Puma Scan’s 0.9.2.0 release includes major performance improvements in the data flow / taint analysis engine, introduces several new security analyzers, and squashes a few bugs in existing analyzers.
End User Edition requires Visual Studio v15.9 or higher
Server Edition requires a Windows Server with the .NET Framework v4.7.1 and Build Tools for Visual Studio 2017 installed.
Major performance enhancements to the data flow and taint analysis engine.
Bug fix: SEC0029 - Deserialization: Binary Formatter was not correctly performing taint analysis as strings were converted to byte array. This rule was reconfigured to raise diagnostics as a dangerous function call. Taint analysis will be re-added in a future release.
Bug fix: Fixed the reporting engine to correctly display custom rule risk rating (severity) levels.
Rule Enhancement: SEC0017 - Identity Weak Password Complexity upgraded to locate .NET Core password misconfigurations.
Rule Enhancement: SEC0105 - Unencoded Label Text upgraded to support add assignment expressions.
Rule Enhancement: SEC0025, SEC0027, SEC0028 upgraded to support object creation expressions.
Bug fix: The installation wizard failed on Windows Server 2016 Standard without .NET 4.7.1. The installer was fixed to install the appropriate prerequisites before moving forward.
Bug fix: Fix to stop command line calls from crashing if the report output directory did not exist. The directory will automatically be created going forward.