Page tree
Skip to end of metadata
Go to start of metadata

 


 

New version of CQM (v1.2.17) and Kiuwan Engine 

Icon

A new Kiuwan’s CQM and Engine is available.

Main features of this release are:

  1. Kiuwan's "Support for TypeScript"
    • there are 30 new rules specifically suited to TypeScript (tagged as "typescript")
    • most of existing JavaScript and Angular rules have been improved to work also on TypeScript code
  2. Enhanced integration with SAP
    1. Availabilty of a completely new SAP Extractor for Kiuwan that allows a seamlessly integration of Kiuwan with SAP
    2. Visit SAP Extractor for Kiuwan for further information

Additional features of this new version are:

  • Support for detecting CWE-1022 vulnerabilities in HTML, JSP and ASP.NET
  • Bug fixing, performance and reliability issues in rules for Java, C++, JavaScript and VB.NET

  • Enhancements in JavaScript parser:

 

You can find new rules by comparing this release of CQM against previous version.  

A detailed description of the behavior of these new rules is available in rule’s description.

Unless you have blocked Kiuwan Engine, Kiuwan Local Analyzer will automatically upgrade it to the last version once a new analysis is run.

In order for these new rules be applicable, your Kiuwan account must be configured to allow automatic engine upgrade:

  • If you are using CQM, these new rules will automatically become active and will be applied to new analyses.
  • If you are using your own custom model, you can activate them in case you want to be applied to your code.

 

New TypeScript Rules

  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.AvoidAliasingInputOutput 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.AvoidForwardRefs 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.AvoidImpurePipes 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.AvoidNoneViewEncapsulation 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.AvoidPrefixingOutput 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.AvoidTemplateAsyncNegation 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.DecoratorIncompatibility 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.InvalidPipeImplementation 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.NamingConventions 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.NoParameterAttributeDecorator 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.UseHostDecorator 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.UseInjectableDecorator 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.UseInputDecorator 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.UseLifeCycleInterface 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.UseOutputDecorator 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.UseTrackBy 
  • OPT.JAVASCRIPT.TYPESCRIPT.AvoidAnnotatingInferableTypes 
  • OPT.JAVASCRIPT.TYPESCRIPT.AvoidCastingIObjectLiterals 
  • OPT.JAVASCRIPT.TYPESCRIPT.NoEmptyInterface 
  • OPT.JAVASCRIPT.TYPESCRIPT.NoReturnTypeAny 
  • OPT.JAVASCRIPT.TYPESCRIPT.PreferReadOnly 
  • OPT.JAVASCRIPT.TYPESCRIPT.ReviewNonNullAssertions 
  • OPT.JAVASCRIPT.TYPESCRIPT.SkipInternalModuleOrNamespace 
  • OPT.JAVASCRIPT.TYPESCRIPT.TooManyClassesPerFile 
  • OPT.JAVASCRIPT.TYPESCRIPT.UselessTypeCast 
  • OPT.JAVASCRIPT.TYPESCRIPT.UselessTypeIntersection 
  • OPT.JAVASCRIPT.TYPESCRIPT.UsePrimitiveTypes 
  • OPT.JAVASCRIPT.TYPESCRIPT.UseTypeAlias 
  • OPT.JAVASCRIPT.TYPESCRIPT.UseTypeAnnotations 
  • OPT.JAVASCRIPT.UnhandledPromise

 

Support for detecting CWE-1022 vulnerabilities in HTML, JSP and ASP.NET

  • OPT.HTML.TargetBlankVulnerability
  • OPT.ASPNET.TargetBlankVulnerability
  • OPT.JSP.SEC_JSP.TargetBlankVulnerability

 

 

  • No labels