Introduction

This article describes the known issues of the recent releases of Lucent Sky AVM.

More Information

This is a list of known issues of the current and previous releases of Lucent Sky AVM, including the symptoms, impacted versions, workarounds, and fixes.

Licensing

When a pending scan is deleted, the entire pending scan queue becomes stuck

When a pending scan is deleted, sometimes the entire pending scan queue becomes stuck. The occurrence of this issue is extremely rare.

This is due to a timing bug in queue management.

This issue impacts 1903, and has been fixed in 1912 MR.

Pre-analysis

Extended pre-analysis time for certain applications

When analyzing certain applications, especially those with large resource files, the pre-analysis time is greatly extended.

This issue impacts 1909 MR and SU1, and has been fixed in 1912 MR.

Build

.NET web site scan failed with result -49999990

When scanning a .NET web site, the scan failed with the result code -49999990. Additionally, the compilation logs include the following: An unexpected error has occurred. The correlation ID is c8ebd46a-f8dc-43b8-a94c-dd9c046c5b1c.

This is an issue related to the way .NET web sites are detected.

This issue impacts 1810, and has been fixed in 1811 MR.

Ant log entries were saved to the generic scan log file instead of Ant log file

When building a Java application with Ant, build log entries were saved to the generic log file (ScanId.log) instead of Ant log file (ScanId-Ant.log). Additionally, when a scan failed due to Ant build errors, Ant log is not available to download on the Web UI.

This issue impacts 1811 SU3, and has been fixed in 1903 MR.

The Configuration and OutputPath build properties cannot be set with scan arguments

When building a .NET applications, if the BuildProperties scan argument contains Configuration or OutputPath, the scan will either fail to start or ignore the build properties.

This issue impacts versions between 1903 MR and 1906 MR, and has been fixed in 1909 MR.

Ant build fails when a custom runtime is selected

When building a Java application with Ant and a custom runtime is selected, the build fails because JSP compilation issues.

This issue is due to the built-in Tomcat runtime being unavailable when a custom runtime is selected.

This issue impacts 1912 MR, and is expected to be fixed in 1912 SU1.

Maven build does not save build output to log files

When building a Java application with Maven, the build output might not be properly save to log files.

This issue is due to an issue in the encoding conversion mechanism for log files.

This issue impacts 1912 MR and SU1, and has been fixed in 2003 MR.

Analysis

Scan appears to be stuck when analyzing applications with certain minimized JavaScript code

When scanning applications that contain JavaScript code files that were minimized with a few combination of minimizer and parameters, the scan might appear to be stuck for an exceedingly long time.

To workaround this issue, manually exclude the impacted files from the scan.

This issue impacts versions from 1806 to 1906 MR, and has been fixed in 1909 MR.

Suppressed results reappear in C# applications scanned with source code analysis

When scanning a C# application with only source code analysis, previously suppressed results may reappear.

This is an issue related to the suppression algorithm in C# source code analysis engine.

This issue impacts versions between 1807 and 1811 MR, and has been fixed in 1811 SU1.

Scanning .NET Core projects fails with result code -62300001 (BinaryAnalysis_Error_ValidILNotFound)

When scanning some .NET Core projects with explicitly specified project file, the scan might fail with result code -62300001 (BinaryAnalysis_Error_ValidILNotFound).

This is an issue related to the binary file detection mechanisms. When a project file was explicitly specified, Lucent Sky AVM uses the project file to locate the primary assembly file of the project. Some .NET Core project do not specify a primary assembly file in their project files.

To workaround this issue, do not explicitly specify a project file and let Lucent Sky AVM automatically detect it.

This issue impacts 1811 MR and SU1, and has been fixed in 1811 SU2.

Files skipped during Python analysis marked as analyzed

When syntax errors in a Python file caused it to be skipped during Python analysis, the file is still marked as being analyzed.

The issue impacts versions between 1909 MR and 1912 SU1, and has been fixed in 2003 MR.

Reporting

The Priority attribute is set at an incorrect level in XML reports

When generating an XML report, the Priority attribute of a Result is sometime generated at the InstantFix element instead of the Result element.

This issue impacts 1811 MR, SU1 and SU2, and has been fixed in 1811 SU3.

JavaScript syntax highlighting is not available in HTML reports

Statements of JavaScript might not be properly highlighted in HTML reports. In addition, an error message ‘Couldn’t find brush for: jscript’ might appear.

This issue impacts 1903 MR, and has been fixed in 1903 SU1.

The file list in the reports has incorrect analysis marking

The file list in the HTML, PDF, and XML reports might not have the correct marking to indicate the analyses conducted on files.

This issue impacts 1903 MR, and has been fixed in 1903 SU1.

Remediation

Remediation becomes stuck when paths in the application archive have more than 158 characters

The remediation process appears to stuck when the paths in the application archive have more than 158 characters.

This issue impacts all recent versions up to 1811 SU2, and has been fixed in 1811 SU3.

Remediated vulnerabilities in remediation information are displayed in the wrong order

When remediating an application with the ‘Include mitigation info’ option enabled, remediated vulnerabilities in remediation information are displayed in the wrong order (such as CWE359, CWE79 mitigated instead of CWE79, CWE359 mitigated).

