Skip to main content

Release Notes for Engine Pack 9.5.5

Caution

The Checkmarx certificate used for application code signing has been updated since the previous one has expired.

This might result in error messages depending on the environment settings, but these errors can be safely ignored.

Installation Notes

Caution

In a distributed environment, the relevant Engine Pack must also be installed on the CxManager host to update the SQL database.

Notice

Engine Packs are cumulative and include previous Engine Pack updates.

For more information about Engine Pack installation, see Engine Pack Versions and Delivery Model.

CxSAST Engine Pack Enhancements

Engine Pack 9.5.5 introduces significant language and framework enhancements:

Languages and Frameworks

All supported code Languages & Frameworks versions are on the dedicated page.

The content includes the following:

CSharp (GA)

The C# 11 support introduced in 9.5.4 was improved and is now available as GA.

New Query SSRF

A new query to flag the SSRF vulnerability was added as part of this version:

  • CSharp_Medium_Threat --> SSRF

Accuracy Improvements

A set of CSharp high queries has been reviewed to improve the accuracy of the results and reduce the noise by decreasing false positives.

.Net Core

.Net Core support was updated to version 7.

Python

The support of the Comprehensive list in Python language has been improved.

TypeScript

TypeScript language support was updated to version 5.0 and includes the following features:

  • Extends constraints on inferring type variables.

  • Optional Variance Annotations for Type Parameters.

  • Resolution Mode.

  • Instantiation Expressions.

  • Inference for inferring Types in Template String Types.

  • Auto-Accessors in Classes.

  • Satisfies Operator.

  • Const Type Parameters.

  • Export type *.

Angular

Angular support was updated to version 15, which includes the following features:

  • Component directives

  • Syntax for Route Guard

Kotlin

Kotlin support was updated to version 1.8, which includes the following features:

  • Definitely non-nullable types.

  • ..< operator for creating open-ended ranges.

Presets

CWE Top 25

The CWE Top 25 preset and category were updated to the latest version (June 2022).

STIG

The STIG preset and category were updated to version 5.2.

Removal of deprecated queries from Presets

Notice

The following is planned to start in the next major version - 9.6:

  • Deprecated queries will be removed from the engine.

  • Queries from presets can be removed according to compliance standards updates.

  • All changes will be properly communicated in the Engine Pack release notes.

Actions to be executed in the next version, 9.6.0:

Deprecated queries are going to be removed from the presets, according to the following list: (Query ID, Query Name).

The presets Default and Default 2014 will be removed according to the following rules:

  • It will be removed if the preset is unrelated to any projects.

  • It won't be removed if the preset is related to a project.

Supported Code Languages and Frameworks for EP 9.5.5

Environment

Primary Languages

Secondary Languages

Framework

File extensions

6022007568
  • Java

  • J2SE

  • J2EE

  • JSP

  • JavaScript

  • VBScript

  • PL\SQL

  • HTML5

  • ATG DSP Taglib

  • GWT

  • Hibernate

  • Google Guice

  • Java Server Faces (JSF)

  • JSP

  • JSTL FMT Taglib

  • OWASP ESAPI

  • MyBatis

  • PrimeFaces

  • Spring Boot

  • Spring MVC

  • Spring

  • Struts

  • Velocity

  • .java

  • .jsp

  • .jspf

  • .jsf

  • .tag

  • .tld

  • .mf

  • .xhtml

  • .vm

  • .gradle

  • .properties

  • .xml

6022007571.png
  • C#

  • VB.NET

  • ASP.NET

  • JavaScript

  • VBScript

  • PL\SQL

  • HTML5

  • ASP.NET Core

  • ASP.Net Core Razor

  • ASP.Net MVC framework

  • Enterprise Libraries

  • ComponentArt

  • Entity framework

  • Hibernate.Net

  • Infragistics

  • iBatis

  • Telerik

  • .cs

  • .cshtml

  • .xaml

  • .vb

  • .config

  • .aspx

  • .ascx

  • .asax

  • .tag

  • .master

  • .xml

6022007574.png
  • ASP

  • JavaScript [**]

