This release enhances Mute management, API functionality, and IDE support, along with key bug fixes for further improvements. Additionally, Kiuwan Cloud Analyzer has been deprecated to continue focusing on enhancing Kiuwan Local Analyzer (KLA) for better performance.
Read on for the full details of this update for SaaS:
- Engine: master.p691.q13413.a1914.i658
- KLA: master.p691.q13413
Known Issue
When executing the Kiuwan Local Analyizer CLI, and the analysis directory does not contain any analyzable file extensions, the CLI does not exit properly and instead throws a java.lang.NullPointerException along with a stack trace.
This error does not affect the results of Kiuwan's analysis and only occurs as the CLI is attempting to close. Users may still use the CLI to its full capabilities.
We are working to resolve this issue as quickly as possible and will update the Kiuwan Local Analyzer as soon as a fix is implemented.
Improvements
- Implementation of the rule “Improper Neutralization of Special Elements used in an SQL Command” (SQL injection) in ASP.NET applications
- Kiuwan has implemented the rule “Improper Control of Remote Code Execution” for JavaScript
- Added ‘Accepted Risk’ as an option in the ‘Why’ field when creating Mutes
- API now supports retrieving a scan’s results by nativeId
- The Kiuwan for Developers (K4D) plugins now support the latest versions of Android Studio and IntelliJ IDEA
Bugs
- Resolved a Stack Overflow error resulting from some PHP scans
- Fixed sample code for rule OPT.CSHARP.SqlInjection
- Fixed an issue where Kiuwan fails to parse some C# extension methods properly
- Fixed sample code for rule OPT.GO.SECURITY.ServerInsecureTransport
- Log4j warning no longer displays when launching the Kiuwan Local Analyzer (KLA)
Other Changes
- Kiuwan Cloud Analyzer has been deprecated. Users are encouraged to transition to Kiuwan Local Analyzer for all their analysis needs.