This issue impacts 1906 MR, and is expected to be fixed in 1906 SU1.

Interface

The Query method in the CLI is using the legacy priority calculation algorithm

The Query method in the CLI is using the legacy priority calculation algorithm. This results in inconsistency of the priority score between CLI queries and other interfaces and reports.

This issue impacts all versions between 1807 and 1811 SU2, and has been fixed in 1811 SU3.

Project list does not load when the Web UI is opened in the background

When opening the project list or the scan list, if the browser tab is in the background, the list does not load.

This is an issue related to the AJAX API calls.

This issue impacts 1811 MR and most earlier versions, and has been fixed in 1811 SU1.

System information shows version 1812 when the instance is running 1811 SU1

The system information page shows the current version as 1812 (5.8.4100) when the instance is running 1811 SU1 (5.8.4100). Additionally, the generated reports also show version 1812 instead of 1811 SU1.

This is an issue related to the new Minor Release/Servicing Update release rhythm.

This issue impacts 1811 SU1, and has been fixed in 1811 SU2.

Report and Remediate options appear in the Action Bar when they are not available

When viewing a completed scan on the Web UI, the Report and Remediate options appear in the Action Bar even though they are not available.

This issues impacts 1903 MR, and has been fixed in 1903 SU1.

Logs from scans conducted on versions before 1912 MR is unavailable on the CLI or the Web UI

When downloading logs from scans that were conducted on versions before 1912 MR using the CLI or the Web UI, an error message indicates the log files are not available

This issue is due to the change of log naming schemes in 1912 MR. To workaround this issue, download the log files from the instance running CLEAR Engine.

This issues impacts 1909 SU1 and earlier versions, when updated to 1912 MR or later versions.

Multi-line remediation suggestion shows irrelevant line number

If a remediation suggestion has multiple lines, irrelevant line numbers are shown for the second and higher lines. This is a cosmetic issue and does not impact remediated source code.

This issue impacts 1909 SU1 and earlier versions, and has been fixed in 1912 MR.

Error when navigating to a result hidden due to license limitation

When navigating to a result hidden due to license limitation, the page shows An error has occurred.

This issue impacts 1909 SU1 and earlier versions, and has been fixed in 1912 MR.

Error 36001062 occurred when downloading logs using the CLI or the Web UI

When downloading logs using the CLI or the Web UI, error 36001062 occurred.

This issue is due to a bug in log4net, a logging library used by Lucent Sky AVM.

This issues impacts 1912 MR and SU1, and is expected to be fixed in 2003 MR. A hotfix is also available for 1912 SU1.

The batch delete function on the Web UI returns DATA_ERROR even when the operation completed successfully

When deleting applications in batch on the Web UI, the operation sometimes return a data error even when it has completed successfully.

This issue impacts all currently supported versions. To workaround this issue, ignore the returned data error message.

Administration

Unable to update from Lucent Sky AVM version 1807

When updating an instance running Lucent Sky AVM version 1807, the update process failed with the error message: SkyAnalyzer.Engine.Installer has stopped working.

This is an issue related to the data migration process. Although it prevents the direct update from Lucent Sky AVM version 1807 to version 1811, it will not cause any data loss.

To workaround this issue, first uninstall Lucent Sky AVM version 1807, then install Lucent Sky AVM version 1811.

This issue impacts 1811 MR and has been fixed in 1811 SU1.

Web UI update fails if storage root is set to a drive other than C:\

When updating an instance using the Web UI, the update fails if storage root is set to a drive other than C:\.

This issue impacts 1811 SU1 and earlier releases, and has been fixed in 1811 SU2.

The source of CLEAR Engine events is shown as ‘Service1’ in Windows Events

The source of events generated by CLEAR Engine is shown as ‘Service1’ instead of ‘CLEAR Engine’ in Windows Events.

This issue impacts 1811 MR and SU1, and has been fixed in 1811 SU2.

Rule package is not properly installed when CLEAR Engine setup was interrupted and resumed

When installing CLEAR Engine for the first time, if the setup program was interrupted and resumed, the rule package might not be properly installed.

To workaround this issue, do not resume the setup program if it was interrupted. Instead, uninstall the installed components, delete the installation directory (C:\Program Files\Lucent Sky), and start the setup program again.

This issue impacts 1903 MR and SU1, and has been fixed in 1906 MR. Instances that were updated to 1903 MR or SU1 from an earlier version are not impacted.

The ‘DiagnosticSettings’ and ‘MaxDegreeOfParallelism’ settings are not preserved during an update

If the DiagnosticSettings setting is set in SkyAnalyzer.config, it is reset to the default value (empty) when updating to a new version.

If the MaxDegreeOfParallelism setting is set in SkyAnalyzer.config, it is reset to the default value 1 when updating to a new version.

This issue impacts 1909 SU1 and earlier releases, and has been fixed in 1912 MR.

The ‘Encoding’ setting is not preserved during an update

If the Encoding setting is set in SkyAnalyzer.config, it is reset to the default value (empty) when updating to a new version.

This issue impacts 2003 MR and earlier releases, and will be resolved in a future release.