You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

 

 

New version of CQM, Kiuwan Engine and SAP Extractor

Main features of this release are:

  1. Kiuwan CQM (v1.2.XX) and Engine

    • Support for .Net Xamarin platform

    • Increased support for security in Swift (18 new security rules)

 

Kiuwan CQM and Engine

 

new version of CQM has been released that incorporate new rules (as detailed below).

CQM is the default Model (i.e. a concrete set of active and pre-configured rules): 

  • If you are using CQMnew rules will automatically become active and will be applied to new analyses.
  • If you are using your own custom model, your model remains unchaged, but you can modify it and activate the new rules (in case you want to be applied to your code).

You can find new rules by comparing this release of CQM against previous version.  A detailed description of the behavior of these new rules is available in rule’s description.

new version of Kiuwan Engine has been released that incorporates bug fixes, performance and reliability improvements in rules and parsers.

Kiuwan Engine is the binary code executed when an analysis is run.

  • If the engine is not blocked in your Kiuwan account, the engine will upgrade automatically to the last version of Kiuwan Engine once a new analysis is run
  • If the engine is blocked, your kiuwan engine will not be modified.

 

Support for .Net Xamarin platform

This new Kiuwan Engine provides support for .NET Xamarin platform (Microsoft framework for developing multi-device mobile apps in C# for Android, iOS, MacOS and Windows mobile platforms).

Kiuwan engine is now aware of security-relevant items in Xamarin APIs, providing mappings for input elements in user-defined interfaces (via XAML in Xamarin.Forms) so they are properly considered as user-controlled input.

 

New Swift security rules

  • OPT.SWIFT.SECURITY.PasteboardCachingLeak 

  • OPT.SWIFT.SECURITY.PasswordInConfigurationFile

  • OPT.SWIFT.SECURITY.PotentialInfiniteLoop 

  • OPT.SWIFT.SECURITY.URLSchemeHijacking 

  • OPT.SWIFT.SECURITY.HardcodedUsernamePassword 

  • OPT.SWIFT.SECURITY.PlaintextStorageInACookieRule 

  • OPT.SWIFT.SECURITY.SerializableClassContainingSensitiveData 

  • OPT.SWIFT.SECURITY.ThirdPartyKeyboardAllowed 

  • OPT.SWIFT.SECURITY.UncheckedInputInLoopCondition 

  • OPT.SWIFT.SECURITY.ExecutionAfterRedirect 

  • OPT.SWIFT.SECURITY.SensitiveSQL 

  • OPT.SWIFT.SECURITY.SensitiveNoSQL 

  • OPT.SWIFT.SECURITY.InsecureTemporaryFile 

  • OPT.SWIFT.SECURITY.ConnectionStringParameterPollution 

  • OPT.SWIFT.SECURITY.SensitiveCoreData 

  • OPT.SWIFT.SECURITY.PasswordInCommentRule 

  • OPT.SWIFT.SECURITY.HttpParameterPollutionRule

  • OPT.SWIFT.SECURITY.NoSQLInjection

 


  • No labels