Feature Improvements
.NET
Rules
Avoid using untyped DataSet - 7460
The rule Avoid using untyped DataSet - 7460 (which is delivered as part of AIP, rather than the .NET Analyzer extension) has been set as deactivated and detached by default. Therefore after an upgrade to CAST AIP 8.3.14 and the generation of a post-upgrade consistency snapshot, results may differ: the rule will no longer be triggered during an analysis.
Avoid NoSQL injection on MongoDB (C#) - 8418 and Avoid second order SQL injection - 8420
The rules Avoid NoSQL injection on MongoDB (C#) - 8418 and Avoid second order SQL injection - 8420 (which are delivered as part of AIP, rather than the .NET Analyzer extension) are now set as "critical" by default. Therefore after an upgrade to CAST AIP 8.3.14 and the generation of a post-upgrade consistency snapshot, results may differ: there may be an increase in critical violations and a corresponding decrease in non-critical violations.
.NET Framework 4.7.1 now installed by CAST AIP setup
When running the the CAST AIP setup and a previous release of CAST AIP is NOT already present on the target workstation (i.e. a "from scratch installation"), the CAST AIP setup will now automatically install the .NET Framework 4.7.1 if it (or a more recent version of the framework) is not present on the target workstation.
Notes:
- When running the CAST AIP setup and a previous release of CAST AIP is already present on the target workstation (i.e. "Service Pack installation"), the CAST AIP setup will NOT install .NET Framework 4.7.1 even if it (or a more recent version of the framework) is not present on the target workstation. In this scenario, it is the responsibility of the end-user to install the required .NET Framework.
- The .NET Framework 4.7.1 or higher is present out-of-the box with latest updates on Windows 10 and Windows Server 2016.
JEE
Rules
Avoid multiple validation form with the same name - 7364
The rule Avoid multiple validation form with the same name - 7364 (which is delivered as part of AIP, rather than the JEE Analyzer extension) has been set as deactivated and detached by default. Therefore after an upgrade to CAST AIP 8.3.14 and the generation of a post-upgrade consistency snapshot, results may differ: the rule will no longer be triggered during an analysis.
CSSOptimize tool -user option
The option -user has been deprecated and should no longer be used. Instead, please use the option -username (available in AIP ≥ 8.3.13) if you need to specify a user other than Operator. See Maintenance activities for CAST Storage Service and PostgreSQL.
CSS Upgrade Wizard
It is now possible to select multiple schemas for for upgrade instead of having to select them on-by-one. Use the SHIFT + arrow keys to select the items, then SPACE to check/uncheck them:
Resolved Issues
The following table lists all bugs fixed in CAST AIP 8.3.14
| Ticket ID | Situation | Symptoms | Internal ID |
|---|---|---|---|
| 17086 | When attempting to use the Extension Downloader behind a McAfee web gateway proxy. | The Extension Downloader is unable to communicate with CAST's Extend service due to the presence of the gateway proxy. | AIPCORE-29 |
| 17226;17080;17081;17181;17182 | When looking at the results of the rule "Avoid using untyped DataSet - 7460". | The rule often generates a lot of false positives, therefore it has been decided to deactivate the rule. | AIPCORE-298 |
| 17664 | When looking at the results of a packaging action in the CAST Delivery Manager Tool (DMT) when packaging mixed Eclipse and Maven based Java code and when multiple exclusion rules are in force in the DMT. | It is not possible to understand why the CAST Delivery Manager Tool favours one project over another when multiple exclusion rules are in force. | AIPCORE-15 |
| 18079 | When using CAST Architecture Checker to build a layer/set based on a PowerBuilder analysis unit (analysis unit name = X). | The layer/set contains no objects. | AIPCORE-34 |
| 18081 | When attempting to open CAST Enlighten, and selecting only one Analysis Unit for display. | CAST Enlighten goes into "not responding" for around an hour. | AIPCORE-38 |
| 18171 | When looking at the CAST Transaction Configuration Center post upgrade. | There are duplicate entries in the Transaction Configuration nodes. | AIPCORE-290 |
| 18256 | When attempting to upgrade a Measurement Service schema using Servman CLI. | The upgrade fails. | AIPCORE-288 |
