Page History

...

• QAK-6751 - The engine now uses log4j version from the "reload4j" library version 1.2.25. This improves the performance and reliability of the logging mechanism used by the engine.
• QAK-6786 - Improved the detection rule for commented code in the Natural language (rule "OPT.NATURAL.NAT_MAN.RemoveCommentedCode"). This rule may not have found commented-out code lines. The engine now checks if any line of code is commented out and reports it as a violation. This rule detects commented Natural code blocks.
• QAK-6821 - The engine now supports negation operation in the Natural language (IF #SOMETHING ¬= 'NOTHING' is an example of a negation operation in the Natural language). The engine now understands how to use logical operators like NOT and XOR in natural language expressions.
• QAK-6936 - Updated the version of the slf4j library to 1.7.36. eCore, to provide logging functionality.
• SAS-5556  Improve Portfolio edition time 
• SAS-5824  Change default value for new customers
• SAS-5786  Add log traces to InsightResportHandler and used classes
• SAS-5502  Add applications check box in access permissions
• SAS-5505  Allow deleting a single rule from checkpoints/audit
• SAS-6788 - Kiuwan Insights main Base Score from CVSS2 to CVSS3
• SAS-6913 - Implement ZK Upload Patch
• QAK-6737 - The engine now supports source file encoding using Windows code pages under Linux machines.
• SAS-6522  Show the number of applications
• SAS-6785  Add a Rule name field to an endpoint in REST-API

Parsing Errors

• QAK-6780 Resolved parsing issue in Natural language on "PROTOTYPE" statement due to an unexpected token "END" that could not be recognized by the language parser.
• QAK-6787 Resolved parsing error in Natural language files related to "READ WORK FILE" statements.
• QAK-6798 Fixed parsing errors in Natural language files related to the "END" token.
• QAK-6800 Resolved parsing issue in Natural language when encountering "HANDLE OF OBJECT” at "DEFINE DATA" statement.
• QAK-6820 Resolved parsing issue in Natural language on handling the "MARK" keyword.
• QAK-6822 Resolved parsing issue in Natural language on handling the "VALUE 1 ,2" statement or similar statements.
• QAK-6829 Resolved parsing errors in PL/SQL language while analyzing a PL/SQL file with the reserved word "WORK".
• QAK-6863 Resolved parsing errors in Natural language files containing the reserved keyword "REL."
• QAK-6866 Resolved an issue of not parsing Natural language files with "EXAMINE" followed by two "GIVING" clauses.
• QAK-6873 Resolved errors in the analysis of execution logs related to Java.
• QAK-6874 Resolved a parsing error when analyzing T-SQL file containing "FOR JSON PATH" statements.
• QAK-6876 Resolved an issue in Natural language related to fields-to-table assignment.
• QAK-6879 Resolved the parsing issue in the Natural language related to "PERFORM" keyword with additional keywords, such as "PERFORM READ".
• QAK-6882 Resolved a parsing issue in Natural language related to "FOR" statement with a plus (+) character.
• QAK-6934 Resolved parsing issue in Natural language on "STARTING WITH ISN" statement.

REST API Enhancements

REST API Enhancements

• Add attribute 'muted' for the endpoint /insights/analysis/security GET method
• New endpoint: GET /applications/mutepatterns
• New endpoint: GET /applications/{application}/defect/{defectId}/firstdate
• New parameter for GET /apps/analysis/{code}/defects endpoint to filter muted status
• Add PDF download to life cycle and rest API to obtain the pdf. New endpoint GET /audits/result/componentsPDF 
• New parameters for GET/insights/analysis/summary/export endpoint 
• New endpoint GET/auditResult/components
• New endpoint POST/applications/defects/mute
• Change return status for PUT /users/{username} endpoint when some of the applications in the request list do not exist
• GET/stats endpoint returns new "24hlocs" value.

Parsing Errors

• QAK-6780 Resolved parsing issue in Natural language on "PROTOTYPE" statement due to an unexpected token "END" that could not be recognized by the language parser.
• QAK-6787 Resolved parsing error in Natural language files related to "READ WORK FILE" statements.
• QAK-6798 Fixed parsing errors in Natural language files related to the "END" token.
• QAK-6800 Resolved parsing issue in Natural language when encountering "HANDLE OF OBJECT” at "DEFINE DATA" statement.
• QAK-6820 Resolved parsing issue in Natural language on handling the "MARK" keyword.
• QAK-6822 Resolved parsing issue in Natural language on handling the "VALUE 1 ,2" statement or similar statements.
• QAK-6829 Resolved parsing errors in PL/SQL language while analyzing a PL/SQL file with the reserved word "WORK".
• QAK-6863 Resolved parsing errors in Natural language files containing the reserved keyword "REL."
• QAK-6866 Resolved an issue of not parsing Natural language files with "EXAMINE" followed by two "GIVING" clauses.
• QAK-6873 Resolved errors in the analysis of execution logs related to Java.
• QAK-6874 Resolved a parsing error when analyzing T-SQL file containing "FOR JSON PATH" statements.
• QAK-6876 Resolved an issue in Natural language related to fields-to-table assignment.
• QAK-6879 Resolved the parsing issue in the Natural language related to "PERFORM" keyword with additional keywords, such as "PERFORM READ".
• QAK-6882 Resolved a parsing issue in Natural language related to "FOR" statement with a plus (+) character.
• QAK-6934 Resolved parsing issue in Natural language on "STARTING WITH ISN" statement
• Add attribute 'muted' for the endpoint /insights/analysis/security GET method
• New endpoint: GET /applications/mutepatterns
• New endpoint: GET /applications/{application}/defect/{defectId}/firstdate
• New parameter for GET /apps/analysis/{code}/defects endpoint to filter muted status
• Add PDF download to life cycle and rest API to obtain the pdf. New endpoint GET /audits/result/componentsPDF 
• New parameters for GET/insights/analysis/summary/export endpoint 
• New endpoint GET/auditResult/components
• New endpoint POST/applications/defects/mute
• Change return status for PUT /users/{username} endpoint when some of the applications in the request list do not exist
• GET/stats endpoint returns new "24hlocs" value.

