Main features of this release are:
|
A new version of CQM has been released that incorporate new rules (as detailed below). CQM is the default Model (i.e. a concrete set of active and pre-configured rules):
You can find new rules by comparing this release of CQM against previous version. A detailed description of the behavior of these new rules is available in rule’s description. |
A new version of Kiuwan Engine has been released that incorporates bug fixes, performance and reliability improvements in rules and parsers. Kiuwan Engine is the binary code executed when an analysis is run.
|
This new Kiuwan Engine provides support for .NET Xamarin platform (Microsoft framework for developing multi-device mobile apps in C# for Android, iOS, MacOS and Windows mobile platforms).
Kiuwan engine is now aware of security-relevant items in Xamarin APIs, providing mappings for input elements in user-defined interfaces (via XAML in Xamarin.Forms) so they are properly considered as user-controlled input.
OPT.SWIFT.SECURITY.PasteboardCachingLeak
OPT.SWIFT.SECURITY.PasswordInConfigurationFile
OPT.SWIFT.SECURITY.PotentialInfiniteLoop
OPT.SWIFT.SECURITY.URLSchemeHijacking
OPT.SWIFT.SECURITY.HardcodedUsernamePassword
OPT.SWIFT.SECURITY.PlaintextStorageInACookieRule
OPT.SWIFT.SECURITY.SerializableClassContainingSensitiveData
OPT.SWIFT.SECURITY.ThirdPartyKeyboardAllowed
OPT.SWIFT.SECURITY.UncheckedInputInLoopCondition
OPT.SWIFT.SECURITY.ExecutionAfterRedirect
OPT.SWIFT.SECURITY.SensitiveSQL
OPT.SWIFT.SECURITY.SensitiveNoSQL
OPT.SWIFT.SECURITY.InsecureTemporaryFile
OPT.SWIFT.SECURITY.ConnectionStringParameterPollution
OPT.SWIFT.SECURITY.SensitiveCoreData
OPT.SWIFT.SECURITY.PasswordInCommentRule
OPT.SWIFT.SECURITY.HttpParameterPollutionRule