...
- QAK-6751 - The engine now uses log4j version from the "reload4j" library version 1.2.25. This improves the performance and reliability of the logging mechanism used by the engine.
- QAK-6786 - Improved the detection rule for commented code in the Natural language (rule "OPT.NATURAL.NAT_MAN.RemoveCommentedCode"). This rule may not have found commented-out code lines. The engine now checks if any line of code is commented out and reports it as a violation. This rule detects commented Natural code blocks.
- QAK-6821 - The engine now supports negation operation in the Natural language (IF #SOMETHING ¬= 'NOTHING' is an example of a negation operation in the Natural language). The engine now understands how to use logical operators like NOT and XOR in natural language expressions.
- QAK-6936 - Updated the version of the slf4j library to 1.7.36. eCore, to provide logging functionality.
- SAS-5556 Improve Portfolio edition time
- SAS-5824 Change default value for new customers
- SAS-5786 Add log traces to InsightResportHandler and used classes
- SAS-5502 Add applications check box in access permissions
- SAS-5505 Allow deleting a single rule from checkpoints/audit
- SAS-6788 - Kiuwan Insights main Base Score from CVSS2 to CVSS3
- SAS-6913 - Implement ZK Upload Patch
- QAK-6737 - The engine now supports source file encoding using Windows code pages under Linux machines.
- SAS-6522 Show the number of applications
- SAS-6785 Add a Rule name field to an endpoint in REST-API
Parsing Errors
- QAK-6780 Resolved parsing issue in Natural language on "PROTOTYPE" statement due to an unexpected token "END" that could not be recognized by the language parser.
- QAK-6787 Resolved parsing error in Natural language files related to "READ WORK FILE" statements.
- QAK-6798 Fixed parsing errors in Natural language files related to the "END" token.
- QAK-6800 Resolved parsing issue in Natural language when encountering "HANDLE OF OBJECT” at "DEFINE DATA" statement.
- QAK-6820 Resolved parsing issue in Natural language on handling the "MARK" keyword.
- QAK-6822 Resolved parsing issue in Natural language on handling the "VALUE 1 ,2" statement or similar statements.
- QAK-6829 Resolved parsing errors in PL/SQL language while analyzing a PL/SQL file with the reserved word "WORK".
- QAK-6863 Resolved parsing errors in Natural language files containing the reserved keyword "REL."
- QAK-6866 Resolved an issue of not parsing Natural language files with "EXAMINE" followed by two "GIVING" clauses.
- QAK-6873 Resolved errors in the analysis of execution logs related to Java.
- QAK-6874 Resolved a parsing error when analyzing T-SQL file containing "FOR JSON PATH" statements.
- QAK-6876 Resolved an issue in Natural language related to fields-to-table assignment.
- QAK-6879 Resolved the parsing issue in the Natural language related to "PERFORM" keyword with additional keywords, such as "PERFORM READ".
- QAK-6882 Resolved a parsing issue in Natural language related to "FOR" statement with a plus (+) character.
- QAK-6934 Resolved parsing issue in Natural language on "STARTING WITH ISN" statement.
REST API Enhancements
REST API Enhancements
- Add attribute 'muted' for the endpoint /insights/analysis/security GET method
- New endpoint: GET /applications/mutepatterns
- New endpoint: GET /applications/{application}/defect/{defectId}/firstdate
- New parameter for GET /apps/analysis/{code}/defects endpoint to filter muted status
- Add PDF download to life cycle and rest API to obtain the pdf. New endpoint GET /audits/result/componentsPDF
- New parameters for GET/insights/analysis/summary/export endpoint
- New endpoint GET/auditResult/components
- New endpoint POST/applications/defects/mute
- Change return status for PUT /users/{username} endpoint when some of the applications in the request list do not exist
- GET/stats endpoint returns new "24hlocs" value.
Parsing Errors
- QAK-6780 Resolved parsing issue in Natural language on "PROTOTYPE" statement due to an unexpected token "END" that could not be recognized by the language parser.
- QAK-6787 Resolved parsing error in Natural language files related to "READ WORK FILE" statements.
- QAK-6798 Fixed parsing errors in Natural language files related to the "END" token.
- QAK-6800 Resolved parsing issue in Natural language when encountering "HANDLE OF OBJECT” at "DEFINE DATA" statement.
- QAK-6820 Resolved parsing issue in Natural language on handling the "MARK" keyword.
- QAK-6822 Resolved parsing issue in Natural language on handling the "VALUE 1 ,2" statement or similar statements.
- QAK-6829 Resolved parsing errors in PL/SQL language while analyzing a PL/SQL file with the reserved word "WORK".
- QAK-6863 Resolved parsing errors in Natural language files containing the reserved keyword "REL."
- QAK-6866 Resolved an issue of not parsing Natural language files with "EXAMINE" followed by two "GIVING" clauses.
- QAK-6873 Resolved errors in the analysis of execution logs related to Java.
- QAK-6874 Resolved a parsing error when analyzing T-SQL file containing "FOR JSON PATH" statements.
- QAK-6876 Resolved an issue in Natural language related to fields-to-table assignment.