Fixed Issues

• SAS-5625 OOM with Insights analysis
• SAS-5787 Fix long computation times with empty group + artifact dependency when computing obsolescence in Kiuwan
• QAK-6707 Add .jsx extension in the default configuration
• QAK-6694 Upgrade libraries for running under Java 16
• QAK-6706 COBOL preprocessor script: Deploy for KLA
• QAK-6640 Add support for VUE framework
• QAK-6642 Possible false positives in rule OPT.CPP.CERTC.EXP33
• QAK-6643 Possible false positive in rule OPT.CPP.CorrectUseMemoryLeaks
• QAK-6662 Possible false positive on rule OPT.C.CERTC.STR31
• QAK-6664 Parsing error JCL
• QAK-6666 [FP] OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule
• QAK-6683 False positive / no sense datapath on Java rule: Trust boundary violation
• QAK-6687 False positives in Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
• QAK-6690 Review EAR rules for the rest of technologies (Go, Kotlin, Objective-C, PHP, Python, Scala)
• QAK-6691 Inconsistent results for rule "OPT.JAVA.SPRING.AvoidBeansWithTheSameIdAcrossDiferentDescriptors"
• QAK-6692 False positive "Evaluate integer expressions in a larger size before comparing or assigning to that size" in C file
• QAK-6694 Upgrade libraries for running under Java 16
• QAK-6695 CWETOP25:2010:13 should be removed
• QAK-6698 Update CWETOP25 tags to 2021 version
• QAK-6699 Bug in PHP rule: Avoid unused private fields
• QAK-6700 COBOL paser errors (AcuCOBOL)
• QAK-6701 False positive of PT.JAVA.SEC_JAVA.CodeInjectionWithDeserializationRule (ZD-4720)
• QAK-6703 COBOL Tandem parse errors
• QAK-6704 False positive in OPT.KOTLIN.UnreachableCode
• QAK-6706 COBOL preprocessor script
• QAK-6707 Adding .jsx extension in the default configuration
• QAK-6708 Analysis Failing when trying with Java returned 1 and AN-1 errors on both KLA and cloud
• QAK-6709 Bug on the rule "Follow the limit for number of return statements"
• QAK-6710 Fix dependency issues in power script parser and rules
• QAK-6711 [FP] OPT.JAVA.SEC_JAVA.PotentialInfiniteLoop
• QAK-6712 Possible false positive in the rule OPT.JAVA.FMETODOS.SAOP
• QAK-6713 Possible false positive in the rule: OPT.JAVA.DECLARA.UCDC
• QAK-6714 Possible false positive in rule OPT.CPP.CERTC.EXP33
• QAK-6717 New OWASP ranking
• QAK-6720 Parsing Error in .VB File
• QAK-6722 False positive on Prevent denial of service attack through malicious regular expression ('Regex Injection') (ZD-5002)
• QAK-6723 Parse errors in COBOL app
• QAK-6724 Unable to parse cobol file: Error at line 1: Encountered: $COPYRIGHT
• QAK-6725 Parsing Error in .4gl (Informix) files
• QAK-6727 False positive in OPT.NATURAL.NAT_PF.UseWithLimitClauseInReadAndFind
• QAK-6728 False positive Improper Control of Generation of Code ('Code Injection') (ZD-5068).
• QAK-6729 COBOL Parse error: Encountered EXEC PBCF
• FOG-249 INS - Failure detecting components (null components)
• FOG-250 glob-base / preserve lost components
• FOG-251 False Negative: CVE-2021-21252 - jQuery Validation Plugin
• FOG-252 Missing CVE reference in Insights component
• FOG-253 Possible error in Insight Vulnerability CVE-2021-23406
• QAK-6714  Possible false positives in rule OPT.CPP.CERTC.EXP33
• QAK-6730  Parsing error in Natural source
• QAK-6734  False positives OPT.CPP.DontUseCast
• QAK-6739  COBOL Parse errors due to errors in margin detection
• QAK-6741  Getting Natural Parser error while parsing
• QAK-6742  Update language support - Kotlin 1.6.0
• QAK-6744  False positive "Password input field is not masked" while analyzing HTML file
• QAK-6746  False positive of OPT.PLSQL.GEN_PLSQL.NDFException (ZD-5306)
• QAK-6748  False positive of OPT.PLSQL.GEN_PLSQL.GER2 (ZD-5310)
• QAK-6750  Parse error in Natural source
• QAK-6760  COBOL parse errors: REPORT and TYPE as user identifiers
• QAK-6761  Error when generating the AST: DEFINE FUNCTION
• QAK-6763  False Negatives OPT.NATURAL.NAT_MAN.AvoidDebuggingWriteInOnlineProgs
• QAK-6764  Natural parser error
• QAK-6765  False positive OPT.NATURAL.NAT_PF.AvoidFindReadWithHold
• QAK-6768  AST generation error with RECORD
• QAK-6769  COBOL Parse Error - 'WITH NO ADVANCING'
• SAS-5592  Remove reference to Kayako ticket from KLA log
• SAS-5838  Add timeout for KLA uploads to Kiuwan Server
• SAS-5950  Increment timeout limit in KLA from 24h to 4d
• SAS-5627  Insights Sysadmin console induces OOM
• SAS-5891  Duplicate key storing Insights' Hibernate DependencyBean
• SAS-5515  Export CSV of defects with filters in incorrect Life Cycle
• SAS-5519  Add "central configuration removed" event to the Activity Log
• SAS-5518  No-admin user has 'remove central config' button enabled
• SAS-5517  Centralized configuration disappears when the owner's account is transferred to another user
• SAS-5521  Improved error message for REST-API calls when Kiuwan server is busy with analysis
• SAS-5508  Filter for mute pattern list
• SAS-5364  Ability to hide/show CS/CA/LC/INSIGHTS product menus
• SAS-5420  Audit report is missing columns available in the portal
• SAS-5583  Wrong IMPACT METRICS (A) vulnerability value in Insight PDF document
• SAS-5582  Wrong LAST MODIFIED vulnerability value in Insight PDF document
• SAS-6322  Fix empty CSV exported in Insights
• SAS-6751 Report QRCWAPT, issue 2 - File
• SAS-6750 Report QRCWAPT, issue 1 - Script
• SAS-6589 Avoid duplicate promotions
• SAS-6588 Catch AnalysisNotFoundException for insight rest endpoint
• SAS-6581 Avoid NPE when adding notes to defects with "none" status
• SAS-6579 Fix defect notes propagation bug
• SAS-6460 Unable to view muted lines for developers no "mute defects" role
• SAS-6313 Password recover page showing error when pressing enter
• SAS-5560 Feature Request for Action Plans and Jira
• SAS-4955 Rules compare is not working as expected: missing modified rules
• SAS-5373 Rules compare is not working as expected when new parameters in rule definition
• SAS-5685 Avoid too long computation time searching for all the childs
• SAS-4896 Add action to Insight permissions to enable admin options in users management
• SAS-5595 Improve delete portfolios time operation for large accounts
• SAS-6288 OWASP Link in the rules are throwing 404 error
• SAS-5882 Not working mutes in third-party languages (ruby) imported reports
• SAS-6589 Avoid duplicate delivery promotions
• SAS-6588 Error in insight list components rest endpoint
• SAS-6581 NPE when creating a note for a defect with "None" status
  
