Release Notes - 1.0
1.0.14-funcrel
Note
This release embeds Highlight Agent version 5.10.0-RELEASE.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 54797 | Fixes case inconsistencies between paths generated by Highlight automation tools and paths generated by CAST analyzers. This issue led to missing CloudReady and Green violations. |
Other Updates
| Details |
|---|
| Fixes a bug where imports to the Highlight server were failing due to incompatibility between the Highlight Agent and the Highlight server in cloud environment only. |
1.0.13-funcrel
Note
Contains Highlight Agent 5.10.1-RELEASE
Other Updates
| Details |
|---|
| Changes in highlight2mri extension for license details |
| Error while saving cloudready property "Use_SecuredProtocolsLib" due to wrong URL generated in CSV file |
| When multiple Java versions are installed, the extension sometimes chooses the wrong one, resulting in failure with the following message : "Java runtime found but Highlight Analyzer requires at least Java JRE 11 or newer…" |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1200349 | TRUE | Using Docker in Cloud-based build specifications |
| 1200351 | TRUE | Using a Cloud-based build specification |
| 1200352 | TRUE | Using Docker Tags and Versions |
| 1200353 | TRUE | Avoid Space Before Equal in Dockerfile |
| 1200357 | TRUE | Use Docker labels and metadata |
| 1200358 | TRUE | Using Docker Named Multi Stage builds |
| 1200364 | TRUE | Avoid Docker apt upgrade command |
| 1200365 | TRUE | Avoid Consecutive RUN Instructions in Dockerfile |
| 1200366 | TRUE | Avoid lowercase instructions in Dockerfile |
| 1200024 | FALSE | Updated description to : "Using log to file system" |
| 1200029 | FALSE | Updated description to : "Using hardcoded network IP address" |
| 1200042 | FALSE | Updated description to : "Use of unsecured network protocols or URI libraries" |
| 1200052 | FALSE | Updated description to: "Using stateful session (i.e. Socket / Servlet)" |
| 1200064 | FALSE | Updated description to: "Use of Windows Authentication" |
| 1200067 | FALSE | Rule is now deprecated |
| 1200096 | FALSE | Updated description to: "Using a Cloud-based data analysis services" |
| 1200127 | FALSE | Updated description to: "Avoid OPEN/CLOSE inside loops" |
| 1200128 | FALSE | Updated description to: "Avoid Using Wildcard Characters to Start Search Criteria" |
| 1200129 | FALSE | Updated description to: "Avoid Cursors inside a loop" |
| 1200130 | FALSE | Updated description to: "Avoid using "SELECT DISTINCT"" |
| 1200131 | FALSE | Updated description to: "Avoid "SELECT *" queries" |
| 1200132 | FALSE | Updated name to: "Green_NotOperatorInWhereClause" and description to: "Avoid using the NOT operator in WHERE clauses" |
| 1200133 | FALSE | Updated description to: "Avoid Artifacts with queries on too many Tables and/or Views" |
| 1200134 | FALSE | Updated description to: "Avoid queries without WHERE condition" |
| 1200135 | FALSE | Updated description to: "Avoid SQL queries using functions in the WHERE clause" |
| 1200136 | FALSE | Updated name to: "Green_ConcatInLoop" |
| 1200141 | FALSE | Updated name to: "Green_EndLoopTest" and description to: "Avoid calling a function in a loop condition" |
| 1200143 | FALSE | Updated name to: "Green_RiskyFunctionCalls" |
| 1200144 | FALSE | Updated description to: "Avoid query in a loop" |
| 1200145 | FALSE | Updated description to: "Avoid Tables without Primary Key' |
| 1200205 | FALSE | Updated description to: "Avoid empty catch blocks" |
| 1200122 | FALSE | Using a Cloud-based cache in-memory database (Memcached) |
| 1200078 | FALSE | Using Cloud Memorystore for Redis fully managed in-memory data store service |
| 1200178 | TRUE | Ensure NVL function is not used |
| 1200372 | TRUE | Using in-memory caching libraries |
| 1200373 | TRUE | Using CORBA (Common Object Request Broker Architecture) |
| 1200374 | TRUE | Using JAX-RPC technology |
| 1200375 | TRUE | Using JCA (Java Connector Architecture) |
| 1200376 | TRUE | Using JNA (Java Native Access) and JNI (Java Native Interface) |
| 1200377 | TRUE | Using Java RMI (Remote Method Invocation) |
