- Checkmarx Documentation
- Checkmarx SAST
- SAST Release Notes
- Engine Pack Versions and Delivery Model
- Previous Engine Pack Versions
- Release Notes for Engine Pack 9.5.5
Release Notes for Engine Pack 9.5.5
Caution
The Checkmarx certificate used for application code signing has been updated since the previous one has expired.
This might result in error messages depending on the environment settings, but these errors can be safely ignored.
Installation Notes
Caution
In a distributed environment, the relevant Engine Pack must also be installed on the CxManager host to update the SQL database.
Notice
Engine Packs are cumulative and include previous Engine Pack updates.
For more information about Engine Pack installation, see Engine Pack Versions and Delivery Model.
CxSAST Engine Pack Enhancements
Engine Pack 9.5.5 introduces significant language and framework enhancements:
Languages and Frameworks
All supported code Languages & Frameworks versions are on the dedicated page.
The content includes the following:
CSharp (GA)
The C# 11 support introduced in 9.5.4 was improved and is now available as GA.
New Query SSRF
A new query to flag the SSRF vulnerability was added as part of this version:
CSharp_Medium_Threat --> SSRF
Accuracy Improvements
A set of CSharp high queries has been reviewed to improve the accuracy of the results and reduce the noise by decreasing false positives.
.Net Core
.Net Core support was updated to version 7.
Python
The support of the Comprehensive list in Python language has been improved.
TypeScript
TypeScript language support was updated to version 5.0 and includes the following features:
Extends constraints on inferring type variables.
Optional Variance Annotations for Type Parameters.
Resolution Mode.
Instantiation Expressions.
Inference for inferring Types in Template String Types.
Auto-Accessors in Classes.
Satisfies Operator.
Const Type Parameters.
Export type *.
Angular
Angular support was updated to version 15, which includes the following features:
Component directives
Syntax for Route Guard
Kotlin
Kotlin support was updated to version 1.8, which includes the following features:
Definitely non-nullable types.
..< operator for creating open-ended ranges.
Presets
CWE Top 25
The CWE Top 25 preset and category were updated to the latest version (June 2022).
STIG
The STIG preset and category were updated to version 5.2.
Removal of deprecated queries from Presets
Notice
The following is planned to start in the next major version - 9.6:
Deprecated queries will be removed from the engine.
Queries from presets can be removed according to compliance standards updates.
All changes will be properly communicated in the Engine Pack release notes.
Actions to be executed in the next version, 9.6.0:
Deprecated queries are going to be removed from the presets, according to the following list: (Query ID, Query Name).
69, Dynamic_SQL_Queries
171, Session_Poisoning
182, HTTP_Response_Splitting
191, Unclosed_Connection
211, Buffer_Overflow_boundedcpy
214, Buffer_Overflow_cpycat
215, Buffer_Overflow_fgets
216, Buffer_Overflow_Loops
217, Buffer_Overflow_scanf
219, Buffer_Overflow_unbounded
226, String_Termination_Error
290, Boolean_Overflow
291, Char_Overflow
295, Long_Overflow
296, Short_Overflow
336, Stored_Buffer_Overflow_boundcpy
337, Stored_Buffer_Overflow_cpycat
338, Stored_Buffer_Overflow_fgets
339, Stored_Buffer_Overflow_fscanf
358, Unchecked_Return_Value
456, Session_Poisoning
