Release Notes - 1.1
1.1.0-alpha2
Note
Update psalm (master branch, commit e72fb5a2b31e606abd525f867696c5ba5bf7451b)
Other Updates
| Details |
|---|
| Psalm standard error is now redirected to cast.analysers.log with a [psalm stderr] prefix. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1034054 | TRUE | Avoid parsing XML data without restriction of XML External Entity Reference (XXE) (PHP) |
| 1034056 | TRUE | Avoid using hard-coded HMAC keys (PHP) |
| 1034058 | TRUE | Avoid uncontrolled sleep calls (PHP) |
1.1.0-alpha1
Other Updates
| Details |
|---|
| Switch to Psalm master branch (commit 96d83947615641734a5baa181d44da7f10ee0246) which will be the future version 6.x. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1034024 | TRUE | Avoid second order SQL injection (PHP) |
| 1034026 | TRUE | Avoid second order code injection (PHP) |
| 1034028 | TRUE | Avoid second order LDAP injection (PHP) |
| 1034030 | TRUE | Avoid second order OS command injection (PHP) |
| 1034032 | TRUE | Avoid second order PHP Remote File Inclusion |
| 1034034 | TRUE | Avoid second order cookie injection (PHP) |
| 1034036 | TRUE | Avoid second order file path manipulation (PHP) |
| 1034038 | TRUE | Avoid cross-site scripting (persistent) (PHP) |
| 1034040 | TRUE | Avoid second order deserialization injection (PHP) |
| 1034042 | TRUE | Avoid second order HTTP header injection (PHP) |
| 1034044 | TRUE | Avoid second order server-side request forgery (PHP) |
| 1034046 | TRUE | Avoid second order reflection injection (PHP) |
| 1034048 | TRUE | Avoid using insufficient random generator (PHP) |
| 1034050 | TRUE | Avoid XPath injection (PHP) |
| 1034052 | TRUE | Avoid second order XPath injection (PHP) |