Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Contents:
Table of Contents
Section | ||
---|---|---|
| ||
Angular dynamic componentEmbedded ins We have expanded our JavaScript support , this release includes an Angular framework. This release allows you to check for dynamic components and the ability to parse JSXthat were built in an Angular Framework. The underlying vulnerability from using dynamic component components construction is not different from other "eval injection" issues, review the following links for more information: It is well-known as an insecure practice, from a security overview (), and in particular, for Angular, review The Security Angle on Angular. |
Section | ||
---|---|---|
| ||
JSX ReactAlso, in our JavaScript support, we had partial support for React. Now, this support is extended with JSX technology. JSX, or JavaScript XML, is an XML-like syntax extension to ECMAScript part of the React library. The complete specification can be checked at Draft: JSX Specification. The following elements have been identified as potential security flaws and detected by the existing JS rules:
In React, the HTML code is embedded into the JS code, so the HTML code must be checked to mark sources, sinks, or neutralization (For example: <input> elements). Also, the embedded HTML code is analyzed by Kiuwan with the rules from the HTML technology. The following existing checks might be applied: OPT.HTML.AutocompleteOnForSensitiveFields. OPT.HTML.MissingPasswordFieldMasking. OPT.HTML.TargetBlankVulnerability. OPT.HTML.SandboxAllowScriptsAndSameOrigin. OPT.HTML.SpecifyIntegrityAttribute. |
Section | ||
---|---|---|
| ||
Jenkins Kiuwan plugin updateKiuwan has its plugin to integrate with a Jenkins environment: This new version includes the following updates:
|
Section | ||
---|---|---|
| ||
Other bug fixes and improvements
|