Release Notes - 2.1

2.1.10-funcrel

New Support

Summary Details
Support of com.android.volley Added support for com.android.volley - see the documentation.

2.1.9-funcrel

Other Updates

Details
Fixes an issue causing Android UI XML files to be duplicated with Android Kotlin UI XML files.

2.1.8-funcrel

Other Updates

Details
Add handlers for "setPositiveButton" method calls.
Fixes an issue causing a traceback error in the analysis log: "TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'".
Fixes an issue causing a traceback error in the analysis log: "AttributeError : 'VariableDeclaration' object has no attribute 'get_parameters'".
Removed multiple (and not useful) occurrences of the log message: "[com.castsoftware.android] No Android project found for method".
Improvements to and standardization of end-user messages.
Fixes various traceback errors in the analysis log.

2.1.7-funcrel

Other Updates

Details
Android is not Linux compliant.

2.1.6-funcrel

Other Updates

Details
Traceback errors in log for eWallet analysis.

2.1.5-funcrel

Resolved Issues

Customer Ticket Id Details
32193 Analysis warnings: [com.castsoftware.android] Internal Error (with Traceback).
32275 Android analysis warning: Extension com.castsoftware.android has encountered an issue.

2.1.4-funcrel

Resolved Issues

Customer Ticket Id Details
28853 Update android jar file shipped with extension
29803 Missing link between Android application and onCreate Kotlin method

2.1.3-funcrel

Resolved Issues

Customer Ticket Id Details
29189 Android Warning: Extension com.castsoftware.android has encountered an issue

2.1.2-funcrel

Resolved Issues

Customer Ticket Id Details
27441 Extension com.castsoftware.android has encountered an issue: AttributeError: 'str' object has no attribute 'get_begin_line'

2.1.1-funcrel

Other Updates

Details
Android Extension is executed and launched during analysis where it should not be

2.1.0-funcrel

Note

This release of the extension contains a large number of rule related improvements, which will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented.

Rules

Rule Id New Rule Details
1024012 FALSE Avoid setting android:grantUriPermissions as True (updated criticity)
1024018 FALSE Always provide a permission to secure Activities (updated weight and thresholds)
1024022 FALSE Media Resources should be released (updated criticity)
1024026 FALSE Avoid using MODE_WORLD_READABLE and MODE_WORLD_WRITEABLE (updated criticity)
1024006 FALSE Limit the accessibility of your app's Content Provider (update thresholds)
1024008 FALSE Always use onActivityResult to pass the login results when using Facebook SDK (updated thresholds)
1024010 FALSE Apply signature-based permissions (updated thresholds)
1024014 FALSE A permission is required for securing Receivers (update thresholds)
1024016 FALSE A permission is required for securing Services (updated thresholds)
1024020 FALSE Avoid using implicit intent (update thresholds)
1024028 FALSE Avoid using "Android Protected Confirmation" without User Confirmation (updated thresholds)
1024030 FALSE Avoid using FingerprintManager as biometric API (updated thresholds)
1024032 FALSE Always manage the BiometricPrompt onAuthenticationFailed method (updated thresholds)
1024034 FALSE Always check all the BiometricPrompt error options in the onAuthenticationError method (updated thresholds)
1024036 FALSE Always check all the BiometricPrompt acquired options in the onAuthenticationSucceeded method (updated thresholds)
1024040 FALSE Always activate unlockedDeviceRequired to avoid data decryption when device is unlocked (updated thresholds)
1024042 FALSE Avoid using weak encryption algorithm (Android) (updated thresholds)
1024044 FALSE Always check the device supports Biometric capability before using BiometricPrompt API (updated thresholds)

New Support

Summary Details
Support of androidx.room library for Kotlin. See documentation
Support of android.app.Application and com.ad4screen.sdk.A4SApplication for Java and Kotlin. See documentation