- Checkmarx Documentation
- Checkmarx SAST
- SAST Release Notes
- Engine Pack Versions and Delivery Model
- Previous Engine Pack Versions
- Release Notes for Engine Pack 9.4.5
Release Notes for Engine Pack 9.4.5
Engine Pack 9.4.5 contains the following engine deliverables and enhancements:
Installation Notes
Warning
In a distributed environment, the relevant Engine Pack must also be installed on the CxManager host to update the SQL database.
Notice
Engine Packs are cumulative and include previous Engine Pack updates.
For more information about Engine Pack installation, see The New Delivery Model for Checkmarx SAST.The Engine Pack Delivery Model for Checkmarx SAST
New Improved Scan Flow Improvements
Groovy language is now supported.
Support now includes the following Java methods: Iterable.iterator and Iterator.next().
Languages and Frameworks
All supported code Languages and Frameworks versions can be found at
Supported Code Languages and Frameworks for Engine Pack 9.4.5.
Scala
Finagle is an extensible RPC system for the JVM, used to construct high-concurrency servers. Finagle implements uniform client and server APIs for several protocols, and is designed for high performance and concurrency.
We are introducing brand new support for Finagle.
CSharp and .Net Core improvements
In 9.4.5 we improved CSharp queries to partially support the latest .NET Core versions 5 and 6:
CSharp_Medium_Threat/Buffer_Overflow
Updated general queries to support new hashing methods. The changes affect the following queries:
Insecure_Data_Storage
Deserialization_of_Untrusted_Data
Unsafe_Reflection
Stored_XSS
Second_Order_SQL_Injection
Poor_Authorization_and_Authentication
Privacy_Violation
Missing_Object_Level_Authorization
Stored_XPath_Injection
Stored_Path_Traversal
Stored_Command_Injection
Session_Fixation
ReDoS_In_Code
ReDoS_By_Regex_Injection
Privacy_Violation
Persistent_Connection_String
Leaving_Temporary_Files
Information_Exposure_Through_an_Error_Message
Improper_Exception_Handling
Blind_SQL_Injections
Stored_Command_Argument_Injection
Stored_Code_Injection
Potential_ReDoS_In_Static_Field
Potential_ReDoS_In_Code
Potential_ReDoS_By_Injection
Potential_ReDoS
Heuristic_Stored_XSS
Heuristic_2nd_Order_SQL_Injection
Shell_Command_Argument_Injection
OS_Command_Argument_Injection
Use_of_RSA_Algorithm_without_OAEP
Trust_Boundary_Violation_in_Session_Variables
Log_Forging
Leaving_Temporary_Files
Improper_Exception_Handling
Impersonation_Issue
Command_Argument_Injection
Blind_SQL_Injections
Updated the general IO (input/output) file queries affecting the following:
Connection_String_Injection
Command_Injection
Code_Injection
XPath_Injection
Client_Side_Injection
SQL_Injection
Second_Order_SQL_Injection
Resource_Injection
Data_Filter_Injection
Stored_XPath_Injection
Stored_Path_Traversal
Stored_Command_Injection
SQL_Injection_Evasion_Attack
Path_Traversal
Trust_Boundary_Violation_in_Session_Variables
Stored_Command_Argument_Injection
Stored_Code_Injection
Potential_ReDoS_In_Static_Field
Heuristic_Stored_XSS
Heuristic_SQL_Injection
Heuristic_Parameter_Tampering
Heuristic_DB_Parameter_Tampering
Heuristic_CSRF
Heuristic_2nd_Order_SQL_Injection
Potential_ReDoS
Open_Redirect
Log_Forging
Command_Argument_Injection
Blind_SQL_Injections
Shell_Command_Argument_Injection
OS_Command_Argument_Injection
RPG Improvements
In 9.4.5 we added support for Display Files and in addition, several parsing exceptions were also fixed.
The following queries were updated mainly for inputs coming from Display Files:
RPG_High_Risk/SQL_Injection
RPG_Medium_Threat/Reflected_Path_Traversal
RPG_Low_Visibility/Integer_Overflow
Presets
OWASP ASVS Compliance
A new preset and a new category for the OWASP ASVS were added, allowing you to track the results and check for compliance.
CWE Top 25
A new preset and a new category for CWE Top 25 were added, allowing you to track the results and check for compliance.
MISRA C 2012
The MISRA C 2012 preset for C Coding Standards, which was added in 9.4.4, has been improved with additional rules. The preset now contains new and improved queries for Rules 6.1 to 6.2, 7.4, 8.1 to 8.8, and 8.10. In the upcoming version, the preset will be improved with additional queries and extended rules coverage.
Component Upgrades
The EngineService was upgrade to .NET Core 6.
Since the Engine Pack installer validates the prerequisites the silent mode upgrade will fail if the .NET Core 6 is not installed.