• SAS-6874 Quota limit REST-API passed too fast for accounts with low applications limit
• SAS-5490 Lines of Code for a project
• SAS-6447 New API endpoint to get info from Activity
• SAS-5585 "Status" filter malfunction
• SAS-5512 Mute pattern only shows last change
• SAS-5619 Make "Muted” and “MutedReason" filters behavior coherent
• SAS-5612 Missing options in REST API model for applications
• SAS-6773 - INSIGHTS components CSV/pdf report download issue
• QAK-6867 - Fixed an error in generating AST tree with Angular components (the parser was not generating the AST tree correctly; there are closing tags that do not have their corresponding generated opening in the tree). The engine now correctly parses and generates AST trees for Angular components.
• QAK-6738 - Fixed the VB.net parsing error that occurred when trying to parse the code with DIM XElement statement. The engine now recognizes the correct syntax for declaring an XElement object.
• SAS-6827 Users get deactivated without reason
• SAS-6851 XML External Entity Injection (XXE)
• SAS-6852 Reflected Cross-Site Scripting (XSS)
• SAS-6853 Insecure Direct Object Reference
• SAS-6859 KLA - Sensitive Data Stored Insecure
• SAS-5421  The Subscription page is immediately updated without delay
• SAS-6781  KLA in Linux leaves files in /tmp which are not deleted upon finishing the analysis
• SAS-6796  Language filter for language "other" is not working in REST API
• SAS-6802  Used scans of an account do not show in Kiuwan Sales Console
• SAS-6827  Users get deactivated without reason
• SAS-6948  The "Consumed LOC" increased by the wrong value after scanning the application

...