464, Cross_Site_History_Manipulation
471, HTTP_Response_Splitting
472, Integer_Overflow
482, Unclosed_Connection
513, Unchecked_Return_Value
530, Use_Of_Uninitialized_Variables
606, Improper_Session_Management
627, Cross_Site_History_Manipulation
634, HTTP_Response_Splitting
701, Catch_NullPointerException
707, Unchecked_Return_Value
709, Magic_Numbers
719, Use_Of_Uninitialized_Variables
797, Session_Poisoning
805, Cross_Site_History_Manipulation
812, HTTP_Response_Splitting
813, Integer_Overflow
820, Unclosed_Connection
1202, Buffer_Overflow_LowBound
1204, Buffer_Overflow_OutOfBound
1212, Potential_Path_Traversal
1334, Cross_Site_History_Manipulation
1392, Buffer_Overflow_Indexes
1413, Buffer_Overflow_boundcpy_WrongSizeParam
1535, Cross_Site_History_Manipulation
1548, Privilege_Escalation
1585, Null_Pointer_Dereference
1657, Reachable_Assertion
1696, Storing_Passwords_in_a_Recoverable_Format
1697, Unchecked_Return_Value_to_NULL_Pointer_Dereference
2127, Parse_Double_DoS
2259, HTTP_Response_Splitting
2287, Wrong_Size_t_Allocation
2353, Buffer_Overflow_StrcpyStrcat
2554, Client_Insufficient_Key_Size
2608, Client_Use_Of_JQuery_Deprecated_Version
2613, Client_DB_Parameter_Tampering
2614, Client_Path_Manipulation
2619, Client_Second_Order_Sql_Injection
2620, Client_SQL_Injection
2709, Missing_Precision
2731, Potential_Precision_Problem
3334, Parse_Double_DoS
3355, Storing_Passwords_in_a_Recoverable_Format
3358, Unchecked_Return_Value_to_NULL_Pointer_Dereference
3372, Cross_Site_History_Manipulation
3568, Cross_Site_History_Manipulation
3706, Client_Header_Manipulation
3708, VF_Remoting_Client_Potential_CSRF
3910, Client_Password_Weak_Encryption
4129, Buffer_Overflow_IndexFromInput
4381, Cross_Site_History_Manipulation
4480, Kony_Unsecure_iOSBrowser_Configuration
5319, Deserialization_of_Untrusted_Data
513, Unchecked_Return_Value
530, Use_Of_Uninitialized_Variables
1585, Null_Pointer_Dereference
1599, Malicious_Program
1599, Malicious_Program
4480, Kony_Unsecure_iOSBrowser_Configuration
211, Buffer_Overflow_boundedcpy
215, Buffer_Overflow_fgets
217, Buffer_Overflow_scanf
219, Buffer_Overflow_unbounded
222, Off_by_One_Error_in_Arrays
226, String_Termination_Error
1032, Sharing_With_Controller
1204, Buffer_Overflow_OutOfBound
1392, Buffer_Overflow_Indexes
1548, Privilege_Escalation
2353, Buffer_Overflow_StrcpyStrcat
2608, Client_Use_Of_JQuery_Deprecated_Version
2619, Client_Second_Order_Sql_Injection
2620, Client_SQL_Injection
3706, Client_Header_Manipulation
4510, Client_Reflected_File_Download
5319, Deserialization_of_Untrusted_Data
171, Session_Poisoning
182, HTTP_Response_Splitting
191, Unclosed_Connection
211, Buffer_Overflow_boundedcpy
214, Buffer_Overflow_cpycat
215, Buffer_Overflow_fgets
216, Buffer_Overflow_Loops
217, Buffer_Overflow_scanf
219, Buffer_Overflow_unbounded
226, String_Termination_Error
290, Boolean_Overflow
291, Char_Overflow
295, Long_Overflow
296, Short_Overflow
336, Stored_Buffer_Overflow_boundcpy
337, Stored_Buffer_Overflow_cpycat
338, Stored_Buffer_Overflow_fgets
339, Stored_Buffer_Overflow_fscanf
456, Session_Poisoning
464, Cross_Site_History_Manipulation
471, HTTP_Response_Splitting
472, Integer_Overflow
482, Unclosed_Connection
606, Improper_Session_Management
627, Cross_Site_History_Manipulation
634, HTTP_Response_Splitting
797, Session_Poisoning
805, Cross_Site_History_Manipulation
812, HTTP_Response_Splitting
813, Integer_Overflow
820, Unclosed_Connection
1032, Sharing_With_Controller
