Release Notes - 1.1
1.1.4-funcrel
Resolved Issues
Customer Ticket Id | Details |
---|---|
34949 | Fixed rule (1060022) description. |
1.1.3-funcrel
Resolved Issues
Customer Ticket Id | Details |
---|---|
34435 | Fixes a false positive violation of the rule: 1060114 - Always enable authorization checks at function level for functions called on by APIs. |
Rules
Rule Id | New Rule | Details |
---|---|---|
1060114 | FALSE | False positive for the rule: Always enable authorization checks at function level for functions called on by APIs |
1060110 | FALSE | deprecate : Avoid filtering sensitive data using front-end |
1060108 | FALSE | deprecate : Avoid data fields binded to columns to return sensitive data via APIs |
1060106 | FALSE | deprecate: Avoid using generic methods such as ‘ToJson’ or ‘ToString’ to save sensitive or PII data |
1060104 | FALSE | deprecate : Always review APIs returning sensitive data fields |
1060116 | FALSE | deprecate : Always avoid http redirects to unknown or untrusted URLs |
1.1.2-funcrel
New Support
Summary | Details |
---|---|
Support installation of extension under Linux OS | Fix some path incompatibilities when installing extension under Linux. |
1.1.1-funcrel
Resolved Issues
Customer Ticket Id | Details |
---|---|
31662 | Spring Security scope added to the rule Always enable authorization checks at function level for functions called on by APIs |
31554 | Spring Security scope added to the rule Always enable authorization checks at function level for functions called on by APIs |
30366 | Spring Security scope added to the rule Always enable authorization checks at function level for functions called on by APIs |
Rules
Rule Id | New Rule | Details |
---|---|---|
1060114 | FALSE | “Always enable authorization checks at function level for functions called on by APIs” - false positives removed and scope changed to add “Spring Security”. |
1.1.0-funcrel
Rules
Rule Id | New Rule | Details |
---|---|---|
1060116 | TRUE | Always avoid http redirects to unknown or untrusted URLs |
1060114 | TRUE | Always enable authorization checks at function level for functions called on by APIs |
1060112 | TRUE | Review APIs not accessed by frontend functions |
1060110 | TRUE | Avoid filtering sensitive data using front-end |
1060108 | TRUE | Avoid data fields binded to columns to return sensitive data via APIs |
1060106 | TRUE | Avoid using generic methods such as ‘ToJson’ or ‘ToString’ to save sensitive or PII data |
1060104 | TRUE | Review APIs returning sensitive data fields |