Skip to main content

Engine Pack Version 9.6.2

CxSAST Engine

Languages & Frameworks

All supported code Languages & Frameworks versions are viewable here.

PHP

PHP language support is GA and has been enhanced with the latest features in version 8.2, including the following:

APEX

Apex has been improved by adding support for Summer API 58.0 to reduce false positives.

The following queries were updated to support Assert Class (API 58.0):

  • Apex_Force_com_Code_Quality\Test_Assert_Without_Message

  • Apex_Force_com_Code_Quality\Test_Methods_With_No_Assert

Python

In 9.6.2, brand-new support for Marshmallow, a Python library, was added. The given support is based on CxQL queries only.

VB.Net

VB.Net support has been updated to version 16.9.

Java

Java support has been improved by adding the capability of scanning .yml and .yaml files for Java Spring frameworks.

Four methods to search for nodes on those yaml/yml files (language agnostic) were added to CxQL API:

  • FindYamlNodesByKey

  • FindYamlNodesByValue

  • FindYamlNodesByKeyAndValue

Both extensions (.yml and .yaml) were added as recognized when scanning Java Spring frameworks.

AWS Lambdas

AWS Lambdas support has been improved by adding and updating existing queries.

Go

  • Added AWS Lambda Inputs to Interactive Inputs.

  • Updated queries to improve DynamoDB and S3 support.

  • Improved queries:

    • :Medium_Risk: Go_AWS_Lambda\Permission_Manipulation_In_S3.

    • :Low_Risk: Go_AWS_Lambda\Unrestricted_Read_S3.

    • :Low_Risk: Go_AWS_Lambda\Unrestricted_Write_S3.

Java

  • AWS Lambda inputs were added to Interactive and Stored inputs.

  • Updated queries to improve DynamoDB and S3 support.

JavaScript

  • Updated queries to improve DynamoDB support.

Python

  • Added AWS Lambda inputs as interactive inputs.

  • Added AWS Lambda S3 sanitizers to queries:

    • :Low_Risk: Python_AWS_Lambda\Unrestricted_Read_S3

    • :Low_Risk: Python_AWS_Lambda\Unrestricted_Write_S3

  • New query added to improve S3 support:

    • :Low_Risk: Python_AWS_Lambda\Unrestricted_Delete_S3

  • Renamed query:

    • :Medium_Risk: Python_AWS_Lambda\Race_Condition_Concurrent_Instances to Python_AWS_Lambda\Race_Condition_Global_Scope

Scanning unsupported files - New error code

Notice

In the upcoming version, 9.6.3, the error code that is generated when attempting to scan files that are not supported will be modified. The current error code, denoted as -1, will be replaced by the new error code, 60.

To ensure a seamless transition and prevent potential errors, we strongly recommend to:

  • Carefully review your existing pipelines and workflows.

  • Identify whether there are any configurations or dependencies relying on the current error code.

It is essential to make the necessary adjustments to your configurations before upgrading to version 9.6.3. By making these changes, you will be able to avoid any disruptions caused by the change in error code and ensure the continued smooth operation of your processes.

Presets Removal

  • The presets Default and Default 2014 were removed in this version according to the rules:

    • If the preset was not related to any projects, it was removed.

    • If the preset is related to a project, it is not removed.

Removal of deprecated queries from Presets

Deprecated queries were removed from the presets according to the following list:

(Query ID, Query Name)

Engine Pack Supported Code Languages and Frameworks (9.6.2)

Environment and Primary Languages

Secondary Languages

Framework

File extensions

Additional Information

6022007568
  • Java

  • J2SE

  • J2EE

  • JSP

  • JavaScript

  • VBScript

  • PL\SQL

  • HTML5

  • ATG DSP Taglib

  • GWT

  • Hibernate

  • Google Guice

  • Java Server Faces (JSF)

  • JSP

  • JSTL FMT Taglib

  • OWASP ESAPI

  • MyBatis

  • PrimeFaces

  • Spring Boot

  • Spring MVC

  • Spring

  • Struts

  • Velocity

  • .java

  • .jsp

  • .jspf

  • .jsf

  • .tag

  • .tld

  • .mf

  • .xhtml

  • .vm

  • .gradle

  • .properties

  • .jspdsbld

  • .wod

  • .xml

  • .yml

  • .yaml

Java can be configured as a unified language with Scala.