1202, Buffer_Overflow_LowBound
1204, Buffer_Overflow_OutOfBound
1212, Potential_Path_Traversal
1334, Cross_Site_History_Manipulation
1392, Buffer_Overflow_Indexes
1394, Potential_Off_by_One_Error_in_Loops
1413, Buffer_Overflow_boundcpy_WrongSizeParam
1548, Privilege_Escalation
1696, Storing_Passwords_in_a_Recoverable_Format
1697, Unchecked_Return_Value_to_NULL_Pointer_Dereference
2127, Parse_Double_DoS
2259, HTTP_Response_Splitting
2287, Wrong_Size_t_Allocation
2353, Buffer_Overflow_StrcpyStrcat
2554, Client_Insufficient_Key_Size
2608, Client_Use_Of_JQuery_Deprecated_Version
2613, Client_DB_Parameter_Tampering
2614, Client_Path_Manipulation
2619, Client_Second_Order_Sql_Injection
2620, Client_SQL_Injection
2709, Missing_Precision
2731, Potential_Precision_Problem
3334, Parse_Double_DoS
3355, Storing_Passwords_in_a_Recoverable_Format
3358, Unchecked_Return_Value_to_NULL_Pointer_Dereference
3372, Cross_Site_History_Manipulation
3568, Cross_Site_History_Manipulation
3706, Client_Header_Manipulation
3708, VF_Remoting_Client_Potential_CSRF
3910, Client_Password_Weak_Encryption
4129, Buffer_Overflow_IndexFromInput
4381, Cross_Site_History_Manipulation
4480, Kony_Unsecure_iOSBrowser_Configuration
5319, Deserialization_of_Untrusted_Data
2608, Client_Use_Of_JQuery_Deprecated_Version
2619, Client_Second_Order_Sql_Injection
2620, Client_SQL_Injection
3706, Client_Header_Manipulation
358, Unchecked_Return_Value
513, Unchecked_Return_Value
701, Catch_NullPointerException
707, Unchecked_Return_Value
182, HTTP_Response_Splitting
290, Boolean_Overflow
295, Long_Overflow
296, Short_Overflow
471, HTTP_Response_Splitting
472, Integer_Overflow
634, HTTP_Response_Splitting
812, HTTP_Response_Splitting
813, Integer_Overflow
1548, Privilege_Escalation
1681, Use_of_Insufficiently_Random_Values
2127, Parse_Double_DoS
2259, HTTP_Response_Splitting
2554, Client_Insufficient_Key_Size
2613, Client_DB_Parameter_Tampering
2614, Client_Path_Manipulation
2620, Client_SQL_Injection
3334, Parse_Double_DoS
3706, Client_Header_Manipulation
3910, Client_Password_Weak_Encryption
171, Session_Poisoning
182, HTTP_Response_Splitting
191, Unclosed_Connection
211, Buffer_Overflow_boundedcpy
214, Buffer_Overflow_cpycat
215, Buffer_Overflow_fgets
216, Buffer_Overflow_Loops
217, Buffer_Overflow_scanf
219, Buffer_Overflow_unbounded
226, String_Termination_Error
290, Boolean_Overflow
291, Char_Overflow
295, Long_Overflow
296, Short_Overflow
336, Stored_Buffer_Overflow_boundcpy
337, Stored_Buffer_Overflow_cpycat
338, Stored_Buffer_Overflow_fgets
339, Stored_Buffer_Overflow_fscanf
456, Session_Poisoning
464, Cross_Site_History_Manipulation
471, HTTP_Response_Splitting
472, Integer_Overflow
482, Unclosed_Connection
606, Improper_Session_Management
627, Cross_Site_History_Manipulation
634, HTTP_Response_Splitting
797, Session_Poisoning
805, Cross_Site_History_Manipulation
812, HTTP_Response_Splitting
813, Integer_Overflow
820, Unclosed_Connection
1032, Sharing_With_Controller
1202, Buffer_Overflow_LowBound
1204, Buffer_Overflow_OutOfBound
1212, Potential_Path_Traversal
1334, Cross_Site_History_Manipulation
1392, Buffer_Overflow_Indexes
1413, Buffer_Overflow_boundcpy_WrongSizeParam
1535, Cross_Site_History_Manipulation
1548, Privilege_Escalation
1696, Storing_Passwords_in_a_Recoverable_Format
1697, Unchecked_Return_Value_to_NULL_Pointer_Dereference
2127, Parse_Double_DoS
2259, HTTP_Response_Splitting
2287, Wrong_Size_t_Allocation
