New version of CQM (2.0) and Kiuwan Engine


new version of CQM (2.0) has been released.

Major changes are:

  • Support for Apache Cordova framework (new rules, see section below)
  • Support for ASP.NET Razor for C# (improved capabilties in detection of security vulnerabilities)
  • Priorities of Security rules have been reviewed
  • Rules with Very-Low and Low priorites have been deactivated.


CQM is the default Model (i.e. a concrete set of active and pre-configured rules): 

  • If you are using CQM,
    • new priorities of security rules will be applied
    • low and very-low rules will not longer be active
    • new rules will automatically become active and will be applied to new analyses
  • If you are using your own custom model, your model remains unchaged, but you can modify it and activate the new rules (in case you want to be applied to your code).

You can find new rules by comparing this release of CQM against previous version.  A detailed description of the behavior of these new rules is available in rule’s description.

new version of Kiuwan Engine has been released that incorporates bug fixes, performance and reliability improvements in rules and parsers.

Kiuwan Engine is the binary code executed when an analysis is run.

  • If the engine is not blocked in your Kiuwan account, the engine will upgrade automatically to the last version of Kiuwan Engine once a new analysis is run
  • If the engine is blocked, your kiuwan engine will not be modified.


Support for Apache Cordova framework

Apache Cordova is a mobile application development framework  that enables software programmers to build applications for mobile devices using CSS3, HTML5, and JavaScript, instead of relying on platform-specific APIs like those in Android, iOS, or Windows Phone.

This new Kiuwan Engine provides support for Apache Cordova framework, including new rules that you can find selecting Cordova framework.

Specific rules addressed to Cordova:

  • OPT.HTML.CORDOVA.ShouldUseContentSecurityPolicy 
  • OPT.JAVASCRIPT.CORDOVA.AvoidEnabledDebugMode 
  • OPT.JAVASCRIPT.CORDOVA.InsecureAndroidMinSdkVersion 
  • OPT.JAVASCRIPT.CORDOVA.TooBroadAccessOrigin 
  • OPT.JAVASCRIPT.CORDOVA.WhitelistPluginNotInstalled


Support for ASP.NET Razor C# (cshtml)

Razor is an ASP.NET programming syntax used to create dynamic web pages with the C# or VB.NET programming languages.

This new Kiuwan Engine provides support for Razor ASP.NET for C#, providing parsing facilities for .cshtml files.

By being able to process .cshtml files, C# security rules improve its capabilties to detect security vulnerabilties.


  • No labels