Contents:
Angular dynamic components We have expanded our JavaScript support. This release allows you to check for dynamic components that were built in an Angular Framework. The underlying vulnerability from using dynamic components construction is not different from other "eval injection" issues, review the following links for more information: |
JSX ReactAlso, in our JavaScript support, we had partial support for React. Now, this support is extended with JSX technology. JSX, or JavaScript XML, is an XML-like syntax extension to ECMAScript part of the React library. The complete specification can be checked at Draft: JSX Specification. The following elements have been identified as potential security flaws and detected by the existing JS rules:
In React, the HTML code is embedded into the JS code, so the HTML code must be checked to mark sources, sinks, or neutralization (For example: <input> elements). Also, the embedded HTML code is analyzed by Kiuwan with the rules from the HTML technology. The following existing checks might be applied: OPT.HTML.AutocompleteOnForSensitiveFields. OPT.HTML.MissingPasswordFieldMasking. OPT.HTML.TargetBlankVulnerability. OPT.HTML.SandboxAllowScriptsAndSameOrigin. OPT.HTML.SpecifyIntegrityAttribute. |
Jenkins Kiuwan plugin updateKiuwan has its plugin to integrate with a Jenkins environment: This new version includes the following updates:
|
Other bug fixes and improvements
|