| 1200378 | TRUE | Use of deprecated SQL server database service dependency |
| 1200379 | TRUE | Using Application Request Routing (IIS) |
| 1200380 | TRUE | Using ISAPI filters (IIS) |
| 1200381 | TRUE | Using modified HTTP logging (IIS) |
| 1200382 | TRUE | Using unsupported protocol in bindings (IIS) |
| 1200383 | TRUE | Using more than one application pool (IIS) |
| 1200384 | TRUE | Windows profile API usage detected |
| 1200385 | TRUE | Using Windows Native API |
| 1200386 | TRUE | Using Windows Management Instrumentation (WMI) |
| 1200387 | TRUE | Using Crystal Report reporting tool |
| 1200388 | TRUE | Using Named Pipes Communication |
| 1200389 | TRUE | Using dynamic assembly |
| 1200390 | TRUE | Using message queue system |
| 1200391 | TRUE | Using deprecated hashing algorithms |
| 1200392 | TRUE | Use # for single and multi-line comments |
| 1200393 | TRUE | Use nouns for resource names and do not include the type in the name |
| 1200394 | TRUE | Declaring a variable without description |
| 1200395 | TRUE | Declaring a variable without type |
| 1200396 | TRUE | Declaring an output block without description |
| 1200397 | TRUE | Using a bad indentation |
| 1200398 | TRUE | Indentation style is not two spaces |
| 1200399 | TRUE | The equal sign of an argument is not aligned with that of the previous argument |
| 1200400 | TRUE | Declaring an argument after a block |
| 1200401 | TRUE | Missing Blank line between meta-argument et argument |
| 1200402 | TRUE | Using dot syntax instead of bracket syntax to access a list |
| 1200403 | TRUE | Interpolation is the only content of a string |
| 1200404 | TRUE | Lookup() fonction has only two arguments |
| 1200405 | TRUE | Using comparison to empty bracket ( ==[] ) |
| 1200406 | TRUE | Using a duplicated key inside a map |
| 1200407 | TRUE | Using GIT or Mercurial repository not pinned to a version |
| 1200408 | TRUE | Missing argument version in a module block |
| 1200409 | TRUE | Missing version constraint in "required_providers" for a provider |
| 1200410 | TRUE | Missing 'required_version' for terraform block |
| 1200411 | TRUE | A variable or output block in not placed in variable.tf or output.tf file |
| 1200412 | TRUE | Declaring a variable or data without using it |
| 1200413 | TRUE | Declaring a provider without using it in the module |
| 1200414 | TRUE | 'count' or 'for_each' arguments not placed in first position in the block |
| 1200415 | TRUE | 'count/for_each' using expression in "then" or "else" clause |
| 1200416 | TRUE | Wrap the resource type and name in double quotes in your resource definition |
| 1200417 | TRUE | Declaration order in a variable do not comply with : description, type, default, validation |
| 1200418 | TRUE | Using element(concat(…)…) instead of try(…) |
| 1200419 | TRUE | A block variable, output, data or resource is not preceded by a comment |
| 1200420 | TRUE | A bloc is commented out |
| 1200241 | TRUE | Using nested dynamic blocks |
| 1200116 | FALSE | Updated description to "Using Azure SQL database service" |
New Support
| Summary | Details |
|---|---|
| The extension now provides licensing information for third-party components | Licensing details include license name, compliance, and link to license documentation. |
1.0.12-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 51204 | Resolves an issue where incorrect handling of mapped network drives prevented analysis results for CloudReady and Green assessments. |
Other Updates
| Details |
|---|
| Resolves an issue where HL analysis stalls in restricted internet access environments due to repeated attempts to load DTDs referenced in XML files. |
1.0.11-funcrel
Other Updates
| Details |
|---|
| Fixes an issue causing the extension to fail if an old version of "Highlight Code Reader" is installed on the same machine. |
| Fixes an issue where application names containing blank spaces generate an erroneous output folder. |
| Fixes an issue specific to Linux deployments (CAST Imaging v3) where the extension is not able to see the JRE embedded in the CAST Imaging Core install folder within the container.. |
