Skip to content
Skip to breadcrumbs
Skip to header menu
Skip to action menu
Skip to quick search

Skip to end of banner Go to start of banner

[2018-03-12] Change Log

Skip to end of metadata

Created by Kiuwan Editor User, last modified on Mar 12, 2018

Go to start of metadata

New version of CQM (v1.2.14) and Kiuwan Engine

New version of CQM (v1.2.14) and Kiuwan Engine

Icon

A new Kiuwan’s CQM and Engine is available.

Features of this new version are:

Enhanced support for C# (23 new rules, 18 of them related to security)
Enhanced support for JavaScript (12 new rules)
Enhanced support for PHP (1 new security rule)
Enhanced support for AcuCOBOL-GT grammar

You can find these new rules by comparing v1.2.14 of CQM against previous version.

A detailed description of the behavior of these new rules is available in rule’s description.

Unless you have blocked Kiuwan Engine, Kiuwan Local Analyzer will automatically upgrade it to the last version once a new analysis is run.

In order for these new rules be applicable, your Kiuwan account must be configured to allow automatic engine upgrade:

If you are using CQM, these new rules will automatically become active and will be applied to new analyses.
If you are using your own custom model, you can activate them in case you want to be applied to your code.

New C# Rules

Below you can find codes of C# new rules:

OPT.CSHARP.CodeInjectionWithDeserialization
OPT.CSHARP.PlaintextStorageInACookie
OPT.CSHARP.PotentialInfiniteLoop
OPT.CSHARP.SEC.AccessibilitySubversionRule
OPT.CSHARP.SEC.AvoidHostNameChecks
OPT.CSHARP.SEC.CookiesInSecurityDecision
OPT.CSHARP.SEC.HardcodedSalt
OPT.CSHARP.SEC.ImproperAuthentication
OPT.CSHARP.SEC.InformationExposureThroughDebugLog
OPT.CSHARP.SEC.InformationExposureThroughErrorMessage
OPT.CSHARP.SEC.InsecureTransport
OPT.CSHARP.SEC.LogForging
OPT.CSHARP.SEC.MailCommandInjection
OPT.CSHARP.SEC.NoSQLInjection
OPT.CSHARP.SEC.PlaintextStorageOfPassword
OPT.CSHARP.SEC.SerializableClassContainingSensitiveData
OPT.CSHARP.SEC.ServerInsecureTransport
OPT.CSHARP.SEC.StaticDatabaseConnection
OPT.CSHARP.SEC.UnsafeCookieRule
OPT.CSHARP.SEC.UserControlledSQLPrimaryKey
OPT.CSHARP.SEC.XMLEntityInjection
OPT.CSHARP.TooMuchOriginsAllowed
OPT.CSHARP.UncheckedInputInLoopCondition

New JavaScript Rules

Below you can find codes of JavaScript new rules:

OPT.JAVASCRIPT.ANGULARJS.AngularCrossSiteScripting
OPT.JAVASCRIPT.ANGULARJS.AngularLocalStorageInformationLeak
OPT.JAVASCRIPT.ANGULARJS.UnsafeResourceUrlWhitelist
OPT.JAVASCRIPT.CodeInjectionWithDeserialization
OPT.JAVASCRIPT.HttpParameterPollution
OPT.JAVASCRIPT.InformationExposureThroughErrorMessage
OPT.JAVASCRIPT.LdapInjection
OPT.JAVASCRIPT.MailCommandInjection
OPT.JAVASCRIPT.PlaintextStorageInACookie
OPT.JAVASCRIPT.TrustBoundaryViolation
OPT.JAVASCRIPT.XmlEntityInjection
OPT.JAVASCRIPT.XPathInjection

New PHP Rules

Below you can find codes of PHP new rules:

OPT.PHP.XmlEntityInjection

Improvements in Kiuwan Engine

New Kiuwan engine contains enhanced versions of parsers and rules:

Complete grammar support for AcuCocol-GT
Enhancements in parsers: Cobol, JCL, Abap, Objective-C, PHP, VB.NET and PL-SQL
Bug fixing, performance and reliability issues in rules for Java and C#

No labels