Skip to main content

Release Notes for Engine Pack 9.4.4

Engine Pack 9.4.4 contains the following engine deliverables and enhancements:

Installation Notes

Warning

In a distributed environment, the relevant Engine Pack must also be installed on the CxManager host to update the SQL database.

Notice

Engine Packs are cumulative and include previous Engine Pack updates.

For more information about Engine Pack installation, see The New Delivery Model for Checkmarx SAST.The Engine Pack Delivery Model for Checkmarx SAST

New Improved Scan Flow Improvements

New Improved Scan Flow now supports the following:

  • Java

  • Objective-C

  • Perl

Language Updates 

Engine Pack 9.4.4 introduces several significant language enhancements and updates.

New support for Scala Language

The re-write of the Scala language support has been finalized and includes many additional features, allowing us to improve our overall support and accuracy.

By default, the new Improved Scan Flow is used for calculating the flow.

New support for Swift Language

The re-write of the Swift language support has been finalized and includes many additional features, allowing us to improve our overall support and accuracy.

By default, the new Improved Scan Flow is used for calculating the flow.

Our updated Swift support is now independent from Objective-C, so that Swift and Objective-C are now scanned as two separate languages, not only as Objective-C as in the previous versions, and vulnerabilities are identified and displayed in the SAST Web Portal Results Viewer, according to the specific language. To scan Swift source code and Objective-C without risking a decrease in accuracy, perform the following:

  1. Install 9.4 HF10.

  2. Obtain a new license that includes the Swift language, for the CxAudit.

Improvements in the RPG language support

The RPG support has been improved to include more additional features, allowing us to improve our overall support and accuracy.

TypeScript language support update

This version introduces updated support on the latest versions of TypeScript.

Kotlin language support update

This version introduces updated support on the latest versions of Kotlin.

New Query for Detecting Log4J Vulnerable Versions

The following query was added to the Java language for detecting vulnerable Log4J versions:

New Query for Detecting Prototype Pollution

The following query was added to the JavaScript language for detecting the Prototype Pollution vulnerability:

  • JavaScript_High_Risk/Prototype_Pollution - This query finds external properties assignment without validation, which might allow object properties pollution and affect the application's normal behavior.

Preset for KISA Software Secure Coding

The preset for Korean Security Standards, called MOIS/KISA Software Secure Coding 2021 from the Ministry of the Interior and Safety and Korea Internet & Security Agency was enriched with additional queries to improve the accuracy.

A new category for MOIS(KISA) Secure Coding 2021 is also available for tracking results and checking for compliance.

Presets for C++ Coding Standards

The following C++ language presets were enriched with additional queries for improving their accuracy:

  • SEI CERT

  • ISO/IEC TS 17961 2013/2016

Preset for C Coding Standards

A new preset, called MISRA C 2012 was added for C language.

This preset aims to be an improved version of the preset MISRA C. In this version, the preset contains new queries for Rules 5.1 to 5.9, 7.1, 7.2 and 7.3. In the upcoming version, the preset will be improved with additional queries and extended rules coverage.

Preset for SANS Top 25

The SANS Top 25 preset was updated to the latest version and a new category was added for tracking results and checking for compliance.

Queries Translated to Chinese

The Chinese translation for the query descriptions is now available.

Log Improvements

Debug messages are no longer printed in the logs.

In this section: