Skip to content
Skip to breadcrumbs
Skip to header menu
Skip to action menu
Skip to quick search

Skip to end of banner Go to start of banner

[2018-03-21] Change Log

Skip to end of metadata

Created by Kiuwan Editor User, last modified on Mar 21, 2018

Go to start of metadata

New version of CQM (v1.2.14a) and Kiuwan Engine

New version of CQM (v1.2.14a) and Kiuwan Engine

Icon

A new Kiuwan’s CQM and Engine is available.

Features of this new version are:

New PHP rules (7 new security rule)
New Java rules (1 new security rule)
New HTML rules (1 new rule)

You can find these new rules by comparing v1.2.14a of CQM against previous version.

A detailed description of the behavior of these new rules is available in rule’s description.

Unless you have blocked Kiuwan Engine, Kiuwan Local Analyzer will automatically upgrade it to the last version once a new analysis is run.

In order for these new rules be applicable, your Kiuwan account must be configured to allow automatic engine upgrade:

If you are using CQM, these new rules will automatically become active and will be applied to new analyses.
If you are using your own custom model, you can activate them in case you want to be applied to your code.

New PHP Rules

OPT.PHP.SEC.ExternalControlOfConfigurationSetting
OPT.PHP.SEC.PlaintextStorageOfPassword
OPT.PHP.SEC.ExecutionAfterRedirect
OPT.PHP.SEC.FormatStringInjectionRule
OPT.PHP.SEC.MailCommandInjection
OPT.PHP.SEC.XsltInjection
OPT.PHP.SEC.PasswordInRedirectRule

New Java Rules

OPT.JAVA.SEC_JAVA.PasswordInConfigurationFile

New HTML Rules

OPT.HTML.SpecifyIntegrityAttribute

No labels