JEE Rules - 2.0
Extension ID
com.castsoftware.jeerules
What’s new?
See JEE Rules - 2.0 - Release Notes for more information.
Description
This extension provides additional rules for JEE technology and related Frameworks supported by com.castsoftware.jee . These rules are compliant with CWE and OWASP TOP 10 Standards for Security. These rules are in addition to other rules provided for JEE.
Isofunctionality
Compared to versions 1.x, the support of the two following rules has been dropped in versions 2.x:
- 1039016 “Avoid Unvalidated URL Redirect”
- 1039058 “Avoid generating key with insufficient random generator in cookies”
If you wish to continue monitoring such vulnerabilities in your code, please consider using extension com.castsoftware.securityanalyzer which contains the following rules:
- 8446 “Avoid URL redirection to untrusted site”
- 8242 “Avoid using insufficient random values for cookies”
Structural rules
The following structural rules are provided:
| Release | Link |
|---|---|
| 2.0.0-alpha1 | https://technologies.castsoftware.com/rules?sec=srs_jeerules&ref=||2.0.0-alpha1 |
Function Point, Quality and Sizing support
| Item | Supported | Description |
|---|---|---|
| Function Points (transactions) | ❌ | A green tick indicates that OMG Function Point counting and Transaction Risk Index are supported. |
| Quality and Sizing | ✔️ | A green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist. |
Compatibility
| CAST Imaging Core | Supported |
|---|---|
| 8.3.x | ✔️ |
Download and installation instructions
When using CAST Imaging Console and your application contains JEE/Java code, the extension will be automatically downloaded and installed for you:
Packaging, delivering and analyzing your source code
Once the extension is downloaded and installed, there is nothing specific to do: ensure your code is analyzed with com.castsoftware.jee and the rules will be triggered.