| Fixes an issue causing the incorrect release date to be displayed for third-party components. |
1.0.10-funcrel
Note
The Perl runtime (required by the extension) is no longer embedded and shipped with the com.castsoftware.highlight2mri, therefore significantly reducing the overall extension size. The Perl runtime is now delivered in a newly created extension called com.castsoftware.perl.runtime and as a result the com.castsoftware.highlight2mri extension now has a new dependency to com.castsoftware.perl.runtime.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 49741 | Fixes an issue where Highlight data was not visible in CAST Imaging due to warnings encountered during the com.castsoftware.highlight2mri analysis while processing "green ready" data. |
| 50567 | Fixes an issue where the wrong local file path location was indicated within Highlight for OSS Third-Party vulnerabilities. |
Other Updates
| Details |
|---|
| Fixes an issue where the Highlight analysis was not correctly running in a Linux environment. |
| Removed Perl runtime from the extension and created a new dedicated extension com.castsoftware.perl.runtime (and a dependency to it). |
| Added Highlight options "–mavenRepository" and "–includeAllDependencies" in order to improve third-party discovery. |
| Fixes an issue where CloudReady results were inconsistent from one run to another. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1200025 | FALSE | Using file system |
| 1200007 | FALSE | Perform File Manipulation |
| 1200006 | FALSE | Perform Directory Manipulation |
| 1200242 | TRUE | Detect Docker files in application |
New Support
| Summary | Details |
|---|---|
| Extension now working in Linux environments | The extension has been tested on Rocky Linux. |
| Violation bookmarks now specify file, start column and end column | Specifying the object is not enough, as an object may have several source files. The source file is now specified. Moreover bookmarks are now more accurate as we specify the start column and end column. |
1.0.9-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 48470 | Fixes an issue that occurs when handling long paths leading to missing results. |
New Support
| Summary | Details |
|---|---|
| Support for Green Deficiencies | Green Deficiencies rules are now supported by the extension. |
1.0.8-funcrel
Note
This release contains one update to fix an issue with the 1.0.7-funcrel which has been withdrawn. All fixes and updates included in 1.0.7-funcrel are also included in 1.0.8-funcrel.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 47684 | Provides a fix for the issue identified in 1.0.7-funcrel that is preventing the extension from running when called during an analysis. |
| 47666 | Provides a fix for the issue identified in 1.0.7-funcrel that is preventing the extension from running when called during an analysis. |
1.0.7-funcrel
Note
This extension has been withdrawn and is no longer available. All fixes and updates included in 1.0.7-funcrel are also available in 1.0.8-funcrel.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 46635 | An update has been implemented to ensure the extension function correctly with regard to changes made to the Console proxy configuration. |
| 47273 | Fixes an issue where multiple apps are using same TEMP folder for result storage causing analysis failure. |
Other Updates
| Details |
|---|
| A change has been introduced to ensure that minified JS files (the generated CSV exceeds max column length), and the vendor folder (as it is not part of the application) are excluded from the analysis. |
New Support
| Summary | Details |
|---|---|
| Connection to Highlight through a Proxy Server with or without authentication (Console v2.11.6 or higher required) | It is now possible to connect to Highlight through a proxy server. The proxy connection data (host, port, possibly user and password) should be set in Console (v2.11.6 or higher required). |
1.0.6-funcrel
Note
This is the first version compatible with Imaging Cloud.The extension can be used in both Cloud and non-Cloud contexts.
