Custom Analysis - QA
You can use CxAudit for expanding CxSAST's functionality to analyze project-specific aspects of your source code. One example is locating potential bugs or other application-specific issues by querying where the code might allow specified information elements to reach specified application output (QA). For example, you might have an application that generates files, and the application has generated a file with hard-coded text that shouldn't be there. There might be other cases where something like this might happen, so you want a query that will find all places where the code could cause hard-coded text to appear in generated files.
QA analysis generally requires actually writing some query text, rather than just generating a query from the code. However, you can still base your query on existing or automatically generated queries, as in the example below.
For QA analysis, perform the following:
Open either an existing CxSAST project or create a new local project for auditing.
Notice
You can work on a smaller, representative section of a project, by copying part of the source code project to a locally accessible folder and creating a new project from it (see CxAudit Workspace).
Create a new query (see Working with Queries).
Write the query. You can use parts of existing or automatically-generated queries (see the Query Coding Example).
If you do not want the query to be included in future scans:
Right-click the new query and select Properties:
Clear Executable:
Click Save All Queries to save the changes.