Skip to main content

Query Editor

Queries provided by Checkmarx are written using IAST Query Language as explained under IAST Query Language. These Queries are used to analyze the execution flow and return a list of results. Queries written in the IAST Query Language can be customized in the Query Editor by overriding existing queries or creating new ones. The Query Editor is divided into three areas of interest:

  • Queries - divided into two expandable segments for Queries provided by Checkmarx and Custom Queries.

  • Lists - open the List tab to view the query lists.

  • Query Language.

The list of queries contains a combination of methods that defines how the IAST agent collects information. Queries contain the code that uses this information in order to detect vulnerabilities. The Query Editor dialog displays queries under the Queries tab in a tree format. Each query is represented by the vulnerability that it is associated with.

In both segments, the queries are separated according to their severity. By expanding a severity, all queries allocated to the selected severity are displayed. Selecting a query displays the structure of the query in the Query Language panel to the right.