The global variable "$argv" was added as a source for taint analysis.
Report from Psalm is now stored a LISA sub-directory named "third_party_reports". The detailed results of Psalm no longer appear in standard CAST analysis logs.
Rules
Rule Id
New Rule
Details
1034060
TRUE
Avoid uncontrolled import into the current symbol table (PHP)
1034062
TRUE
Avoid creating cookie without setting httpOnly option (PHP)
1034064
TRUE
Ensure httpOnly option is enabled when creating session (PHP)
1034002
FALSE
Added $argv and $_FILES as taint sources for rule "Avoid cookie injection (PHP)"
1034004
FALSE
Added $argv and $_FILES as taint sources for rule "Avoid LDAP injection (PHP)"
1034006
FALSE
Added $argv and $_FILES as taint sources for rule "Avoid OS command injection (PHP)"
1034008
FALSE
Added $argv and $_FILES as taint sources for rule "Avoid PHP Remote File Inclusion"
1034010
FALSE
Added $argv and $_FILES as taint sources for rule "Avoid code injection (PHP)"
1034012
FALSE
Added $argv and $_FILES as taint sources for rule "Avoid reflection injection (PHP)"
1034014
FALSE
Added $argv and $_FILES as taint sources for rule "Avoid file path manipulation (PHP)"
1034016
FALSE
Added $argv and $_FILES as taint sources for rule "Avoid reflected cross-site scripting (non persistent) (PHP)"
1034018
FALSE
Added $argv and $_FILES as taint sources for rule "Avoid deserialization injection (PHP)"
1034020
FALSE
Added $argv and $_FILES as taint sources for rule "Avoid HTTP header injection (PHP)"
1034022
FALSE
Added $argv an $_FILES as taint sources for rule "Avoid server-side request forgery (PHP)"
1034050
FALSE
Added $argv an $_FILES as taint sources for rule "Avoid XPath injection (PHP)"
1034058
FALSE
Added $argv an $_FILES as taint sources for rule "Avoid uncontrolled sleep calls (PHP)"