  • VBScript

  • PL\SQL

  • HTML5

  • ASP.Net MVC framework

  • .asp

  • .inc

6022007577.png
  • VB6

  • .bas

  • .vbp

  • .frm

  • .cls

  • .dsr

  • .ctl

6022007580.png
  • C

  • C++

  • C MISRA

  • C++ MISRA

  • Informix ESQL/C

  • MySQL

  • .cpp

  • .c

  • .cc

  • .c++

  • .cxx

  • .hpp

  • .hh

  • .h++

  • .hxx

  • .h

  • .ec

  • .cmake

  • .pro

  • .ac

  • .am

  • .txt (related to CmakeLists)

6458c4245c4db.svg
  • PHP

JavaScript

  • bWapp

  • CakePHP

  • OWASP ESAPI

  • Kohana

  • Symfony

  • Smarty

  • Zend

  • .php

  • .php3

  • .php4

  • .php5

  • .phtm

  • .phtml

  • .tpl

  • .ctp

  • .twig

  • .inc

  • .cgi

6022007586.png
  • Apex

  • VisualForce

  • Lightning (Aura)

  • Lightning Web Components

  • .apex

  • .apexp

  • .apxc

  • .page

  • .component

  • .cls

  • .trigger

  • .tgr

  • .object

  • .report

  • .workflow

  • -meta.xml

  • .xml

6022007589.png
  • Ruby

  • Ruby on Rails

  • .rb

  • .rhtml

  • .rxml

  • .rjs

  • .erb

  • .cgi

  • .lock

6022007592.png
  • JavaScript

  • Typescript

  • Ajax

  • Angular

  • AngularJS

  • Backbone

  • Cordova / PhoneGap

  • Handlebars

  • Hapi.JS

  • JQuery

  • Knockout

  • Kony Visualizer

  • Node.js

    • Buffer

    • CryptoJS

    • ExpressJS

    • File System (Fs)

    • Hapi

    • Mongodb

    • OracleDB

    • Sequelize

  • Pug (Jade)

  • React Native

  • ReactJS

  • SAPUI5

  • VueJS

  • XS (SAP)

  • RequireJS

  • .js

  • .jsx

  • .htm

  • .html

  • .json

  • .ts

  • .tsx

  • .aspx

  • .ascx

  • .xsjs

  • .xsjslib

  • .xsaccess

  • .xsapp

  • .app

  • .evt

  • .cmp

  • .hbs

  • .handlebars

  • .jade

  • .pug

  • .vue

  • .xml

6022007598.png
  • VBScript

  • .vbs

  • .aspx

  • .ascx

  • .asp

  • .cshtml

  • .html

  • .htm

  • .master

6022007601.png
  • Perl

  • .pl

  • .pm

  • .plx

  • .psgi

  • .cgi

6022007604.png
  • Android (Java)

  • Volley

  • .java

  • .kt

6022007607.png
  • Objective-C

  • Swift

  • .m

  • .h

  • .swift

  • .xib

  • .plist

6022007610.png
  • HTML 5

  • .html

  • .htm

6022007613.png
  • PL/SQL

  • .pls

  • .sql

  • .pkh

  • .pks

  • .pkb

  • .pck

6022007616.png
  • Python

  • JavaScript

  • VB script

  • PL\SQL

  • Django

  • Flask

  • Jinja and DTL

  • Pandas library

  • .py

  • .gtl

  • .csv

  • .latex

  • .tex

  • .html

  • .xml

  • .txt

6022007619.png
  • Groovy

  • JavaScript

  • VB script

  • PL\SQL

  • .groovy

  • .gsh

  • .gvy

  • .gy

  • .gsp

  • .gradle

6022007622.png
  • Scala

  • Akka

  • Finagle

  • Finatra

  • .scala

  • .conf

6022007625.png
  • GO Language

  • Protobuf

  • gin-gonic/gin

  • gorilla-mux

  • .go

  • .mod

kotlinlogo.png
  • Kotlin

  • Ktor (Server side)

  • Vert.x (Server side)

  • Spring

  • .kt

  • .kts

  • .mustache

  • .ftl

  • .xml

6022007508.jpg
  • Cobol

  • .cbl

  • .cob

  • .eco

  • .pco

  • .sqb

  • .cpy

6894747673.png
  • RPG

  • .rpg

  • .rpg38

  • .sqlrpg

  • .rpgle

  • .sqlrpgle

  • .dspf

6894747676.png
  • Dart

  • Flutter

  • .dart

  • .yaml