On this page: Target audience: CAST AI Administrator |
Summary: this page lists:
|
All changes in results related to extensions are now listed in the extension documentation and will not appear in this page. |
The following multi-techno rules have been disabled in 8.3.16 specifically and only for .NET technology and will no longer be triggered during an analysis. These rules often generated a large amount of false positive violations. As a result of this change, results may be impacted - no violations will be triggered for any of these rules, therefore potentially impacting grades and existing results:
A bug has been discovered which is causing false positive violations of this rule (when indexes are used, violations are still reported). This bug has now been fixed, therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change: less false positives, more accuracy.
A bug has been discovered which is causing false positive violations of this rule (a false link between two objects). This bug has now been fixed, therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change: less false positives, more accuracy.
A bug has been discovered which is causing false positive violations of this rule (incorrect handling of the syntax FETCH / END-FETCH). This bug has now been fixed, therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change: less false positives, more accuracy.
A bug has been discovered which is causing false positive violations of this rule when the variables have subordinate items and the comparison is based on a block. This bug has now been fixed, therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change: less false positives, more accuracy.
A bug has been discovered which is causing false positive violations of this rule when SQLCODE is checked outside perform statement of a paragraph. This bug has now been fixed, therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change: less false positives, more accuracy.
The parent technical criterion for this rule was incorrectly set to 61020: Programming Practices - Modularity and OO Encapsulation Conformity, and this has now been changed to 61014: Programming Practices - Error and Exception Handling. Therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. Grades for the new and previous parent technical criteria and Health Factors will change.
The following rules have been disabled in CAST AIP 8.3.16, therefore after upgrade to this release and the generation of a post upgrade consistency snapshot on unchanged source code, results may differ:
Various bugs have been fixed in this release, therefore after upgrade to this release and the generation of a post upgrade consistency snapshot on unchanged source code, results may differ:
Avoid using AT Events in combination of LOOP AT .... WHERE constructs (7536) | This rule has been found to not function correctly in previous releases of CAST AIP. This bug has now been fixed, therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. You may have violations for this rule where previously there were none. | |
---|---|---|
Avoid empty catch blocks (7788) | A bug has been discovered which was causing violations to be not reported for the following syntax:
This bug has now been fixed, therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. You may have violations for this syntax where previously there were none. | |
Avoid using hardcoded paths (7526) | A bug has been discovered which was causing violations to be not reported if they occurred in the VALUE part of DATA statements, for example:
This bug has now been fixed, therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. You may have violations for this syntax where previously there were none. |
This rule has been updated to add specific target methods for both .NET and JEE. The methods listed below are now take into account, therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. You may have violations where previously there were none.
This rule existed for .NET technologies, however there was no support for JEE. This has now been fixed and therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change if you have JEE / NoSQL source code. You may have violations where previously there were none.
This rule has been updated to take into account the following targets in the namespace System.Diagnostics.Debug, methods:
Therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. You may have violations where previously there were none.
This rule has been updated to raise a violation when the use of Triple DES (3DES or TDES) is detected (previously the use of Triple DES would not raise a violation. Therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. You may have violations where previously there were none.
Improvements have been made to improve the detection of signatures for the DBCP and SSH libraries' sendcredential methods. Therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. You may have violations where previously there were none.
A bug has been discovered that is causing the values for Total Checks and Number of Violations to be erroneous (the total Number of Violations is higher than the total number of checks performed, which then generated an erroneous Compliance value) for the following User Input Security related rules:
This bug has now been fixed therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. Number of violations should be equal to or less than the Total checks, generating a coherent Compliance value.
Various false violations have been discovered in User Input Security related rules, therefore the following changes have been made in an effort to reduce the number of false violations:
Some constructors of types with Exception in their name are incorrectly blackboxed as target "files" therefore improvements have been made. Examples:
Therefore, after an upgrade to CAST AIP 8.3.16 and the generation of a post-upgrade consistency snapshot on unchanged source code, results may change. You may no longer have violations where previously violations existed.
A change has been made to the way in which the analyzer handles the XMLROOT syntax (use of an "identifier" instead of "VERSION"). As a result of this change, after an upgrade to CAST AIP ≥ 8.3.16 and the generation of a post upgrade consistency snapshot on unchanged source code, you should expect many Oracle PL/SQL objects to be marked as modified.
A bug has been discovered which is causing the creation of an incorrect Cobol program object called "TO" for the "MOVE PROGRAM-ID ... TO ..." syntax found in cobybook files. This bug has now been fixed (the syntax is correctly handled) therefore, as a result of this change, after an upgrade to CAST AIP ≥ 8.3.16 and the generation of a post upgrade consistency snapshot on unchanged source code, results may change - less invalid objects providing more accuracy.
When running a Mainframe analysis, Cobol Transaction objects may be created with object names that contain only special characters such as * or /. This is due to the way the Inference Engine functions. A fix has been provided to avoid creating objects via the Inference Engine which contain only special characters (in other words, objects must contain at least one alphabetical character), therefore, as a result of this change, after an upgrade to CAST AIP ≥ 8.3.16 and the generation of a post upgrade consistency snapshot on unchanged source code, results may change - less invalid objects providing more accuracy.
A bug has been discovered which is causing the creation of CICS Maps objects as "unknown" and the same objects are created multiple times causing issues with link resolution. This bug has now been fixed therefore, as a result of this change, after an upgrade to CAST AIP ≥ 8.3.16 and the generation of a post upgrade consistency snapshot on unchanged source code, results may change - CICS Maps objects are handled correctly.