Release Notes - 2.12
2.12.1-funcrel
Fixes/Bugs
| Customer Ticket Id | Customer Details |
|---|---|
| Fixes missing DynamoDB tables. | |
| Fixes missing Azure ServiceBus Publisher and SQL Query objects. After running the analysis for the first time with this fix, some of these objects may be assigned new GUIDs. As a result, the old objects will appear as missing and are replaced by the new ones. | |
| Fixes missing link to NodeJs SQL query. | |
| Improves accuracy of rule: 1020704 - Avoid using string concatenation when using __dirname and __filename | |
| Improves accuracy of rule: 1020700 - Avoid the lack of error handling in the Node.js callbacks |
Enhancement/Improvements
| Customer Ticket Id | Customer Details |
|---|---|
| Saves the link property "triggeredBy" with the name of the API triggering the call to persistence objects (Tables, Collections, Buckets…). | |
| Removes treatment of 'request', 'request-promise', 'request-promise-any', 'request-promise-native'. They are already computed by HTML5/Javascript extension. | |
| Updates the description of NodeJS External Library. | |
| Removes incorrect exclusion criteria that previously prevented certain relevant JavaScript source files from being analyzed. This enhances object resolution and linking, and adjusts the scope of all rules. Updates the description of total scope population for affected rules, replacing "NodeJS artifacts" with "JavaScript artifacts." |
2.12.0-funcrel
Other Updates
| Details |
|---|
| Fixes a traceback error seen in the analysis log: "AttributeError: 'NoneType' object has no attribute 'is_assignment'". |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1020720 | FALSE | Fixes an issue causing false violations of the rule "Avoid unsecure connection to the Node.js server". |
| 1020718 | FALSE | Fixes an issue causing false violations of the rule "Ensure that browser cannot cache or store a page". |
| 1020712 | FALSE | Fixes an issue causing false violations of the rule "Ensure the X-Frame-Options header is setup (Node.js)". |
| 1020710 | FALSE | Fixes an issue causing false violations of the rule "Ensure the X-XSS-Protection header is enabled". |
| 1020708 | FALSE | Fixes an issue causing false violations of the rule "Ensure the X-Powered-By header is disabled". |
| 1020706 | FALSE | Fixes an issue causing false violations of the rule "Ensure the Content-Security-Policy is activated (Node.js)". |
2.12.0-beta2
Other Updates
| Details |
|---|
| Updates for Hapi modelization and support. |
2.12.0-beta1
Other Updates
| Details |
|---|
| Updates the vendor for persistence frameworks. |
| Updates and improvements for Knex modelization and support. |
New Support
| Summary | Details |
|---|---|
| Sequelize used as an ORM is now supported. | Sequelize framework used as an ORM is now supported. See here . |