of lines of code' is wrong.||6.4.1||SCRAIP-14998|
|Having an object in one database (e.g. a procedure in database A) accessing an object in another database (e.g. a table in database B) and the following conditions are met: |
- Both databases have been previously analyzed and therefore exist already in the KB.
- The two databases are analyzed by different jobs.
- The option 'Auto register called databases' is OFF in the job analyzing database A.
|Missing link between objects in different database when both databases exist in the KB and are analyzed separately |
In the job log the following informational message is contained. The job finishes successfully.
Information: Skipped Ref. procedure 'my_proc' -> table 'my_db..my_table' because 'my_db..my_table' is in a foreign database that not registered.
In Enlighten, there is no link between my_proc and my_db..my_table.
|Either set option 'Auto register called databases' to ON in the job analyzing database A, or analyze both databases in one single job.||6.4.1||SCRAIP-14769|
|- Analysing a JSP or ASP application. |
- In a JSP or ASP file, the last Script tag used specifies a different script language than the previous tags.
|- All Script tags used in the file are considered as being of the same language as the last Script tag found in the file. |
- This can result in a syntax error during analysis when analyzing scripts using different Script Languages in the same file.
|Modify the last Script tag in the file: Text replacement : Add at the end of the last tag used in the file the Script language different that the one used for this tag |
- the last tag in the page is in vbScript
Please note the '%20' notation that is used for the space character.