- QAK-6879 Resolved the parsing issue in the Natural language related to "PERFORM" keyword with additional keywords, such as "PERFORM READ".
- QAK-6882 Resolved a parsing issue in Natural language related to "FOR" statement with a plus (+) character.
- QAK-6934 Resolved parsing issue in Natural language on "STARTING WITH ISN" statement
- Add attribute 'muted' for the endpoint /insights/analysis/security GET method
- New endpoint: GET /applications/mutepatterns
- New endpoint: GET /applications/{application}/defect/{defectId}/firstdate
- New parameter for GET /apps/analysis/{code}/defects endpoint to filter muted status
- Add PDF download to life cycle and rest API to obtain the pdf. New endpoint GET /audits/result/componentsPDF
- New parameters for GET/insights/analysis/summary/export endpoint
- New endpoint GET/auditResult/components
- New endpoint POST/applications/defects/mute
- Change return status for PUT /users/{username} endpoint when some of the applications in the request list do not exist
- GET/stats endpoint returns new "24hlocs" value.
Fixed Issues
- SAS-5625 OOM with Insights analysis
- SAS-5787 Fix long computation times with empty group + artifact dependency when computing obsolescence in Kiuwan
- QAK-6707 Add .jsx extension in the default configuration
- QAK-6694 Upgrade libraries for running under Java 16
- QAK-6706 COBOL preprocessor script: Deploy for KLA
- QAK-6640 Add support for VUE framework
- QAK-6642 Possible false positives in rule OPT.CPP.CERTC.EXP33
- QAK-6643 Possible false positive in rule OPT.CPP.CorrectUseMemoryLeaks
- QAK-6662 Possible false positive on rule OPT.C.CERTC.STR31
- QAK-6664 Parsing error JCL
- QAK-6666 [FP] OPT.JAVA.SEC_JAVA.CrossSiteScriptingRule
- QAK-6683 False positive / no sense datapath on Java rule: Trust boundary violation
- QAK-6687 False positives in Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- QAK-6690 Review EAR rules for the rest of technologies (Go, Kotlin, Objective-C, PHP, Python, Scala)
- QAK-6691 Inconsistent results for rule "OPT.JAVA.SPRING.AvoidBeansWithTheSameIdAcrossDiferentDescriptors"
- QAK-6692 False positive "Evaluate integer expressions in a larger size before comparing or assigning to that size" in C file
- QAK-6694 Upgrade libraries for running under Java 16
- QAK-6695 CWETOP25:2010:13 should be removed
- QAK-6698 Update CWETOP25 tags to 2021 version
- QAK-6699 Bug in PHP rule: Avoid unused private fields
- QAK-6700 COBOL paser errors (AcuCOBOL)
- QAK-6701 False positive of PT.JAVA.SEC_JAVA.CodeInjectionWithDeserializationRule (ZD-4720)
- QAK-6703 COBOL Tandem parse errors
- QAK-6704 False positive in OPT.KOTLIN.UnreachableCode
- QAK-6706 COBOL preprocessor script
- QAK-6707 Adding .jsx extension in the default configuration
- QAK-6708 Analysis Failing when trying with Java returned 1 and AN-1 errors on both KLA and cloud
- QAK-6709 Bug on the rule "Follow the limit for number of return statements"
- QAK-6710 Fix dependency issues in power script parser and rules
- QAK-6711 [FP] OPT.JAVA.SEC_JAVA.PotentialInfiniteLoop
- QAK-6712 Possible false positive in the rule OPT.JAVA.FMETODOS.SAOP
- QAK-6713 Possible false positive in the rule: OPT.JAVA.DECLARA.UCDC
- QAK-6714 Possible false positive in rule OPT.CPP.CERTC.EXP33
- QAK-6717 New OWASP ranking
- QAK-6720 Parsing Error in .VB File
- QAK-6722 False positive on Prevent denial of service attack through malicious regular expression ('Regex Injection') (ZD-5002)
- QAK-6723 Parse errors in COBOL app
- QAK-6724 Unable to parse cobol file: Error at line 1: Encountered: $COPYRIGHT
- QAK-6725 Parsing Error in .4gl (Informix) files
- QAK-6727 False positive in OPT.NATURAL.NAT_PF.UseWithLimitClauseInReadAndFind
- QAK-6728 False positive Improper Control of Generation of Code ('Code Injection') (ZD-5068).
