Contents
Engine
QAK-5221
OPT.VB6.VBDC.VGNU low performance for one analysis.
QAK-5593
XML detected wrongfully as oracle forms.
QAK-5615
New rule CWE-759-Use of a One-Way Hash without a Salt.
QAK-5683
C files not parsed correctly.
QAK-5735
False Negative in "Guarantee that copies are made into storage of sufficient size" rule.
QAK-5921
False positive in OPT.CSHARP.PathTraversal and rule documentation improvement
QAK-5922
Other language with the DUP code rule.
QAK-5926
OPT.HTML.ObsoleteElements rule improvement.
QAK-5928
OPT.HTML.AddLabelForInputField rule improvement.
QAK-6024
CORS coverage improvement.
QAK-6162
@Override considered in the "Always use specific exceptions in the throws clause" rule.
QAK-6277
KLA crash with Java analysis over JSP files.
QAK-6347
False negatives in Everis-IT_Cpp.
QAK-6365
A log warning is shown when CCN is below the threshold and may lead to a low performance.
QAK-6414
OPT.JSP.SEC_JSP.TargetBlankVulnerability rule improvements.
QAK-6416
False positives in OPT.PYTHON.DJANGO.InsecureDirectObjectReferences rule.
QAK-6417
OPT.JAVA.SEC_JAVA.OpenRedirectRule improvement.
QAK-6418
Incorrect JSP/Razor (cshtml) data path lines.
QAK-6419
False positive in OPT.C.CERTC.MEM00 rule.
QAK-6422
Removed metafiles DTD files for specific technologies.
QAK-6425
CWE:400 'Regex Injection' instead of CWE:185.
QAK-6426
False positive in OPT.PLSQL.GEN_PLSQL.NDFexception.
QAK-6427
False negative in OPT.JAVASCRIPT.CrossSiteScripting.
QAK-6430
False negative in OPT.C.CERTC.EXP34 rule.
QAK-6437
False negative in OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule.
QAK-6440
OPT.PHP.HttpSplitting rule enhancement.
QAK-6445
Rule OPT.XML.XSLT_MAN.NOUSEDPARAM only shows the last defect.
QAK-6446
Typescript not parsed correctly.
QAK-6447
Possible regression problems when analyzing Java files.
QAK-6448
Nullpointer in custom rule using com.als.core.rule.MetricThresholdsRule.
QAK-6452
Issue when analyzing with the rule OPT.COBOL.MAN_COBOL.VLIN: VALUES not aligned.
QAK-6454
False positive in the OPT.JAVA.IO.CS OPT.JAVA.IO.CS rule.
QAK-6456
Tainting propagation in method arguments improvement (.NET).
QAK-6457
Missing DataPath in OPT.CSHARP.OpenRedirect.
QAK-6458
.NET custom metadata malfunction for static method calls definitions.
QAK-6459
False positive in OPT.PYTHON.RELIABILITY.UnreachableCode.
QAK-6460
False positive "Avoid calling magic methods" in Python rule.
QAK-6463
C# parsing error in CSHTML files “MismatchedTokenException” has been fixed.
QAK-6464
Possible false positive in OPT.JAVA.CONV.ObjectTypeVerification.
QAK-6465
Kiuwan Local Analyzer does not execute JavaScript rules when there are only JSP files in basedir.
QAK-6468
OPT.ASPNET.CredentialsMisconfiguration error causes hardcoded password visibility.
QAK-6469
OPT.XML.XSLT_MAN.NONUSEDVARIABLES enhancement.
QAK-6470
OPT.JAVA.SEC_JAVA.SqlInjectionRule and metadata libraries support improvement.
QAK-6471
False negative in OPT.XML.XSLT_MAN.EFFICIENTUSEOFCHOOSE.
QAK-6473
False negative in OPT.VBNET.VBnet.RemoveUnusedLocals.
QAK-6477
False negative in OPT.JAVA.SEC_JAVA.XmlEntityInjectionRule.
QAK-6478
False negative in OPT.JAVASCRIPT.ERRORCOMUN.UnusedLocalVar.
QAK-6479
OPT.JSP.SEC_JSP.SpecifyIntegrityAttribute rule improvement.
QAK-6483
Unable to analyze application due timeout killed the sub-process java.lang.NullPointerException and high ccn complexity in several files.
QAK-6485
JavaScript not parsed correctly.
QAK-6486
Two validations done in integration tests should be moved to standard rule test, and testImplementationClassExist() should test something.
QAK-6487
Swift 5 Language supported version enhancement.
QAK-6489
RPG not parsed correctly when using EndSr opcode as the user identifier.
QAK-6490
False positives in OPT.JAVA.RGME.EAOF.
QAK-6491
Upgrade support for C# from v7 to v8.
QAK-6492
Add support for MatchKind.fullsignature in VB.NET CallSignature.getMethodPredicate().
QAK-6495
COBOL file not parsed correctly.
QAK-6496
Parsing error in Cobol caused by the SWCOPY command.
QAK-6497
SQL file not parsed correctly.
QAK-6498
VB file not parsed correctly.
QAK-6500
CS file not parsed correctly.
QAK-6501
COBOL parsing error: “TYPE clause in data-description entry”.
QAK-6502
False positive in OPT.PLSQL.SEC.WeakSymmetricEncryptionAlgorithm.
QAK-6503
NPE and OOM error while analyzing C++ and Java application.
QAK-6504
TypeScript Technology not parsed correctly.
QAK-6505
Few .tsx files not parsed correctly.
QAK-6506
False positive in GamoraDevOps application.
QAK-6509
False positive in Helios application.
QAK-6512
Strict dataflow analysis limit in OPT.COBOL.SEC.DynamicStorageLeakRule when complexity threshold exceeded.
QAK-6513
Add support for 'this' receiver paramenter (Java 8).
QAK-6526
OOM errors when analyzing Typescript.
QAK-6533
StackOverflowError IndirectTaintingSitesTask.
Kiuwan Local Analyzer
QAK-5593
rules_oracleforms.key error does not exist.
QAK-6511
Cobol file not parsed correctly.
SAS-4155
KLA filter rules by priority.
Kiuwan
SAS-5152
When user deletes an analysis without label, many are hidden in the list
SAS-5184
After the user logins for the first time, it's required to change the default password.
SAS-5213
Compare of Models is not matching correctly when the user "manually" returns the default values.
SAS-5321
After installing custom rule, the rule active status is NOK.
SAS-5323
Error when uploading only a jar file of custom rules.
SAS-5325
Error when downloading defects PDF in apps with large amounts of defects.
SAS-5326
Error in Insights checkpoint and partial delivery.
SAS-5390
Error in email notification after creating a new user.
SAS-5434
Explanation with invalid character cannot be inserted into DB.
SAS-5435
High memory consumption in session.
SAS-5437
Many alert notification sent when cannot connect to REDIS cluster.
SAS-5446
Distribution request to MongoDB from the mongo client in Kiuwan.
SAS-5450
The Endpoint /apps/list takes 116 seconds.