Release Notes - 2.3
2.3.9-funcrel
Fixes/Bugs
| Customer Ticket Id | Customer Details |
|---|---|
| Fixes missing include links from .cshtml files to .js files when the .js files are contained in a "wwwroot" sub folder. | |
| Repairs the url of an Ajax call present in a .js file when the url is defined through a variable initialized in a .cshtml file. | |
| Fixes missing link between two .razor files when the link is in a "href" attribute. | |
| Fixes missing link between two aspx files when the first one points to the second one through a local server URL. | |
| Fixes missing Razor Method Call objects when several identical calls are present in the same file. |
New Support
| Customer Ticket Id | Customer Details |
|---|---|
| Adds support of "Html.Kendo().Upload().Async(…)": links are now created to corresponding dotnet controller actions through Razor method call objects | |
| Adds support of .ascx files | |
| Adds support of "fetch", "create", "save", "destroy" calls in Backbone.js context for the creation of http resource services. | |
| Adds support of "Backbone.sync" in http resource service creation. |
Enhancement/Improvements
| Customer Ticket Id | Customer Details |
|---|---|
| Adds a link from a .cshtml file created by dotnet analyzer to the .cshtml file content created by html5 one. | |
| Improves security by removing some vulnerable documentation files. | |
| Improves resolution when "Object.defineProperties" is used. | |
| Improves performance by skipping some libraries or build folders via the filters.json file. | |
| Refines names of anonymous functions defined with an arrow: they have now a more explicit name than NONAME. |
Performance
| Customer Ticket Id | Customer Details |
|---|---|
| Optimizes html files resolution by skipping files when they are supposed very near by their names (my_file.html and myfile–tablet.html, my_file–phone.html: only the first one is analyzed). |
2.3.8-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 52019 | Fixes an issue causing missing HTML5 http requests services (found through specific "fetch" client function) - this is a regression since 2.1.18. |
Other Updates
| Details |
|---|
| Integrate handling of 'request-promise', 'request-promise-any', 'request-promise-native' in HTML5 instead of nodejs. |
| The filters.json file has been updated to ensure that various external libraries are now automatically skipped during the analysis. |
| A minor change to modify the description and name of the "HTML5 External Library" object. |
| Fixes an issue causing links from .vue, .html… files to not be present for code inside "pug" sections. |
2.3.7-funcrel
Other Updates
| Details |
|---|
| The filters.json file has been updated to ensure that various external libraries are now automatically skipped during the analysis. |
| Fixes an issue causing problems with .html, .jsp files: analysis of these file types sometimes results in an incorrect Lines of Code count. |
| A minor update to ensure the "async" keyword is part of the method "ast" method. |
| Added support of JavaScript decorators during JavaScript parsing (a technical update to facilitate future changes). |
| Fixes a traceback error in the analysis log: "AttributeError: 'list' object has no attribute 'get_global_class'". |
| Fixes an issue causing some call links to callback objects to be missing when several calls are present. |
| Fixes an issue causing some call links to be missing due to file analysis order. |
New Support
| Summary | Details |
|---|---|
| Support JSTL sql tag | Added support for client/server calls from JSP to Database, see Notes. |
| Blazor support (.razor files) | Added support for the analysis of .razor files. |
2.3.6-funcrel
Other Updates
| Details |
|---|
| .vm files without html tags are not well parsed. |
| Some call links are missing due to file analysis order |
| Only one http request must be created when there are 2 calls of a function with the same url parameter. |
| Bad http requests are created in some cases due to a problem with evaluation |
| Missing links from Tapestry .tml files to Java back-end when tml files are not in the recommended directory |
| Bad resolutions are present from some variables named "this.something" to variables with same name "this.something" in another file which has nothing to do with the first one |
| Include links between SCSS source code objects are no more present when using CAST AIP 8.4.1 |
2.3.5-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 50158 | Fixes an issue causing the analysis of JavaScript files to take a long time and eventually become "stuck". |
| 49608 | Fixes an issue causing an incorrect number of files to be considered for the step "match_aspx_to_vb_methods", in turn leading to missing links. |
| 49523 | Fixes an issue causing a false negative for the rule 1020070: "Avoid hard-coded network resource names (Javascript) ". URLs are now taken into account. |
| 49756 | Fixes an issue causing missing links from JavaScript functions to JavaScript functions (through intermediate import). |
| 48043 | Fixes an issue causing missing links between method/functions leading to missing Resource services objects. |
Other Updates
| Details |
|---|
| Create links from Tapestry .tml pages to Java back-end, using tapestry annotations in java classes |
| Libraries, tests, builds or minified files/folders must be skipped |
| An update has been implemented to create links from Tapestry ".tml" pages to the Java back-end (see the documentation). |
| The filters.json file has been updated to ensure that the dotnet.js, dotnet.debug.js, dotnet_support.js and binding_support.js files are automatically skipped (these files are generated by Microsoft for the JavaScript interop layer used in the WebAssembly runtime and provide no added value in analysis results). |
| Added support for Unirest (a HTTP client library). |
| Fixes an issue causing a false negative for XSS: onmouseover action (as a result, a new rule has also been introduced 1020110 "Avoid cross-site scripting within events such as onclick, onmouseover … events (razor))" |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1020070 | FALSE | Fixes an issue causing a false negative for the rule 1020070: "Avoid hard-coded network resource names (Javascript) ". URLs are now taken into account. |
| 1020110 | TRUE | Avoid cross-site scripting within events such as onclick, onmouseover … events (razor) |
2.3.4-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 49243 | Fixes a traceback message in the analysis log with Typescript extension: "AttributeError: 'str' object has no attribute 'get_name'". |
| 48750 | Update description of rule "Avoid using Javascript Function constructor" (1020066) concerning security. |
Other Updates
| Details |
|---|
| The filters.json file has been updated to ensure that libraries, tests or minified/empty css files are automatically skipped. |
| Enhance link resolution for "module.exports" syntax. |
| Fixes an issue causing "Resource service" objects to not be created when source is generated by "https://openapi-generator.tech". |
| Support for "got" (Human-friendly and powerful HTTP request library for Node.js) added. See documentation example . |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1020066 | FALSE | Description updated for the rule "Avoid using Javascript Function constructor". |
2.3.3-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 48943 | Fixes an issue causing service objects using "react-io" to fail to be resolved. |
| 48750 | An update was made to the description section of the rule "Avoid using Javascript Function constructor" (1020066) concerning security and code injection.. |
Other Updates
| Details |
|---|
| The filters.json file has been updated to ensure that libraries, tests or minified/empty css files are automatically skipped. |
| Fixes an issue causing the analysis to run in an infinite loop. |
| Fixes an issue causing the analysis to fail. |
| Fixes an issue causing missing Razor method call objects when ternary if expression is present. |
| Fixes an issue causing a missing link between Razor Method call objects and .NET controller action objects. |
| Fixes an issue causing missing Razor method call objects. |
| An update to support "wretch" (see documentation ). |
| An update to support the analysis of the files "package-lock.json", "yarn.lock" and "npm-shrinkwrap.json" (see documentation ). |
| An update to support "lodash/get" for link resolution. |
| An update to support inclusion of .js files in .jsp files when .js references are in parameters. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1020066 | FALSE | Description update (see 48750 above). |
2.3.2-funcrel
Other Updates
| Details |
|---|
| Fixes an error introduced in v. 2.3.1-funcrel: missing Razor method call object on "dynamodb" sample. |
2.3.1-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 48589 | Fixes an issue causing a missing link between WMCommonHeader.jsp file and included JSP files. |
Other Updates
| Details |
|---|
| Fixes an issue causing a missing vendor property for HTML5 SQL Query objects. |
| Fixes an issue where resource service objects computed from strings containing html code with "href=" inside are often not correct. |
| Fixes an issue causing missing links from .asp pages to database tables when the log message "HTML5-044 A problem occurred when parsing vbscript code" is present in the analysis log.. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1020082 | FALSE | Updates the rule "Avoid undocumented Functions" to change the scope to include methods and constructors as well as functions. |
2.3.0-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 48221 | Fixes an issue causing incorrect links to all JavaScript functions that have the same name, instead of the one referenced in the HTML5 header. |
New Support
| Summary | Details |
|---|---|
| Support C/S links from ASP pages using ADODB COM component | See documentation: https://doc.castsoftware.com/technologies/web/html5-js/com.castsoftware.html5/2.3/notes/#support-for-adodb-in-aspaspx-files . |