VCG Changelog
What's new in VCG 1.5.1
Jun 4, 2013- New features:
- New facility to scan VB code (including ASP.NET code).
- Additional checks in Java scan:
- a) Unsafe usage of doPrivileged blocks.
- b) Unsafe use of RequestDispatcher.
- c) Entity Expansion deliberately enabled.
- d) Mathematical operations on primitive data types, use of user-controlled variables in mathematical operations on primitive data types (Risk of overflow)
- e) Checking that filestream resources are released correctly in try ... catch blocks.
- Additional checks for default error messages and .NET debugging in the web.config file for C# and VB code.
- Bugfixes:
- Improvements to the check for insecure use of Response.Redirect in ASP code.
- Fixes to the check for case-insensitive password matching in ASP C# code.
- Some improvements to the GUI:
- a) Menu items for scanning the code only enabled when target files are loaded.
- b) Colour coding added to 'Standard Level' issues to aid readability and to stop this section appearing as a block of black text.
- Fix to broken regex in Java scan.
New in VCG 1.3.0.0 (Jan 17, 2013)
- Major change: C# code can now be scanned
- Bugfixes and improvements:
- C++ - Signed/Unsigned comparison detection used to return false positives. This has been modified to reduce the number of blatant false positivies but further improvements will be made in the near future.
- The Results window now shows any code included in the description in a different font for clarity (Courier New)
- There are some scanning improvements: C++ - The buffer overflow detection has undergone further improvements.