You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

 

 

New version of Kiuwan, CQM (v1.2.18) and Kiuwan Engine 

Main features of this release are:

  1. Kiuwan CQM and Engine
    • Support for SAP HANA - SQLScript (17 new rules for SQLScript)
    • Bug fixing, performance and reliability issues in rules for XXXXXX Java, C++, JavaScript and VB.NET
    • Enhancements in XXXXXX parser:

  2. Kiuwan Insights
    • Enhanced readability of components' License information
    • Improved analysis performance
    • Availabilty of a completely new SAP Extractor for Kiuwan that allows a seamlessly integration of Kiuwan with SAP
    • Visit SAP Extractor for Kiuwan for further information

  3. Kiuwan Insights
    • Enhanced readability of components' License information
    • Improved analysis performance

 

 

 

Additional features of this new version are:

  • Support for detecting CWE-1022 vulnerabilities in HTML, JSP and ASP.NET

  • Bug fixing, performance and reliability issues in rules for Java, C++, JavaScript and VB.NET

  • Enhancements in JavaScript parser:

 

You can find new rules by comparing this release of CQM against previous version.  

A detailed description of the behavior of these new rules is available in rule’s description.

Unless you have blocked Kiuwan Engine, Kiuwan Local Analyzer will automatically upgrade it to the last version once a new analysis is run.

In order for these new rules be applicable, your Kiuwan account must be configured to allow automatic engine upgrade:

  • If you are using CQM, these new rules will automatically become active and will be applied to new analyses.
  • If you are using your own custom model, you can activate them in case you want to be applied to your code.

 

New TypeScript Rules

  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.AvoidAliasingInputOutput 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.AvoidForwardRefs 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.AvoidImpurePipes 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.AvoidNoneViewEncapsulation 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.AvoidPrefixingOutput 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.AvoidTemplateAsyncNegation 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.DecoratorIncompatibility 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.InvalidPipeImplementation 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.NamingConventions 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.NoParameterAttributeDecorator 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.UseHostDecorator 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.UseInjectableDecorator 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.UseInputDecorator 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.UseLifeCycleInterface 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.UseOutputDecorator 
  • OPT.JAVASCRIPT.TYPESCRIPT.ANGULAR.UseTrackBy 
  • OPT.JAVASCRIPT.TYPESCRIPT.AvoidAnnotatingInferableTypes 
  • OPT.JAVASCRIPT.TYPESCRIPT.AvoidCastingIObjectLiterals 
  • OPT.JAVASCRIPT.TYPESCRIPT.NoEmptyInterface 
  • OPT.JAVASCRIPT.TYPESCRIPT.NoReturnTypeAny 
  • OPT.JAVASCRIPT.TYPESCRIPT.PreferReadOnly 
  • OPT.JAVASCRIPT.TYPESCRIPT.ReviewNonNullAssertions 
  • OPT.JAVASCRIPT.TYPESCRIPT.SkipInternalModuleOrNamespace 
  • OPT.JAVASCRIPT.TYPESCRIPT.TooManyClassesPerFile 
  • OPT.JAVASCRIPT.TYPESCRIPT.UselessTypeCast 
  • OPT.JAVASCRIPT.TYPESCRIPT.UselessTypeIntersection 
  • OPT.JAVASCRIPT.TYPESCRIPT.UsePrimitiveTypes 
  • OPT.JAVASCRIPT.TYPESCRIPT.UseTypeAlias 
  • OPT.JAVASCRIPT.TYPESCRIPT.UseTypeAnnotations 
  • OPT.JAVASCRIPT.UnhandledPromise

 

Support for detecting CWE-1022 vulnerabilities in HTML, JSP and ASP.NET

  • OPT.HTML.TargetBlankVulnerability
  • OPT.ASPNET.TargetBlankVulnerability
  • OPT.JSP.SEC_JSP.TargetBlankVulnerability

 

 


  • No labels