| Table of Contents |
|---|
New version of CQM (v1.2.
...
12) and Kiuwan
...
Engine
| Info |
|---|
A new Kiuwan’s CQM version (v.1.2.1012) is available. Basically, v1.2.10 12 contains new Security rules for SQL embedded in Cobol programsHTML, Java and JSP.
In order for these new rules be applicable, your Kiuwan account must allow for automatic engine upgrade. Unless you have blocked Kiuwan Engine, Kiuwan Local Analyzer will automatically upgrade it to the last version once a new analysis is run. |
...
You can find new rules by comparing v1.2.10 12 of CQM against previous version. A detailed description of the behavior of these new rules is available in rule’s description.
New
...
Security Rules
Support to Cobol Security has been improved with the addition of new rules specifically targeted to embedded SQL in Cobol programs.
Below you can find codes of new rules:
as well as continuous improvements in security rules execution.
HTML
- Password input field is not masked (CWE:549)
Java
Avoid using an user controlled Primary Key into a query (CWE:566)
Plaintext Storage of a Password (CWE:256)
Array index coming from a non neutralized vulnerable input (CWE:129)
Not using a Random IV with CBC Mode (CWE:329)
Hardcoded cryptographic keys (CWE:321)
Avoid sensitive information exposure through error messages (CWE:209)
Execution After Redirect (EAR) (CWE:698)
NULL Pointer Dereference (CWE:476)
JSP
- Unprotected transport of credentials (CWE:523)
- Information exposure through strings sent by GET (CWE:598)
- Password input field is not masked (CWE:549)
- OPT.COBOL.SQL_COBOL.PreferOnOverUsing
- OPT.COBOL.SQL_COBOL.AvoidNonQualifiedJoins
- OPT.COBOL.SQL_COBOL.DetectImplicitJoins
- OPT.COBOL.SQL_COBOL.AvoidUnion
- OPT.COBOL.SQL_COBOL.AvoidTooManyJoins
- OPT.COBOL.SQL_COBOL.AvoidQueriesOnManyTables
- OPT.COBOL.SQL_COBOL.AvoidNestedSelects
- OPT.COBOL.SQL_COBOL.AvoidCorrelatedSubSelects
- OPT.COBOL.SQL_COBOL.UseTheAsKeyword
- OPT.COBOL.SQL_COBOL.AvoidNumericReferencesInByClauses
Improvements in Kiuwan Engine (master.
...
p461.
...
q7422.
...
a1731)
New Kiuwan engine contains enhanced versions of parsers and rules:
...
- Complete grammar support for Cobol AcuCOBOL-GT (MicroFocus subdialect)
- Enhancements in parsers: ABAP , Objective-C, COBOL-DB2, OracleForms, VB6, ActionScript, C/C++, ASP.NET, Python, PHP, JSP, RPG, and Naturaland PL-SQL
- Bug fixing, performance and reliability issues in Java, C/C++ and JSP rules
- Documentation improvements for Security, Java and Python rules
Privileges to access Kiuwan Messenger
In-app access to Kiuwan Support (through Kiuwan Messenger) has been modified so the account owner can fully control who get access to it.
- Support access is restricted to owner and admin users and a number of users (3 max by default). Account owner and admin users will always have privilege to Messenger access. Additionally, access can also be granted to other users (up to 3) in User management section of your account.
- This access privileges will be applied to new accounts from now on. If you need to grant access to more users than the default (3), please contact your Kiuwan account representative.
- For existing accounts, by default only owners and admins are granted to access Messenger. If you are the owner or admin, please review your account to grant support access to any other users who can need it.
Filters now apply to CSV and PDF reports
Whatever filters you use in Kiuwan dashboards, those filters will be applied when you export to CSV and PDF (defects, action plans, rules, etc.).
In other words, displayed and exported list of records will be coincident.
If you are experiencing problems with CSV import into Excel, please read Cannot import CSV Kiuwan reports into Microsoft Excel
New look and feel in PDF Kiuwan reports
PDF reports have been redesigned with a new Look and Feel.
Content of the reports have not been changed, so you will find all the information as before.
- Security rules for Java and JSP rules