New version of CQM (v1.2.14) and Kiuwan Engine
New C# Rules
Below you can find codes of C# new rules:
- OPT.CSHARP.CodeInjectionWithDeserialization
- OPT.CSHARP.PlaintextStorageInACookie
- OPT.CSHARP.PotentialInfiniteLoop
- OPT.CSHARP.SEC.AccessibilitySubversionRule
- OPT.CSHARP.SEC.AvoidHostNameChecks
- OPT.CSHARP.SEC.CookiesInSecurityDecision
- OPT.CSHARP.SEC.HardcodedSalt
- OPT.CSHARP.SEC.ImproperAuthentication
- OPT.CSHARP.SEC.InformationExposureThroughDebugLog
- OPT.CSHARP.SEC.InformationExposureThroughErrorMessage
- OPT.CSHARP.SEC.InsecureTransport
- OPT.CSHARP.SEC.LogForging
- OPT.CSHARP.SEC.MailCommandInjection
- OPT.CSHARP.SEC.NoSQLInjection
- OPT.CSHARP.SEC.PlaintextStorageOfPassword
- OPT.CSHARP.SEC.SerializableClassContainingSensitiveData
- OPT.CSHARP.SEC.ServerInsecureTransport
- OPT.CSHARP.SEC.StaticDatabaseConnection
- OPT.CSHARP.SEC.UnsafeCookieRule
- OPT.CSHARP.SEC.UserControlledSQLPrimaryKey
- OPT.CSHARP.SEC.XMLEntityInjection
- OPT.CSHARP.TooMuchOriginsAllowed
- OPT.CSHARP.UncheckedInputInLoopCondition
New JavaScript Rules
Below you can find codes of JavaScript new rules:
- OPT.JAVASCRIPT.ANGULARJS.AngularCrossSiteScripting
- OPT.JAVASCRIPT.ANGULARJS.AngularLocalStorageInformationLeak
- OPT.JAVASCRIPT.ANGULARJS.UnsafeResourceUrlWhitelist
- OPT.JAVASCRIPT.CodeInjectionWithDeserialization
- OPT.JAVASCRIPT.HttpParameterPollution
- OPT.JAVASCRIPT.InformationExposureThroughErrorMessage
- OPT.JAVASCRIPT.LdapInjection
- OPT.JAVASCRIPT.MailCommandInjection
- OPT.JAVASCRIPT.PlaintextStorageInACookie
- OPT.JAVASCRIPT.TrustBoundaryViolation
- OPT.JAVASCRIPT.XmlEntityInjection
- OPT.JAVASCRIPT.XPathInjection
New PHP Rules
Below you can find codes of PHP new rules:
- OPT.PHP.XmlEntityInjection
Improvements in Kiuwan Engine
New Kiuwan engine contains enhanced versions of parsers and rules:
- Complete grammar support for AcuCocol-GT
- Enhancements in parsers: Cobol, JCL, Abap, Objective-C, PHP, VB.NET and PL-SQL
- Bug fixing, performance and reliability issues in rules for Java and C#