2353, Buffer_Overflow_StrcpyStrcat
2554, Client_Insufficient_Key_Size
2608, Client_Use_Of_JQuery_Deprecated_Version
2613, Client_DB_Parameter_Tampering
2614, Client_Path_Manipulation
2619, Client_Second_Order_Sql_Injection
2620, Client_SQL_Injection
2709, Missing_Precision
2731, Potential_Precision_Problem
3334, Parse_Double_DoS
3355, Storing_Passwords_in_a_Recoverable_Format
3358, Unchecked_Return_Value_to_NULL_Pointer_Dereference
3372, Cross_Site_History_Manipulation
3568, Cross_Site_History_Manipulation
3706, Client_Header_Manipulation
3708, VF_Remoting_Client_Potential_CSRF
3910, Client_Password_Weak_Encryption
4129, Buffer_Overflow_IndexFromInput
4381, Cross_Site_History_Manipulation
4480, Kony_Unsecure_iOSBrowser_Configuration
5319, Deserialization_of_Untrusted_Data
182, HTTP_Response_Splitting
191, Unclosed_Connection
211, Buffer_Overflow_boundedcpy
214, Buffer_Overflow_cpycat
215, Buffer_Overflow_fgets
216, Buffer_Overflow_Loops
217, Buffer_Overflow_scanf
219, Buffer_Overflow_unbounded
226, String_Termination_Error
290, Boolean_Overflow
291, Char_Overflow
295, Long_Overflow
296, Short_Overflow
336, Stored_Buffer_Overflow_boundcpy
337, Stored_Buffer_Overflow_cpycat
338, Stored_Buffer_Overflow_fgets
339, Stored_Buffer_Overflow_fscanf
471, HTTP_Response_Splitting
472, Integer_Overflow
482, Unclosed_Connection
634, HTTP_Response_Splitting
812, HTTP_Response_Splitting
813, Integer_Overflow
820, Unclosed_Connection
1032, Sharing_With_Controller
1202, Buffer_Overflow_LowBound
1204, Buffer_Overflow_OutOfBound
1392, Buffer_Overflow_Indexes
1413, Buffer_Overflow_boundcpy_WrongSizeParam
1548, Privilege_Escalation
2259, HTTP_Response_Splitting
2287, Wrong_Size_t_Allocation
2353, Buffer_Overflow_StrcpyStrcat
2608, Client_Use_Of_JQuery_Deprecated_Version
2613, Client_DB_Parameter_Tampering
2614, Client_Path_Manipulation
2619, Client_Second_Order_Sql_Injection
2620, Client_SQL_Injection
2709, Missing_Precision
3706, Client_Header_Manipulation
3708, VF_Remoting_Client_Potential_CSRF
4129, Buffer_Overflow_IndexFromInput
4480, Kony_Unsecure_iOSBrowser_Configuration
5319, Deserialization_of_Untrusted_Data
7443, Reflected_Absolute_Path_Traversal
7559, AWS_Credentials_Leak
182, HTTP_Response_Splitting
191, Unclosed_Connection
211, Buffer_Overflow_boundedcpy
214, Buffer_Overflow_cpycat
215, Buffer_Overflow_fgets
216, Buffer_Overflow_Loops
217, Buffer_Overflow_scanf
219, Buffer_Overflow_unbounded
222, Off_by_One_Error_in_Arrays
223, Off_by_One_Error_in_Loops
224, Off_by_One_Error_in_Methods
226, String_Termination_Error
290, Boolean_Overflow
291, Char_Overflow
295, Long_Overflow
296, Short_Overflow
336, Stored_Buffer_Overflow_boundcpy
337, Stored_Buffer_Overflow_cpycat
338, Stored_Buffer_Overflow_fgets
339, Stored_Buffer_Overflow_fscanf
464, Cross_Site_History_Manipulation
471, HTTP_Response_Splitting
472, Integer_Overflow
482, Unclosed_Connection
627, Cross_Site_History_Manipulation
634, HTTP_Response_Splitting
805, Cross_Site_History_Manipulation
812, HTTP_Response_Splitting
813, Integer_Overflow
820, Unclosed_Connection
1032, Sharing_With_Controller
1202, Buffer_Overflow_LowBound
1204, Buffer_Overflow_OutOfBound
1334, Cross_Site_History_Manipulation
1392, Buffer_Overflow_Indexes
1413, Buffer_Overflow_boundcpy_WrongSizeParam
1535, Cross_Site_History_Manipulation
1548, Privilege_Escalation
1681, Use_of_Insufficiently_Random_Values
2259, HTTP_Response_Splitting
2287, Wrong_Size_t_Allocation
2353, Buffer_Overflow_StrcpyStrcat
