Table of Contents |
---|
...
New version of CQM (v1.2.
...
13) and Kiuwan Engine
Info |
---|
A new Kiuwan’s CQM and Engine is available. Features of this new version are:
You can find these new rules by comparing v1.2.XX 13 of CQM against previous version. A detailed description of the behavior of these new rules is available in rule’s description. Unless you have blocked Kiuwan Engine, Kiuwan Local Analyzer will automatically upgrade it to the last version once a new analysis is run. In order for these new rules be applicable, your Kiuwan account must be configured to allow automatic engine upgrade:
|
Support of Apple's Swift v3 and v4
Support to Swift V3 and V4 has been incorporated with the addition of new 61 rules.
These new rules belong to following characteristics:
- Security: 33
- Maintainability: 14
- Efficiency: 8
- Reliability: 6
...
New C# Rules
Below you can find codes of C# new rules:
- OPT.CSHARP.CodeInjectionWithDeserialization
- OPT.CSHARP.PlaintextStorageInACookie
- OPT.CSHARP.PotentialInfiniteLoop
- OPT.CSHARP.SEC.AccessibilitySubversionRule
- OPT.CSHARP.SEC.AvoidHostNameChecks
- OPT.CSHARP.SEC.CookiesInSecurityDecision
- OPT.CSHARP.SEC.HardcodedSalt
- OPT.CSHARP.SEC.ImproperAuthentication
- OPT.CSHARP.SEC.InformationExposureThroughDebugLog
- OPT.CSHARP.SEC.InformationExposureThroughErrorMessage
- OPT.CSHARP.SEC.InsecureTransport
- OPT.CSHARP.SEC.LogForging
- OPT.CSHARP.SEC.MailCommandInjection
- OPT.CSHARP.SEC.NoSQLInjection
- OPT.CSHARP.SEC.PlaintextStorageOfPassword
- OPT.CSHARP.SEC.SerializableClassContainingSensitiveData
- OPT.CSHARP.SEC.ServerInsecureTransport
- OPT.CSHARP.SEC.StaticDatabaseConnection
- OPT.CSHARP.SEC.UnsafeCookieRule
- OPT.CSHARP.SEC.UserControlledSQLPrimaryKey
- OPT.CSHARP.SEC.XMLEntityInjection
- OPT.CSHARP.TooMuchOriginsAllowed
- OPT.CSHARP.UncheckedInputInLoopCondition
New JavaScript Rules
Below you can find codes of JavaScript new rules:
- OPT.JAVASCRIPT.ANGULARJS.AngularCrossSiteScripting
- OPT.JAVASCRIPT.ANGULARJS.AngularLocalStorageInformationLeak
- OPT.JAVASCRIPT.ANGULARJS.UnsafeResourceUrlWhitelist
- OPT.JAVASCRIPT.CodeInjectionWithDeserialization
- OPT.JAVASCRIPT.HttpParameterPollution
- OPT.JAVASCRIPT.InformationExposureThroughErrorMessage
- OPT.JAVASCRIPT.LdapInjection
- OPT.JAVASCRIPT.MailCommandInjection
- OPT.JAVASCRIPT.PlaintextStorageInACookie
- OPT.JAVASCRIPT.TrustBoundaryViolation
- OPT.JAVASCRIPT.XmlEntityInjection
- OPT.JAVASCRIPT.XPathInjection
New PHP Rules
Below you can find codes of PHP new rules:
- OPT.PHP.XmlEntityInjection
Improvements in Kiuwan Engine
...
- Complete grammar support for Swift v3 and V4 AcuCocol-GT
- Enhancements in parsers: Cobol, JCL, Abap, Objective-C, PHP, VB.NET and PL-SQL
- Bug fixing, performance and reliability issues in rules for Java and C#