New Build of CAT.NET (Version - 1.1.1.9) – Please Upgrade
Syed Aslam Basha here…..I am a tester on the Information Security Tools team.
There is a new build of CAT.NET Version 1.1.1.9 now available for download on MSDN (32 bit here and 64 bit here). We recommend *ALL* users upgrade to this latest release, a bug fix and minor improvements build. As well as some functional bugs we have updated the Encodings.xml file so that AntiXSS, Httputility, Httpserverutility and IOsec methods (now superseded but still in use) libraries will no longer produce false positives.
In Summary
Library |
Method |
Is it part of encodings.xml? |
Anti-XSS |
GetNormalizedHtml |
Yes |
Anti-XSS |
GetSafeHtml |
Yes |
Anti-XSS |
GetSafeHtmlFragment |
Yes |
Anti-XSS |
HtmlAttributeEncode |
Yes |
Anti-XSS |
HtmlEncode |
Yes |
Anti-XSS |
JavaScriptEncode |
No |
Anti-XSS |
UrlEncode |
Yes |
Anti-XSS |
VisualBasicScriptEncode |
No |
Anti-XSS |
XmlAttributeEncode |
NO |
Anti-XSS |
XmlEncode |
NO |
IOSec |
AsNumeric |
No |
IOSec |
AsUrl |
Yes |
IOSec |
EncodeHtml |
Yes |
IOSec |
EncodeHtmlAttribute |
NO |
IOSec |
EncodeXml |
Yes |
IOSec |
EncodeXmlAttribute |
Yes |
IOSec |
EncodeJs |
No |
IOSec |
EncodeVbs |
No |
HttpUtility |
HtmlAttributeEncode |
Yes |
HttpUtility |
HtmlDecode |
Yes |
HttpUtility |
HtmlEncode |
Yes |
HttpUtility |
UrlDecode |
Yes |
HttpUtility |
UrlDecodeToBytes |
No |
HttpUtility |
UrlEncode |
Yes |
HttpUtility |
UrlEncodeToBytes |
No |
HttpUtility |
UrlEncodeUnicode |
No |
HttpUtility |
UrlEncodeUnicodeToBytes |
No |
HttpUtility |
UrlPathEncode |
Yes |
HttpServerUtility |
HtmlDecode |
Yes |
HttpServerUtility |
HtmlEncode |
Yes |
HttpServerUtility |
UrlDecode |
Yes |
HttpServerUtility |
UrlEncode |
Yes |
HttpServerUtility |
UrlPathEncode |
Yes |
HttpServerUtility |
UrlTokenDecode |
No |
HttpServerUtility |
UrlTokenEncode |
No |
A full list of changes can be found in the changelog in the new build.
- Syed
Comments
Anonymous
June 29, 2009
What's the Anti-XSS version it use? I couldn't found the "GetNormalizedHtml" method in the Anti-XSS 3.0Beta.Anonymous
July 02, 2009
Have you guys fixed the memory consumption issues yet? We had to abandon usage of this simply because it consistently ran out of memory on our 4GB build server for anything other than a simple project.Anonymous
July 09, 2009
Clively, that will come with CAT.NET 2.0 (ETA 6 months to complete but 3 - 4 for betas). Complete new engine / algorithm design so we address that and make it totally scaleable. Andreas made a recent post about some of the ideas being considered.