6022007571.png
  • ASP.NET

  • JavaScript

  • VBScript

  • PL\SQL

  • HTML5

  • ASP.NET Core

  • ASP.Net Core Razor

  • ASP.Net MVC framework

  • Enterprise Libraries

  • ComponentArt

  • Entity framework

  • Hibernate.Net

  • Infragistics

  • iBatis

  • Telerik

  • Dapper

  • .cs

  • .cshtml

  • .xaml

  • .vb

  • .config

  • .aspx

  • .ascx

  • .asax

  • .tag

  • .master

  • .xml

6022007574.png
  • ASP

  • JavaScript [**]

  • VBScript

  • PL\SQL

  • HTML5

  • ASP.Net MVC framework

  • .asp

  • .inc

6022007577.png
  • VB6

  • .bas

  • .vbp

  • .frm

  • .cls

  • .dsr

  • .ctl

6022007580.png
  • C

  • C++

  • C MISRA

  • C++ MISRA

  • Informix ESQL/C

  • MySQL

  • .cpp

  • .c

  • .cc

  • .c++

  • .cxx

  • .hpp

  • .hh

  • .h++

  • .hxx

  • .h

  • .ec

  • .cmake

  • .pro

  • .ac

  • .am

  • .txt (related to CmakeLists)

64d4d824681bd.svg
  • PHP

JavaScript

  • bWapp

  • CakePHP

  • OWASP ESAPI

  • Kohana

  • Symfony

  • Smarty

  • Zend

  • .php

  • .php3

  • .php4

  • .php5

  • .phtm

  • .phtml

  • .tpl

  • .ctp

  • .twig

  • .inc

  • .cgi

  • .env

  • .ini

6022007586.png
  • Apex

  • VisualForce

  • Lightning (Aura)

  • Lightning Web Components

  • .apex

  • .apexp

  • .apxc

  • .page

  • .component

  • .cls

  • .trigger

  • .tgr

  • .object

  • .report

  • .workflow

  • -meta.xml

  • .xml

This is for Salesforce APEX only.

6022007589.png
  • Ruby

  • Ruby on Rails

  • .rb

  • .rhtml

  • .rxml

  • .rjs

  • .erb

  • .cgi

  • .lock

6022007592.png
  • JavaScript

  • Typescript

  • Ajax

  • Angular

  • AngularJS

  • Backbone

  • Cordova / PhoneGap

  • Handlebars

  • Hapi.JS

  • JQuery

  • Knockout

  • Kony Visualizer

  • Node.js

    • Buffer

    • CryptoJS

    • ExpressJS

    • File System

    • Hapi

    • Mongodb

    • OracleDB

    • Sequelize

  • Pug (Jade)

  • React Native

  • ReactJS

  • SAPUI5

  • VueJS

  • XS (SAP)

  • RequireJS

  • .js

  • .jsx

  • .htm

  • .html

  • .json

  • .ts

  • .tsx

  • .aspx

  • .ascx

  • .xsjs

  • .xsjslib

  • .xsaccess

  • .xsapp

  • .app

  • .evt

  • .cmp

  • .hbs

  • .handlebars

  • .jade

  • .pug

  • .vue

  • .xml

  • .apexp

  • .page

  • .component

  • .cshtml

  • .jsf

  • .xhtml

  • .jsp

  • .jspf

  • .asp

  • .master

  • .php

6022007598.png
  • VBScript

  • .vbs

  • .aspx

  • .ascx

  • .asp

  • .cshtml

  • .html

  • .htm

  • .master

6022007601.png
  • Perl

  • .pl

  • .pm

  • .plx

  • .psgi

  • .cgi

6022007604.png
  • Android (Java)

  • Volley

  • .java

  • .kt

6022007607.png
  • Objective-C

  • Swift

  • .m

  • .h

  • .swift

  • .xib

  • .plist

6022007610.png
  • HTML 5

  • .html

  • .htm

6022007613.png
  • PL/SQL

  • .pls

  • .sql

  • .pkh

  • .pks

  • .pkb

  • .pck

6022007616.png
  • Python

  • JavaScript

  • VB script

  • PL\SQL

  • Django

  • Flask

  • Jinja and DTL

  • Pandas library

  • Marshmallow

  • .py

  • .gtl

  • .csv

  • .latex

  • .tex

  • .html

  • .xml

  • .txt

6022007619.png
  • Groovy

  • JavaScript

  • VB script

  • PL\SQL

  • .groovy

  • .gsh

  • .gvy

  • .gy

  • .gsp

  • .gradle

6022007622.png
  • Scala

  • Akka

  • Finagle

  • Finatra

  • .scala

  • .conf

Scala can be configured as a unified language with Java.

6022007625.png
  • GO Language

  • Protobuf

  • gin-gonic/gin

  • gorilla-mux

  • .go

  • .mod

kotlinlogo.png
  • Kotlin

  • Ktor (Server Side)

  • Vert.x (Server Side)

  • Spring

  • .kt

  • .kts

  • .mustache

  • .ftl

  • .xml

6022007508.jpg
  • Cobol

  • .cbl

  • .cob

  • .eco

  • .pco

  • .sqb

  • .cpy

6994002109.png
  • RPG

  • .rpg

  • .rpg38

  • .sqlrpg

  • .rpgle

  • .sqlrpgle

  • .dspf

6994002106.png
  • Dart

  • Flutter

  • .dart

  • .yaml

6993019381.png
  • Lua

  • OpenResty

  • .lua

  • .conf

Vulnerability Queries 9.6.2

All queries that are executed in version 9.6.2 are available for download - PDF , CSV

New and updated queries in version 9.6.2 are available for download - PDF , CSV

Queries associated with predefined query presets are available for download - PDF , CSV

New and Changed Queries