Release Notes - 2.3

2.3.5-funcrel

Resolved Issues

Customer Ticket Id Details
48043 Fixes an issue causing missing links between method/functions leading to missing Resource services objects.
49756 Fixes an issue causing missing links from JavaScript functions to JavaScript functions (through intermediate import).
49523 Fixes an issue causing a false negative for the rule 1020070: "Avoid hard-coded network resource names (Javascript) ". URLs are now taken into account.
49608 Fixes an issue causing an incorrect number of files to be considered for the step "match_aspx_to_vb_methods", in turn leading to missing links.
50158 Fixes an issue causing the analysis of JavaScript files to take a long time and eventually become "stuck".

Other Updates

Details
Fixes an issue causing a false negative for XSS: onmouseover action (as a result, a new rule has also been introduced 1020110 "Avoid cross-site scripting within events such as onclick, onmouseover … events (razor))"
Added support for Unirest (a HTTP client library).
The filters.json file has been updated to ensure that the dotnet.js, dotnet.debug.js, dotnet_support.js and binding_support.js files are automatically skipped (these files are generated by Microsoft for the JavaScript interop layer used in the WebAssembly runtime and provide no added value in analysis results).
An update has been implemented to create links from Tapestry ".tml" pages to the Java back-end (see the documentation).
Libraries, tests, builds or minified files/folders must be skipped
Create links from Tapestry .tml pages to Java back-end, using tapestry annotations in java classes

Rules

Rule Id New Rule Details
1020110 TRUE Avoid cross-site scripting within events such as onclick, onmouseover … events (razor)
1020070 FALSE Fixes an issue causing a false negative for the rule 1020070: "Avoid hard-coded network resource names (Javascript) ". URLs are now taken into account.

2.3.4-funcrel

Resolved Issues

Customer Ticket Id Details
48750 Update description of rule "Avoid using Javascript Function constructor" (1020066) concerning security.
49243 Fixes a traceback message in the analysis log with Typescript extension: "AttributeError: 'str' object has no attribute 'get_name'".

Other Updates

Details
Support for "got" (Human-friendly and powerful HTTP request library for Node.js) added. See documentation exampleexternal link.
Fixes an issue causing "Resource service" objects to not be created when source is generated by "https://openapi-generator.tech".
Enhance link resolution for "module.exports" syntax.
The filters.json fileexternal link has been updated to ensure that libraries, tests or minified/empty css files are automatically skipped.

Rules

Rule Id New Rule Details
1020066 FALSE Description updated for the rule "Avoid using Javascript Function constructor".

2.3.3-funcrel

Resolved Issues

Customer Ticket Id Details
48750 An update was made to the description section of the rule "Avoid using Javascript Function constructor" (1020066) concerning security and code injection..
48943 Fixes an issue causing service objects using "react-io" to fail to be resolved.

Other Updates

Details
An update to support inclusion of .js files in .jsp files when .js references are in parameters.
An update to support "lodash/get" for link resolution.
An update to support the analysis of the files "package-lock.json", "yarn.lock" and "npm-shrinkwrap.json" (see documentationexternal link).
An update to support "wretch" (see documentationexternal link).
Fixes an issue causing missing Razor method call objects.
Fixes an issue causing a missing link between Razor Method call objects and .NET controller action objects.
Fixes an issue causing missing Razor method call objects when ternary if expression is present.
Fixes an issue causing the analysis to fail.
Fixes an issue causing the analysis to run in an infinite loop.
The filters.json fileexternal link has been updated to ensure that libraries, tests or minified/empty css files are automatically skipped.

Rules

Rule Id New Rule Details
1020066 FALSE Description update (see 48750 above).

2.3.2-funcrel

Other Updates

Details
Fixes an error introduced in v. 2.3.1-funcrel: missing Razor method call object on "dynamodb" sample.

2.3.1-funcrel

Resolved Issues

Customer Ticket Id Details
48589 Fixes an issue causing a missing link between WMCommonHeader.jsp file and included JSP files.

Other Updates

Details
Fixes an issue causing missing links from .asp pages to database tables when the log message "HTML5-044 A problem occurred when parsing vbscript code" is present in the analysis log..
Fixes an issue where resource service objects computed from strings containing html code with "href=" inside are often not correct.
Fixes an issue causing a missing vendor property for HTML5 SQL Query objects.

Rules

Rule Id New Rule Details
1020082 FALSE Updates the rule "Avoid undocumented Functions" to change the scope to include methods and constructors as well as functions.

2.3.0-funcrel

Resolved Issues

Customer Ticket Id Details
48221 Fixes an issue causing incorrect links to all JavaScript functions that have the same name, instead of the one referenced in the HTML5 header.

New Support

Summary Details
Support C/S links from ASP pages using ADODB COM component See documentation: https://doc.castsoftware.com/technologies/web/html5-js/com.castsoftware.html5/2.3/notes/#support-for-adodb-in-aspaspx-filesexternal link.