Release Notes - 1.1
1.1.1-funcrel
Rules
| Rule Id |
New Rule |
Details |
| 7742 |
FALSE |
Correction of the quality rule "Avoid SQL injection": some violations are now identified by the quality rule "Avoid numeric user inputs in SQL queries" (1025058) |
| 8420 |
FALSE |
Correction of the quality rule "Avoid second order SQL injection": some violations are now identified by the quality rule "Avoid second order numeric user inputs in SQL queries" (1025060) |
| 8490 |
FALSE |
Correction of the quality rule "Avoid SQL injection through API requests": some violations are now identified by the quality rule "Avoid numeric user inputs in SQL queries through API requests" (1025062) |
| 1025058 |
FALSE |
Correction of the quality rule "Avoid numeric user inputs in SQL queries": added new violations that were previously identified by the quality rule "Avoid SQL injection" (7742) |
| 1025060 |
FALSE |
Correction of the quality rule "Avoid second order numeric user inputs in SQL queries": added new violations that were previously identified by the quality rule "Avoid second order SQL injection" (8420) |
| 1025062 |
FALSE |
Correction of the quality rule "Avoid numeric user inputs in SQL queries through API requests": added new violations that were previously identified by the quality rule "Avoid SQL injection through API requests" (8490) |
| 8240 |
FALSE |
Improved support for the quality rule "Avoid using unsecured cookie" (for JEE): better support of `javax.servlet.http.HttpServletResponse` |
| 1025016 |
FALSE |
Improved support for the quality rule "Avoid using cookie without the HttpOnly flag" (for JEE): better support of `javax.servlet.http.HttpServletResponse` |
| 7746 |
FALSE |
Improved support for the quality rule "Avoid LDAP injection" (for .NET): better support of `System.DirectoryServices` |
| 8492 |
FALSE |
Improved support for the quality rule "Avoid LDAP injection through API requests" (for .NET): better support of `System.DirectoryServices` |
| 1025010 |
FALSE |
Improved support for the quality rule "Avoid second order LDAP injection" (for .NET): better support of `System.DirectoryServices` |
| 8416 |
FALSE |
Improved support for the quality rule "Avoid use of a reversible one-way hash" (for .NET): better support of `System.Security.Cryptography` |
| 8440 |
FALSE |
Improved support for the quality rule "Avoid reflection injection" (for .NET): better support of `System.Type` |
| 8502 |
FALSE |
Improved support for the quality rule "Avoid reflection injection through API requests" (for .NET): better support of `System.Type |
| 1025008 |
FALSE |
Improved support for the quality rule "Avoid second order reflection injection" (for .NET): better support of `System.Type` |
New Support
| Summary |
Details |
| Apache NMS |
The Security Analyzer now supports the framework Apache NMS for .NET environment. It is considered as tainted input "through API requests", affecting all rules "through API requests". As a consequence after upgrade to this release and a new analysis, additional violations may be found. |
1.1.0-funcrel
Note
Moved to funcrel release. No other changes have been made.
1.1.0-beta1
Rules
| Rule Id |
New Rule |
Details |
| 1025056 |
TRUE |
New rule: "Avoid running SQL queries inside a loop" has been added. |
New Support
| Summary |
Details |
| Support for RabbitMQ for JEE |
The Security Analyzer now supports the framework RabbitMQ for JEE environment. "through API requests" are considered as tainted input affecting all rules "through API requests". As a consequence, after upgrade to this release and a new analysis, additional violations may be found. |