New version of CQM (v1.2.15) and Kiuwan Engine
New PHP Security Rules
- OPT.PHP.SEC.PlaintextStorageInACookieRule
- OPT.PHP.SEC.InsufficientSessionExpirationRule
- OPT.PHP.SEC.CookiesInSecurityDecision
- OPT.PHP.SEC.CrossSiteHistoryManipulation
- OPT.PHP.SEC.InsufficientKeySizeRule
- OPT.PHP.SEC.TrustBoundaryViolationRule
- OPT.PHP.SEC.UncheckedInputInLoopCondition
- OPT.PHP.SEC.ImproperValidationOfArrayIndex
- OPT.PHP.SEC.UserControlledSQLPrimaryKey
- OPT.PHP.SEC.PotentialInfiniteLoop
Improved Java support (Android and Play Framework)
Android support has been improved with the addition of new rules:
- OPT.JAVA.ANDROID.ReceiverWithoutPermission
- OPT.JAVA.ANDROID.PrivilegeEscalationAttack
- OPT.JAVA.ANDROID.ExportedProvider
- OPT.JAVA.ANDROID.ExportedActivity
- OPT.JAVA.ANDROID.CheckLocationPermission
- OPT.JAVA.ANDROID.CheckInternetPermission
- OPT.JAVA.ANDROID.CheckExternalStoragePermission
Also, support for Play Framework (OPT.JAVA.SEC_JAVA.PlaySecurityMisconfiguration) has been added to Kiuwan.
Enhanced Django Python support
Existing security rules for Django framework have been enhanced by supporting new sinks/sources as well as improvements in tainting propagation.
Besides, 2 new security rules have added to current Django set:
- OPT.PYTHON.SECURITY.MemcachedInjection
- OPT.PYTHON.SECURITY.InformationExposureThroughDebugLog
You can find Django rules by filtering by "Django" Framework in CQM model.
New ABAP Rules
- OPT.ABAP.SEC.UsagesOfSyUname
- OPT.ABAP.SEC.UsagesOfSySysid
- OPT.ABAP.SEC.RfcDestinationInjection
- OPT.ABAP.SEC.RfcCallbackAttack
- OPT.ABAP.SEC.NoAuthorizationGroup4Table
- OPT.ABAP.SEC.HardcodedUsernameCheck
- OPT.ABAP.SEC.DangerousFileUpload
- OPT.ABAP.SEC.DangerousFileDownload
- OPT.ABAP.SEC.Calls2CriticalFunctions
- OPT.ABAP.SEC.AuthorityChecks
- OPT.ABAP.RELIABILITY.UncaughtExceptionInRfcCall
- OPT.ABAP.RELIABILITY.ModifiedInputParameter
- OPT.ABAP.RELIABILITY.LogicDependingOnTextSymbols
- OPT.ABAP.RELIABILITY.DirectRecursiveCall
- OPT.ABAP.PORTABILITY.DeprecatedAsyncronousRFC
- OPT.ABAP.EFFICIENCY.LoopAtInto
- OPT.ABAP.EFFICIENCY.JoinInsteadOfSelectInLoop