2530, Client_DOM_CSRF
2608, Client_Use_Of_JQuery_Deprecated_Version
2613, Client_DB_Parameter_Tampering
2614, Client_Path_Manipulation
2619, Client_Second_Order_Sql_Injection
2620, Client_SQL_Injection
513, Unchecked_Return_Value
530, Use_Of_Uninitialized_Variables
1585, Null_Pointer_Dereference
1599, Malicious_Program
4480, Kony_Unsecure_iOSBrowser_Configuration
7319, Parameter_Tampering
182, HTTP_Response_Splitting
191, Unclosed_Connection
211, Buffer_Overflow_boundedcpy
214, Buffer_Overflow_cpycat
215, Buffer_Overflow_fgets
216, Buffer_Overflow_Loops
217, Buffer_Overflow_scanf
219, Buffer_Overflow_unbounded
222, Off_by_One_Error_in_Arrays
223, Off_by_One_Error_in_Loops
224, Off_by_One_Error_in_Methods
226, String_Termination_Error
290, Boolean_Overflow
291, Char_Overflow
295, Long_Overflow
296, Short_Overflow
336, Stored_Buffer_Overflow_boundcpy
337, Stored_Buffer_Overflow_cpycat
338, Stored_Buffer_Overflow_fgets
339, Stored_Buffer_Overflow_fscanf
358, Unchecked_Return_Value
471, HTTP_Response_Splitting
472, Integer_Overflow
482, Unclosed_Connection
513, Unchecked_Return_Value
530, Use_Of_Uninitialized_Variables
634, HTTP_Response_Splitting
701, Catch_NullPointerException
707, Unchecked_Return_Value
719, Use_Of_Uninitialized_Variables
812, HTTP_Response_Splitting
813, Integer_Overflow
820, Unclosed_Connection
1202, Buffer_Overflow_LowBound
1204, Buffer_Overflow_OutOfBound
1252, Freed_Pointer_Not_Set_To_Null
1392, Buffer_Overflow_Indexes
1394, Potential_Off_by_One_Error_in_Loops
1548, Privilege_Escalation
1585, Null_Pointer_Dereference
1681, Use_of_Insufficiently_Random_Values
1697, Unchecked_Return_Value_to_NULL_Pointer_Dereference
2127, Parse_Double_DoS
2259, HTTP_Response_Splitting
2353, Buffer_Overflow_StrcpyStrcat
2530, Client_DOM_CSRF
2554, Client_Insufficient_Key_Size
2613, Client_DB_Parameter_Tampering
2614, Client_Path_Manipulation
2620, Client_SQL_Injection
2709, Missing_Precision
2731, Potential_Precision_Problem
3334, Parse_Double_DoS
3358, Unchecked_Return_Value_to_NULL_Pointer_Dereference
3706, Client_Header_Manipulation
3708, VF_Remoting_Client_Potential_CSRF
3910, Client_Password_Weak_Encryption
7319, Parameter_Tampering
4480, Kony_Unsecure_iOSBrowser_Configuration
211, Buffer_Overflow_boundedcpy
214, Buffer_Overflow_cpycat
215, Buffer_Overflow_fgets
216, Buffer_Overflow_Loops
217, Buffer_Overflow_scanf
219, Buffer_Overflow_unbounded
222, Off_by_One_Error_in_Arrays
223, Off_by_One_Error_in_Loops
224, Off_by_One_Error_in_Methods
226, String_Termination_Error
290, Boolean_Overflow
291, Char_Overflow
295, Long_Overflow
296, Short_Overflow
336, Stored_Buffer_Overflow_boundcpy
337, Stored_Buffer_Overflow_cpycat
338, Stored_Buffer_Overflow_fgets
339, Stored_Buffer_Overflow_fscanf
1032, Sharing_With_Controller
1202, Buffer_Overflow_LowBound
1204, Buffer_Overflow_OutOfBound
1392, Buffer_Overflow_Indexes
1394, Potential_Off_by_One_Error_in_Loops
1413, Buffer_Overflow_boundcpy_WrongSizeParam
2619, Client_Second_Order_Sql_Injection
2620, Client_SQL_Injection
3372, Cross_Site_History_Manipulation
3568, Cross_Site_History_Manipulation
171, Session_Poisoning
456, Session_Poisoning
606, Improper_Session_Management
797, Session_Poisoning
1212, Potential_Path_Traversal
2613, Client_DB_Parameter_Tampering
3708, VF_Remoting_Client_Potential_CSRF
3910, Client_Password_Weak_Encryption
5319, Deserialization_of_Untrusted_Data
69, Dynamic_SQL_Queries
171, Session_Poisoning
182, HTTP_Response_Splitting
