Release Notes - 2.3
2.3.5-funcrel
Resolved Issues
Customer Ticket Id | Details |
---|---|
48043 | Fixes an issue causing missing links between method/functions leading to missing Resource services objects. |
49756 | Fixes an issue causing missing links from JavaScript functions to JavaScript functions (through intermediate import). |
49523 | Fixes an issue causing a false negative for the rule 1020070: "Avoid hard-coded network resource names (Javascript) ". URLs are now taken into account. |
49608 | Fixes an issue causing an incorrect number of files to be considered for the step "match_aspx_to_vb_methods", in turn leading to missing links. |
50158 | Fixes an issue causing the analysis of JavaScript files to take a long time and eventually become "stuck". |
Other Updates
Details |
---|
Fixes an issue causing a false negative for XSS: onmouseover action (as a result, a new rule has also been introduced 1020110 "Avoid cross-site scripting within events such as onclick, onmouseover … events (razor))" |
Added support for Unirest (a HTTP client library). |
The filters.json file has been updated to ensure that the dotnet.js, dotnet.debug.js, dotnet_support.js and binding_support.js files are automatically skipped (these files are generated by Microsoft for the JavaScript interop layer used in the WebAssembly runtime and provide no added value in analysis results). |
An update has been implemented to create links from Tapestry ".tml" pages to the Java back-end (see the documentation). |
Libraries, tests, builds or minified files/folders must be skipped |
Create links from Tapestry .tml pages to Java back-end, using tapestry annotations in java classes |
Rules
Rule Id | New Rule | Details |
---|---|---|
1020110 | TRUE | Avoid cross-site scripting within events such as onclick, onmouseover … events (razor) |
1020070 | FALSE | Fixes an issue causing a false negative for the rule 1020070: "Avoid hard-coded network resource names (Javascript) ". URLs are now taken into account. |
2.3.4-funcrel
Resolved Issues
Customer Ticket Id | Details |
---|---|
48750 | Update description of rule "Avoid using Javascript Function constructor" (1020066) concerning security. |
49243 | Fixes a traceback message in the analysis log with Typescript extension: "AttributeError: 'str' object has no attribute 'get_name'". |
Other Updates
Details |
---|
Support for "got" (Human-friendly and powerful HTTP request library for Node.js) added. See documentation example . |
Fixes an issue causing "Resource service" objects to not be created when source is generated by "https://openapi-generator.tech". |
Enhance link resolution for "module.exports" syntax. |
The filters.json file has been updated to ensure that libraries, tests or minified/empty css files are automatically skipped. |
Rules
Rule Id | New Rule | Details |
---|---|---|
1020066 | FALSE | Description updated for the rule "Avoid using Javascript Function constructor". |
2.3.3-funcrel
Resolved Issues
Customer Ticket Id | Details |
---|---|
48750 | An update was made to the description section of the rule "Avoid using Javascript Function constructor" (1020066) concerning security and code injection.. |
48943 | Fixes an issue causing service objects using "react-io" to fail to be resolved. |
Other Updates
Details |
---|
An update to support inclusion of .js files in .jsp files when .js references are in parameters. |
An update to support "lodash/get" for link resolution. |
An update to support the analysis of the files "package-lock.json", "yarn.lock" and "npm-shrinkwrap.json" (see documentation ). |
An update to support "wretch" (see documentation ). |
Fixes an issue causing missing Razor method call objects. |
Fixes an issue causing a missing link between Razor Method call objects and .NET controller action objects. |
Fixes an issue causing missing Razor method call objects when ternary if expression is present. |
Fixes an issue causing the analysis to fail. |
Fixes an issue causing the analysis to run in an infinite loop. |
The filters.json file has been updated to ensure that libraries, tests or minified/empty css files are automatically skipped. |
Rules
Rule Id | New Rule | Details |
---|---|---|
1020066 | FALSE | Description update (see 48750 above). |
2.3.2-funcrel
Other Updates
Details |
---|
Fixes an error introduced in v. 2.3.1-funcrel: missing Razor method call object on "dynamodb" sample. |
2.3.1-funcrel
Resolved Issues
Customer Ticket Id | Details |
---|---|
48589 | Fixes an issue causing a missing link between WMCommonHeader.jsp file and included JSP files. |
Other Updates
Details |
---|
Fixes an issue causing missing links from .asp pages to database tables when the log message "HTML5-044 A problem occurred when parsing vbscript code" is present in the analysis log.. |
Fixes an issue where resource service objects computed from strings containing html code with "href=" inside are often not correct. |
Fixes an issue causing a missing vendor property for HTML5 SQL Query objects. |
Rules
Rule Id | New Rule | Details |
---|---|---|
1020082 | FALSE | Updates the rule "Avoid undocumented Functions" to change the scope to include methods and constructors as well as functions. |
2.3.0-funcrel
Resolved Issues
Customer Ticket Id | Details |
---|---|
48221 | Fixes an issue causing incorrect links to all JavaScript functions that have the same name, instead of the one referenced in the HTML5 header. |
New Support
Summary | Details |
---|---|
Support C/S links from ASP pages using ADODB COM component | See documentation: https://doc.castsoftware.com/technologies/web/html5-js/com.castsoftware.html5/2.3/notes/#support-for-adodb-in-aspaspx-files . |