Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Contents
| Table of Contents | ||
|---|---|---|
|
Engine
QAK-5221 OPT.VB6.VBDC.VGNU low performance for one analysis.
QAK-5593 XML detected wrongfully as oracle forms.
QAK-5615 New rule CWE-759-Use of a One-Way Hash without a Salt.
QAK-5683 C files not parsed correctly.
QAK-5735 False Negative in "Guarantee that copies are made into storage of sufficient size" rule.
QAK-5921 False positive in OPT.CSHARP.PathTraversal and rule documentation improvement
QAK-5922 Other language with the DUP code rule.
QAK-5926 OPT.HTML.ObsoleteElements rule improvement.
QAK-5928 OPT.HTML.AddLabelForInputField rule improvement.
QAK-6024 CORS coverage improvement.
QAK-6162 @Override considered in the "Always use specific exceptions in the throws clause" rule.
QAK-6277 KLA crash with Java analysis over JSP files.
QAK-6347 False negatives in Everis-IT_Cpp.
QAK-6365 A log warning is shown when CCN is below the threshold and may lead to a low performance.
QAK-6414 OPT.JSP.SEC_JSP.TargetBlankVulnerability rule improvements.
QAK-6416 False positives in OPT.PYTHON.DJANGO.InsecureDirectObjectReferences rule.
QAK-6417 OPT.JAVA.SEC_JAVA.OpenRedirectRule improvement.
QAK-6418 Incorrect JSP/Razor (cshtml) data path lines.
QAK-6419 False positive in OPT.C.CERTC.MEM00 rule.
QAK-6422 Removed metafiles DTD files for specific technologies.
QAK-6425 CWE:400 'Regex Injection' instead of CWE:185.
QAK-6426 False positive in OPT.PLSQL.GEN_PLSQL.NDFexception.
QAK-6427 False negative in OPT.JAVASCRIPT.CrossSiteScripting.
QAK-6430 False negative in OPT.C.CERTC.EXP34 rule.
QAK-6437 False negative in OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule.
QAK-6440 OPT.PHP.HttpSplitting rule enhancement.
QAK-6445 Rule OPT.XML.XSLT_MAN.NOUSEDPARAM only shows the last defect.
QAK-6446 Typescript not parsed correctly.
QAK-6447 Possible regression problems when analyzing Java files.
QAK-6448 Nullpointer in custom rule using com.als.core.rule.MetricThresholdsRule.
QAK-6452 Issue when analyzing with the rule OPT.COBOL.MAN_COBOL.VLIN: VALUES not aligned.
QAK-6454 False positive in the OPT.JAVA.IO.CS OPT.JAVA.IO.CS rule.
QAK-6456 Tainting propagation in method arguments improvement (.NET).
QAK-6457 Missing DataPath in OPT.CSHARP.OpenRedirect.
QAK-6458 .NET custom metadata malfunction for static method calls definitions.
QAK-6459 False positive in OPT.PYTHON.RELIABILITY.UnreachableCode.
QAK-6460 False positive "Avoid calling magic methods" in Python rule.
QAK-6463 C# parsing error in CSHTML files “MismatchedTokenException” has been fixed.
QAK-6464 Possible false positive in OPT.JAVA.CONV.ObjectTypeVerification.
QAK-6465 Kiuwan Local Analyzer does not execute JavaScript rules when there are only JSP files in basedir.
QAK-6468 OPT.ASPNET.CredentialsMisconfiguration error causes hardcoded password visibility.
QAK-6469 OPT.XML.XSLT_MAN.NONUSEDVARIABLES enhancement.
QAK-6470 OPT.JAVA.SEC_JAVA.SqlInjectionRule and metadata libraries support improvement.
QAK-6471 False negative in OPT.XML.XSLT_MAN.EFFICIENTUSEOFCHOOSE.
QAK-6473 False negative in OPT.VBNET.VBnet.RemoveUnusedLocals.
QAK-6477 False negative in OPT.JAVA.SEC_JAVA.XmlEntityInjectionRule.
QAK-6478 False negative in OPT.JAVASCRIPT.ERRORCOMUN.UnusedLocalVar.
QAK-6479 OPT.JSP.SEC_JSP.SpecifyIntegrityAttribute rule improvement.
QAK-6483 Unable to analyze application due timeout killed the sub-process java.lang.NullPointerException and high ccn complexity in several files.
QAK-6485 JavaScript not parsed correctly.
QAK-6486 Two validations done in integration tests should be moved to standard rule test, and testImplementationClassExist() should test something.
QAK-6487 Swift 5 Language supported version enhancement.
QAK-6489 RPG not parsed correctly when using EndSr opcode as the user identifier.
QAK-6490 False positives in OPT.JAVA.RGME.EAOF.
QAK-6491 Upgrade support for C# from v7 to v8.
QAK-6492 Add support for MatchKind.fullsignature in VB.NET CallSignature.getMethodPredicate().
QAK-6495 COBOL file not parsed correctly.
QAK-6496 Parsing error in Cobol caused by the SWCOPY command.
QAK-6497 SQL file not parsed correctly.
QAK-6498 VB file not parsed correctly.
QAK-6500 CS file not parsed correctly.
QAK-6501 COBOL parsing error: “TYPE clause in data-description entry”.
QAK-6502 False positive in OPT.PLSQL.SEC.WeakSymmetricEncryptionAlgorithm.
QAK-6503 NPE and OOM error while analyzing C++ and Java application.
QAK-6504 TypeScript Technology not parsed correctly.
QAK-6505 Few .tsx files not parsed correctly.
QAK-6506 False positive in GamoraDevOps application.
QAK-6509 False positive in Helios application.
QAK-6512 Strict dataflow analysis limit in OPT.COBOL.SEC.DynamicStorageLeakRule when complexity threshold exceeded.
QAK-6513 Add support for 'this"receiver paramenter (Java 8).
QAK-6526 OOM errors when analyzing Typescript.
QAK-6533 StackOverflowError IndirectTaintingSitesTask.
KLA
QAK-5593 rules_oracleforms.key error does not exist.
QAK-6511 Cobol file not parsed correctly.
SAS-4155 KLA filter rules by priority.
Kiuwan
SAS-5152 When user deletes an analysis without label, many are hidden in the list
SAS-5184 After the user logins for the first time, it's required to change the default password.
SAS-5213 Compare of Models is not matching correctly when the user "manually" returns the default values.
SAS-5321 After installing custom rule, the rule active status is NOK.
SAS-5323 Error when uploading only a jar file of custom rules.
SAS-5325 Error when downloading defects PDF in apps with large amounts of defects.
SAS-5326 Error in Insights checkpoint and partial delivery.
SAS-5390 Error in email notification after creating a new user.
SAS-5434 Explanation with invalid character cannot be inserted into DB.
SAS-5435 High memory consumption in session.
SAS-5437 Many alert notification sent when cannot connect to REDIS cluster.
SAS-5446 Distribution request to MongoDB from the mongo client in Kiuwan.
SAS-5450 The Endpoint /apps/list takes 116 seconds.