Changes in results post upgrade - 8.3.23

Summary: this page lists:

  • Impacts of changes made to AIP Core 8.3.23 on Quality Model results post upgrade
  • Other impacts of changes made in AIP Core 8.3.23

All changes in results related to extensions are now listed in the extension documentation and will not appear in this page.

Impacts of changes made in AIP Core 8.3.23 on Quality Model results post upgrade

VisualBasic

Utilization of "DoEvents" inside a loop - 2586 - has been disabled

The VisualBasic rule Utilization of "DoEvents" inside a loop - 2586 has been disabled out of the box in this release of AIP Core. This means that:

  • The rule is still listed in the Assessment Model so that results for previous snapshots can be viewed in the CAST dashboards
  • The rule has been renamed and "DELETED" has been added as a prefix
  • The rule will no longer be triggered in any new snapshots taken with 8.3.23 or above therefore changes in grades/overall numbers of violations may change
  • The rule will no longer contribute to any parent Technical Criteria

Mainframe - Cobol

Never truncate data in MOVE statements - 7688

A bug has been fixed with regard to the Cobol rule Never truncate data in MOVE statements - 7688 and a change has been made to the way in which numeric signs are handled to avoid false positive violations of the rule:

  • The first "-" is now considered as the sign.
  • Commas are now detected as decimal points.

 As a result of these changes, some impact to existing results is to be expected when re-analyzing existing source code: false positive violations will be reduced, therefore changing grades but providing improved accuracy.

Other impacts of changes made in AIP Core 8.3.23

JEE

Change to support of org.springframework.jdbc for User Input Security

In previous releases of AIP Core, support of the API org.springframework.jdbc for the User Input Security feature relied on automatic blackboxing. In AIP Core ≥ 8.3.23, this has now changed and static rules will be used instead. As a result of these changes, some impact to existing results is to be expected when re-analyzing existing source code with the User Input Security feature: additional positive violations of related rules are likely, therefore changing grades but providing improved accuracy.

Miscellaneous

Variations in the number of violations between two consecutive snapshots with the same source code

A bug has been fixed which was causing varying numbers of violations to be displayed for certain User Input Security related rules between two consecutive snapshots of the same application with unchanged source code. This was due to a bug causing different paths to be calculated for a given entrypoint. As a results of this fix, some impact to existing results is to be expected when re-analyzing existing source code with the User Input Security feature: number of violations may change again, but will be stable in future snapshots.