Other Updates
| Details |
|---|
| Improved support for long paths: folders that are not relevant to the Highlight analysis, such as the "node_modules" folder created by the Node.js framework, are no longer copied to the working folder. |
| Fixes a regression introduced in 1.0.5-funcrel where some rule violations for SQL objects were missing. |
New Support
| Summary | Details |
|---|---|
| Imaging Cloud compatibility | First release that is compatible with CAST Imaging Cloud. |
1.0.5-funcrel
Note
Contains Highlight Agent 5.5.25-RELEASE
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 46375 | Fixes the message "RuntimeError: Property was not declared as handled for that type " by ensuring that the category "metric" (1041) now inherits from the category "CloudReady_Metrics". |
| 45586 | Fixes an issue causing the extension to crash with the message "RuntimeError: Analysis ran with errors" caused by the CLI hanging with dbgMatchPatternDetail flag. Fixed by including 5.5.25-RELEASE version of the Highlight agent. |
| 43990 | Provides a circumvention of the long path issue. See the section "New Support" below for more details. |
Other Updates
| Details |
|---|
| Due to a change in the documentation URLs for CloudReady patterns, the method for processing links to this documentation has been updated. |
| Provides a circumvention of the long path issue. See the section "New Support" below for more details. |
| Fixes an issue causing the message "[INFO] [ERR4] HighlightAutomation". Fixed by including 5.5.25-RELEASE version of the Highlight agent. |
New Support
| Summary | Details |
|---|---|
| Support of files with long paths | If long paths are spotted in the source code, and if enough disk space is available, the extension will copy the source to a tmp folder, then assign new short names to subfolders, and keep a map between new short paths and original paths. |
1.0.4-funcrel
Note
Contains the Highlight Agent 5.4.91 and replaces the previous 1.0.3-funcrel release that has been withdrawn.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 42150 | Fixes an issue causing an API error on GET: "HTTP Error 400: highlight.server.client.campaignApplication.update.NoAnalysis". |
Other Updates
| Details |
|---|
| Fixes an issue causing the log warning message "RuntimeError: Analysis ran with errors". |
| Fixes an issue causing the log warning message "RuntimeError: Analysis ran with errors" and causing the HLAutomation.log to not be created. |
New Support
| Summary | Details |
|---|---|
| Additional data for Third Party Component feature in CAST Imaging | Added "Safer Closest Version" and "Safest Version" - see also: https://doc.castsoftware.com/display/IMAGING/User+Guide+-+GUI+-+Welcome+Page+-+Modernizing+Applications . |
1.0.3-funcrel
Note
This extension has been withdrawn.
1.0.2-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 40661 | An update has been implemented to ensure that the log file contains information about which Java JRE the extension is using. |
| 41248 | Fixes an issue causing a warning entry in the analysis log: "No CloudReady patterns found for Mainframe". This fix ensures that Mainframe related technologies are now supported correctly. |
New Support
| Summary | Details |
|---|---|
| CloudReady support for Mainframe technologies | Added bookmarks for CloudReady blockers/boosters for Mainframe technologies. |
1.0.1-funcrel
Note
This release fixes a breaking change added to the Highlight Agent when introducing Green IT. As a result, a new Highlight Agent (5.4.64) is provided in this release.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 40076 | Fixes an issue causing the Highlight to MRI extension to fail to load data into CAST Highlight with the error "Highlight API Error on GET". |
1.0.0-funcrel
Other Updates
| Details |
|---|
| Update hardcoded links to Highlight documentation. |
| Fixes an issue where the analysis of source code containing a folder called "node_modules" takes too much time. This folder is now excluded. |
1.0.0-beta1
Note
Please note that Highlight Agent requires at least Java 11 runtime in system path. Java 8 runtime is no longer supported by Highlight Agent.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 38281 | Fixes an issue where it is not possible to find highlight tags after importing application into CAST Imaging. |
Other Updates
| Details |
|---|
| The Highlight Agent has been updated from 5.4.29 to 5.4.43. |
| The error message to explain that the extension requires a minimum release of Java 11 has been updated and clarified. In previous releases of the extension, using an older release of Java caused an error with an unclear message in the log. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1200124 | TRUE | New CloudReady pattern definition: "Use of Active Directory / LDAP authentication is not fully compatible with cloud providers (AWS, Azure…)". |
1.0.0-alpha4
Note
Please note that Highlight Agent version 5.4.29 requires at least Java 11 runtime in system path. Java 8 runtime is no longer supported by Highlight Agent.
Other Updates
| Details |
|---|
| Update Highlight Agent from 5.3.76 to 5.4.29. |
New Support
| Summary | Details |
|---|---|
| Added additional CloudReady patterns | CloudReady patterns for Google Cloud Platform have been added. |
1.0.0-alpha3
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 35420 | Fixed an issue where a warning error was seen in the log during the analysis "IndexError: list index out of range". |
Other Updates
| Details |
|---|
| Fixed an issue causing a crash when long paths are involved. As part of the fix, the extension calls the Highlight agent only on source code and no longer on Maven/Nuget/.NET assembly folders (which often contain long paths). |
1.0.0-alpha2
Other Updates
| Details |
|---|
| Fixed an issue where the following error is displayed: "plugin has encountered the following error : IndexError: list index out of range while running com.castsoftware.highlight2mri.1.0.0-alpha1". |
1.0.0-alpha1
Note
This is the first release of this extension.