Impacts of changes made in CAST AIP 8.3.23 on Quality Model results post upgrade

VisualBasic

2586 Utilization of "DoEvents" inside a loop has been disabled

The VisualBasic rule 2586 Utilization of "DoEvents" inside a loop has been disabled out of the box in this release of CAST AIP. This means that:

• The rule is still listed in the Assessment Model so that results for previous snapshots can be viewed in the CAST dashboards
• The rule has been renamed and "DELETED" has been added as a prefix
• The rule will no longer be triggered in any new snapshots taken with 8.3.23 or above therefore changes in grades/overall numbers of violations may change
• The rule will no longer contribute to any parent Technical Criteria

Other impacts of changes made in CAST AIP 8.3.23

JEE

Change to support of org.springframework.jdbc for User Input Security

In previous releases of CAST AIP, support of the API org.springframework.jdbc for the User Input Security feature relied on automatic blackboxing. In CAST AIP ≥ 8.3.23, this has now changed and static rules will be used instead. As a result of these changes, some impact to existing results is to be expected when re-analyzing existing source code with the User Input Security feature: additional positive violations of related rules are likely, therefore changing grades but providing improved accuracy.

Miscellenous

Variations in the number of violations between two consecutive snapshots with the same source code

A bug has been fixed which was causing varying numbers of violations to be displayed for certain User Input Security related rules between two consecutive snapshots of the same application with unchanged source code. This was due to a bug causing different paths to be calculated for a given entrypoint. As a results of this fix, some impact to existing results is to be expected when re-analyzing existing source code with the User Input Security feature: number of violations may change again, but will be stable in future snapshots.