Release Notes - 1.1

1.1.4-funcrel

Resolved Issues

Customer Ticket Id Details
34949 Fixed rule (1060022) description.

1.1.3-funcrel

Resolved Issues

Customer Ticket Id Details
34435 Fixes a false positive violation of the rule: 1060114 - Always enable authorization checks at function level for functions called on by APIs.

Rules

Rule Id New Rule Details
1060114 FALSE False positive for the rule: Always enable authorization checks at function level for functions called on by APIs
1060110 FALSE deprecate : Avoid filtering sensitive data using front-end
1060108 FALSE deprecate : Avoid data fields binded to columns to return sensitive data via APIs
1060106 FALSE deprecate: Avoid using generic methods such as ‘ToJson’ or ‘ToString’ to save sensitive or PII data
1060104 FALSE deprecate : Always review APIs returning sensitive data fields
1060116 FALSE deprecate : Always avoid http redirects to unknown or untrusted URLs

1.1.2-funcrel

New Support

Summary Details
Support installation of extension under Linux OS Fix some path incompatibilities when installing extension under Linux.

1.1.1-funcrel

Resolved Issues

Customer Ticket Id Details
31662 Spring Security scope added to the rule Always enable authorization checks at function level for functions called on by APIs
31554 Spring Security scope added to the rule Always enable authorization checks at function level for functions called on by APIs
30366 Spring Security scope added to the rule Always enable authorization checks at function level for functions called on by APIs

Rules

Rule Id New Rule Details
1060114 FALSE “Always enable authorization checks at function level for functions called on by APIs” - false positives removed and scope changed to add “Spring Security”.

1.1.0-funcrel

Rules

Rule Id New Rule Details
1060116 TRUE Always avoid http redirects to unknown or untrusted URLs
1060114 TRUE Always enable authorization checks at function level for functions called on by APIs
1060112 TRUE Review APIs not accessed by frontend functions
1060110 TRUE Avoid filtering sensitive data using front-end
1060108 TRUE Avoid data fields binded to columns to return sensitive data via APIs
1060106 TRUE Avoid using generic methods such as ‘ToJson’ or ‘ToString’ to save sensitive or PII data
1060104 TRUE Review APIs returning sensitive data fields