Engine Pack Version 9.6.2
CxSAST Engine
Languages & Frameworks
All supported code Languages & Frameworks versions are viewable here.
PHP
PHP language support is GA and has been enhanced with the latest features in version 8.2, including the following:
APEX
Apex has been improved by adding support for Summer API 58.0 to reduce false positives.
The following queries were updated to support Assert Class (API 58.0):
Apex_Force_com_Code_Quality\Test_Assert_Without_Message
Apex_Force_com_Code_Quality\Test_Methods_With_No_Assert
Python
In 9.6.2, brand-new support for Marshmallow, a Python library, was added. The given support is based on CxQL queries only.
VB.Net
VB.Net support has been updated to version 16.9.
Java
Java support has been improved by adding the capability of scanning .yml and .yaml files for Java Spring frameworks.
Four methods to search for nodes on those yaml/yml files (language agnostic) were added to CxQL API:
FindYamlNodesByKey
FindYamlNodesByValue
FindYamlNodesByKeyAndValue
Both extensions (.yml and .yaml) were added as recognized when scanning Java Spring frameworks.
AWS Lambdas
AWS Lambdas support has been improved by adding and updating existing queries.
Go
Added AWS Lambda Inputs to Interactive Inputs.
Updated queries to improve DynamoDB and S3 support.
Improved queries:
:Medium_Risk: Go_AWS_Lambda\Permission_Manipulation_In_S3.
:Low_Risk: Go_AWS_Lambda\Unrestricted_Read_S3.
:Low_Risk: Go_AWS_Lambda\Unrestricted_Write_S3.
Java
AWS Lambda inputs were added to Interactive and Stored inputs.
Updated queries to improve DynamoDB and S3 support.
JavaScript
Updated queries to improve DynamoDB support.
Python
Added AWS Lambda inputs as interactive inputs.
Added AWS Lambda S3 sanitizers to queries:
:Low_Risk: Python_AWS_Lambda\Unrestricted_Read_S3
:Low_Risk: Python_AWS_Lambda\Unrestricted_Write_S3
New query added to improve S3 support:
:Low_Risk: Python_AWS_Lambda\Unrestricted_Delete_S3
Renamed query:
:Medium_Risk: Python_AWS_Lambda\Race_Condition_Concurrent_Instances to Python_AWS_Lambda\Race_Condition_Global_Scope
Scanning unsupported files - New error code
Notice
In the upcoming version, 9.6.3, the error code that is generated when attempting to scan files that are not supported will be modified. The current error code, denoted as -1, will be replaced by the new error code, 60.
To ensure a seamless transition and prevent potential errors, we strongly recommend to:
Carefully review your existing pipelines and workflows.
Identify whether there are any configurations or dependencies relying on the current error code.
It is essential to make the necessary adjustments to your configurations before upgrading to version 9.6.3. By making these changes, you will be able to avoid any disruptions caused by the change in error code and ensure the continued smooth operation of your processes.
Presets Removal
The presets Default and Default 2014 were removed in this version according to the rules:
If the preset was not related to any projects, it was removed.
If the preset is related to a project, it is not removed.
Removal of deprecated queries from Presets
Deprecated queries were removed from the presets according to the following list:
(Query ID, Query Name)
Engine Pack Supported Code Languages and Frameworks (9.6.2)
Environment and Primary Languages | Secondary Languages | Framework | File extensions | Additional Information | |
|---|---|---|---|---|---|
|
|
|
| Java can be configured as a unified language with Scala. | |
|
|
|
| ||
|
|
|
| ||
|
| ||||
|
|
| |||
| JavaScript |
|
| ||
|
|
| This is for Salesforce APEX only. | ||
|
|
| |||
|
|
| |||
|
| ||||
|
| ||||
|
|
| |||
|
| ||||
|
| ||||
|
| ||||
|
|
|
| ||
|
|
| |||
|
|
| Scala can be configured as a unified language with Java. | ||
|
|
| |||
|
|
| |||
|
| ||||
|
| ||||
|
|
| |||
|
|
|
Vulnerability Queries 9.6.2
All queries that are executed in version 9.6.2 are available for download - PDF , CSV
New and updated queries in version 9.6.2 are available for download - PDF , CSV
Queries associated with predefined query presets are available for download - PDF , CSV