Softpedia >Windows >Programming >Other Programming Files >VisualCodeGrepper >  Changelog

VisualCodeGrepper Changelog

What's new in VisualCodeGrepper 1.6.1.0

May 23, 2014
  • New features:
  • Improvements to GUI
  • Graph display is optional
  • Reminder to select required language before scanning
  • Scan for dangerous use of parse_str in PHP
  • Bugfixes:
  • Some improvements to detection of signed/unsigned comparisons in C/C++ (this still brings back some false positives)

New in VisualCodeGrepper 1.5.1 (Jun 10, 2013)

  • New features:
  • New facility to scan VB code (including ASP.NET code).
  • Additional checks in Java scan:
  • Unsafe usage of doPrivileged blocks.
  • Unsafe use of RequestDispatcher.
  • Entity Expansion deliberately enabled.
  • Mathematical operations on primitive data types, use of user-controlled variables in mathematical operations on primitive data types (Risk of overflow)
  • Checking that filestream resources are released correctly in try ... catch blocks.
  • Additional checks for default error messages and .NET debugging in the web.config file for C# and VB code.
  • Bugfixes:
  • Improvements to the check for insecure use of Response.Redirect in ASP code.
  • Fixes to the check for case-insensitive password matching in ASP C# code.
  • Some improvements to the GUI:
  • Menu items for scanning the code only enabled when target files are loaded.
  • Colour coding added to 'Standard Level' issues to aid readability and to stop this section appearing as a block of black text.
  • Fix to broken regex in Java scan.

New in VisualCodeGrepper 1.5.0 (May 31, 2013)

  • New features:
  • New facility to scan VB code (including ASP.NET code).
  • Additional checks in Java scan:
  • Unsafe usage of doPrivileged blocks.
  • Unsafe use of RequestDispatcher.
  • Entity Expansion deliberately enabled.
  • Mathematical operations on primitive data types, use of user-controlled variables in mathematical operations on primitive data types (Risk of overflow)
  • Checking that filestream resources are released correctly in try ... catch
  • blocks.
  • Additional checks for default error messages and .NET debugging in the web.config file for C# and VB code.
  • Bugfixes:
  • Improvements to the check for insecure use of Response.Redirect in ASP code.
  • Fixes to the check for case-insensitive password matching in ASP C# code.
  • Some improvements to the GUI:
  • Menu items for scanning the code only enabled when target files are loaded.
  • Colour coding added to 'Standard Level' issues to aid readability and to stop this section appearing as a block of black text.

New in VisualCodeGrepper 1.4.3 (Apr 16, 2013)

  • Important bug fix
  • There is a very important update to eliminate a bug which resulted in false positives and false negatives in the buffer overflow detection for C++ code. You should use the latest version for any C++ scans. There are some additional searches for weak ciphers.

New in VisualCodeGrepper 1.4.2 (Mar 25, 2013)

  • Fix for a bug which prevented checkbox state from being correctly maintained for
  • filtered results.
  • C++ - Signed/Unsigned comparison has been modified to further reduce the number of false positivies.
  • Improved SQL injection detection in PL/SQL scan.
  • "Transactional controls" now have a more appropriate rank and description for PL/SQL scan.
  • Improved XSS detection in Java scan.

New in VisualCodeGrepper 1.4.1 (Feb 21, 2013)

  • V1.4.1 fixes a major bug which prevented the XML export from working and minor bugs in the rich text results sorting.

New in VisualCodeGrepper 1.4.0 (Feb 12, 2013)

  • UI changes:
  • The application no longer loads new files immediately after clicking a directory in the list view. This should make things less annoying, remove a minor bug and allow you to select a previous directory and then modify it slightly without having to wait for files to load.
  • Results can now be filtered by Severity.
  • It is now possible to export both complete versions and filtered versions of results to XML.
  • The listview/results table now allows items to be marked to assist in the review process. A checkbox is provided which highlights the item in green to allow marking of false positives, reviewed items, etc.
  • Issues ranked as 'Low' are now shown in 'grey-blue' in the rich text display to distinguish them from issues ranked as 'Standard'.
  • Bugfixes and improvements:
  • C++ - Signed/Unsigned comparison has been modified to further reduce the number of false positivies (possible further improvements to be made)
  • Fix to remove false positives for 'Exception Throw in Destructor' in C++ scan.

New in VisualCodeGrepper 1.3.1.0 (Jan 29, 2013)

  • some minor bugfixes to prevent '/*/' breaking the comment parsing
  • reduce false positives in the detection of signed/unsigned comparisons for C/C++ code.

New in VisualCodeGrepper 1.3.0.0 (Jan 17, 2013)

  • Major change:
  • C# code can now be scanned
  • Bugfixes and improvements:
  • C++ - Signed/Unsigned comparison detection used to return false positives. This has been modified to reduce the number of blatant false positives but further improvements will be made in the near future.
  • The Results window now shows any code included in the description in a different font for clarity (Courier New)
  • There are some scanning improvements:
  • C++ - The buffer overflow detection has undergone further improvements.

New in VisualCodeGrepper 1.2.0.0 (Dec 20, 2012)

  • Changes and improvements include the following bugfixes:
  • Fix to prevent issues when setting a new target directory - previously File=>New... was triggering an event in the drop down list of files causing
  • reloading of directories.
  • There are some scanning improvements:
  • Java - Improved SQL injection scanning.
  • Java - It should also now locate some potential deadlock conditions (this is not expected or meant to be comprehensive but it will find some of them)
  • Other additions:
  • The rich text in the main Results window can now be sorted on severity or
  • filename.
  • Improved export to/import from XML.
  • Right-clicking an item in the summary table now allows a user to load the file in its associated application or load it at the given line number in Notepad++.
  • The results summary table can now be sorted on multiple columns. Right-click and then choose the columns.

New in VisualCodeGrepper 1.1.0.0 (Dec 11, 2012)

  • Improvements:
  • All issues now start with default text to indicate their severity to make searches easier.
  • Ctrl + F is now tied to the search function for the Results pane.
  • There are some scanning improvements:
  • Java - I've made some changes to the XSS scanning so it should now catch a type of occurrence that it was missing before (it worked against obvious examples in my test file)
  • Java - It should also now locate some potential race conditions (this is not expected or meant to be comprehensive but it will find some of them)
  • Java - Reports large synchronized blocks of code to help reduce risk of unnecessary locking of resources.
  • C++ - It now recognizes signed/unsigned comparisons
  • Other additions:
  • More shortcut keys: F5 or Ctrl+R = Scan
  • Results can be exported to/imported from XML (not that useful at the moment but it's there if you want it :-) )
  • Double clicking an item in the summary table loads the file in its associated application
  • You can now report by severity (only show items higher than standard or higher than low, etc.) There's a drop-down list in the options screen for this
  • GUI modification to show a progress bar when loading files and saving results in order to improve user experience.