- QAK-6729 COBOL Parse error: Encountered EXEC PBCF
- FOG-249 INS - Failure detecting components (null components)
- FOG-250 glob-base / preserve lost components
- FOG-251 False Negative: CVE-2021-21252 - jQuery Validation Plugin
- FOG-252 Missing CVE reference in Insights component
- FOG-253 Possible error in Insight Vulnerability CVE-2021-23406
- QAK-6714 Possible false positives in rule OPT.CPP.CERTC.EXP33
- QAK-6730 Parsing error in Natural source
- QAK-6734 False positives OPT.CPP.DontUseCast
- QAK-6739 COBOL Parse errors due to errors in margin detection
- QAK-6741 Getting Natural Parser error while parsing
- QAK-6742 Update language support - Kotlin 1.6.0
- QAK-6744 False positive "Password input field is not masked" while analyzing HTML file
- QAK-6746 False positive of OPT.PLSQL.GEN_PLSQL.NDFException (ZD-5306)
- QAK-6748 False positive of OPT.PLSQL.GEN_PLSQL.GER2 (ZD-5310)
- QAK-6750 Parse error in Natural source
- QAK-6760 COBOL parse errors: REPORT and TYPE as user identifiers
- QAK-6761 Error when generating the AST: DEFINE FUNCTION
- QAK-6763 False Negatives OPT.NATURAL.NAT_MAN.AvoidDebuggingWriteInOnlineProgs
- QAK-6764 Natural parser error
- QAK-6765 False positive OPT.NATURAL.NAT_PF.AvoidFindReadWithHold
- QAK-6768 AST generation error with RECORD
- QAK-6769 COBOL Parse Error - 'WITH NO ADVANCING'
- SAS-5592 Remove reference to Kayako ticket from KLA log
- SAS-5838 Add timeout for KLA uploads to Kiuwan Server
- SAS-5950 Increment timeout limit in KLA from 24h to 4d
- SAS-5627 Insights Sysadmin console induces OOM
- SAS-5891 Duplicate key storing Insights' Hibernate DependencyBean
- SAS-5515 Export CSV of defects with filters in incorrect Life Cycle
- SAS-5519 Add "central configuration removed" event to the Activity Log
- SAS-5518 No-admin user has 'remove central config' button enabled
- SAS-5517 Centralized configuration disappears when the owner's account is transferred to another user
- SAS-5521 Improved error message for REST-API calls when Kiuwan server is busy with analysis
- SAS-5508 Filter for mute pattern list
- SAS-5364 Ability to hide/show CS/CA/LC/INSIGHTS product menus
- SAS-5420 Audit report is missing columns available in the portal
- SAS-5583 Wrong IMPACT METRICS (A) vulnerability value in Insight PDF document
- SAS-5582 Wrong LAST MODIFIED vulnerability value in Insight PDF document
- SAS-6322 Fix empty CSV exported in Insights
- SAS-6751 Report QRCWAPT, issue 2 - File
- SAS-6750 Report QRCWAPT, issue 1 - Script
- SAS-6589 Avoid duplicate promotions
- SAS-6588 Catch AnalysisNotFoundException for insight rest endpoint
- SAS-6581 Avoid NPE when adding notes to defects with "none" status
- SAS-6579 Fix defect notes propagation bug
- SAS-6460 Unable to view muted lines for developers no "mute defects" role
- SAS-6313 Password recover page showing error when pressing enter
- SAS-5560 Feature Request for Action Plans and Jira
- SAS-4955 Rules compare is not working as expected: missing modified rules
- SAS-5373 Rules compare is not working as expected when new parameters in rule definition
- SAS-5685 Avoid too long computation time searching for all the childs
- SAS-4896 Add action to Insight permissions to enable admin options in users management
- SAS-5595 Improve delete portfolios time operation for large accounts
- SAS-6288 OWASP Link in the rules are throwing 404 error
- SAS-5882 Not working mutes in third-party languages (ruby) imported reports
- SAS-6589 Avoid duplicate delivery promotions
- SAS-6588 Error in insight list components rest endpoint
- SAS-6581 NPE when creating a note for a defect with "None" status
- SAS-6874 Quota limit REST-API passed too fast for accounts with low applications limit
- SAS-5490 Lines of Code for a project
- SAS-6447 New API endpoint to get info from Activity
- SAS-5585 "Status" filter malfunction
- SAS-5512 Mute pattern only shows last change
- SAS-5619 Make "Muted” and “MutedReason" filters behavior coherent
- SAS-5612 Missing options in REST API model for applications
- SAS-6773 - INSIGHTS components CSV/pdf report download issue
- QAK-6867 - Fixed an error in generating AST tree with Angular components (the parser was not generating the AST tree correctly; there are closing tags that do not have their corresponding generated opening in the tree). The engine now correctly parses and generates AST trees for Angular components.
- QAK-6738 - Fixed the VB.net parsing error that occurred when trying to parse the code with DIM XElement statement. The engine now recognizes the correct syntax for declaring an XElement object.
- SAS-6827 Users get deactivated without reason
- SAS-6851 XML External Entity Injection (XXE)
- SAS-6852 Reflected Cross-Site Scripting (XSS)
- SAS-6853 Insecure Direct Object Reference
- SAS-6859 KLA - Sensitive Data Stored Insecure
- SAS-5421 The Subscription page is immediately updated without delay
- SAS-6781 KLA in Linux leaves files in /tmp which are not deleted upon finishing the analysis
- SAS-6796 Language filter for language "other" is not working in REST API
- SAS-6802 Used scans of an account do not show in Kiuwan Sales Console
- SAS-6827 Users get deactivated without reason
- SAS-6948 The "Consumed LOC" increased by the wrong value after scanning the application
...