191, Unclosed_Connection
211, Buffer_Overflow_boundedcpy
214, Buffer_Overflow_cpycat
215, Buffer_Overflow_fgets
216, Buffer_Overflow_Loops
217, Buffer_Overflow_scanf
219, Buffer_Overflow_unbounded
222, Off_by_One_Error_in_Arrays
223, Off_by_One_Error_in_Loops
224, Off_by_One_Error_in_Methods
226, String_Termination_Error
290, Boolean_Overflow
291, Char_Overflow
295, Long_Overflow
296, Short_Overflow
336, Stored_Buffer_Overflow_boundcpy
337, Stored_Buffer_Overflow_cpycat
338, Stored_Buffer_Overflow_fgets
339, Stored_Buffer_Overflow_fscanf
456, Session_Poisoning
464, Cross_Site_History_Manipulation
471, HTTP_Response_Splitting
472, Integer_Overflow
482, Unclosed_Connection
606, Improper_Session_Management
627, Cross_Site_History_Manipulation
634, HTTP_Response_Splitting
797, Session_Poisoning
805, Cross_Site_History_Manipulation
812, HTTP_Response_Splitting
813, Integer_Overflow
820, Unclosed_Connection
1202, Buffer_Overflow_LowBound
1204, Buffer_Overflow_OutOfBound
1212, Potential_Path_Traversal
1334, Cross_Site_History_Manipulation
1392, Buffer_Overflow_Indexes
1394, Potential_Off_by_One_Error_in_Loops
1413, Buffer_Overflow_boundcpy_WrongSizeParam
1535, Cross_Site_History_Manipulation
1548, Privilege_Escalation
1681, Use_of_Insufficiently_Random_Values
1696, Storing_Passwords_in_a_Recoverable_Format
1697, Unchecked_Return_Value_to_NULL_Pointer_Dereference
2127, Parse_Double_DoS
2259, HTTP_Response_Splitting
2287, Wrong_Size_t_Allocation
2353, Buffer_Overflow_StrcpyStrcat
2554, Client_Insufficient_Key_Size
2608, Client_Use_Of_JQuery_Deprecated_Version
2613, Client_DB_Parameter_Tampering
2614, Client_Path_Manipulation
2619, Client_Second_Order_Sql_Injection
2620, Client_SQL_Injection
2709, Missing_Precision
2731, Potential_Precision_Problem
3334, Parse_Double_DoS
3355, Storing_Passwords_in_a_Recoverable_Format
3358, Unchecked_Return_Value_to_NULL_Pointer_Dereference
3372, Cross_Site_History_Manipulation
3568, Cross_Site_History_Manipulation
3706, Client_Header_Manipulation
3708, VF_Remoting_Client_Potential_CSRF
3910, Client_Password_Weak_Encryption
4129, Buffer_Overflow_IndexFromInput
4381, Cross_Site_History_Manipulation
69, Dynamic_SQL_Queries
171, Session_Poisoning
182, HTTP_Response_Splitting
211, Buffer_Overflow_boundedcpy
214, Buffer_Overflow_cpycat
215, Buffer_Overflow_fgets
216, Buffer_Overflow_Loops
217, Buffer_Overflow_scanf
219, Buffer_Overflow_unbounded
222, Off_by_One_Error_in_Arrays
223, Off_by_One_Error_in_Loops
224, Off_by_One_Error_in_Methods
226, String_Termination_Error
336, Stored_Buffer_Overflow_boundcpy
337, Stored_Buffer_Overflow_cpycat
338, Stored_Buffer_Overflow_fgets
339, Stored_Buffer_Overflow_fscanf
456, Session_Poisoning
471, HTTP_Response_Splitting
606, Improper_Session_Management
634, HTTP_Response_Splitting
797, Session_Poisoning
812, HTTP_Response_Splitting
1032, Sharing_With_Controller
1202, Buffer_Overflow_LowBound
1204, Buffer_Overflow_OutOfBound
1212, Potential_Path_Traversal
1392, Buffer_Overflow_Indexes
1394, Potential_Off_by_One_Error_in_Loops
1413, Buffer_Overflow_boundcpy_WrongSizeParam
1548, Privilege_Escalation
1681, Use_of_Insufficiently_Random_Values
1696, Storing_Passwords_in_a_Recoverable_Format
2259, HTTP_Response_Splitting
2353, Buffer_Overflow_StrcpyStrcat
2554, Client_Insufficient_Key_Size
2608, Client_Use_Of_JQuery_Deprecated_Version
2613, Client_DB_Parameter_Tampering
2614, Client_Path_Manipulation
2619, Client_Second_Order_Sql_Injection
2620, Client_SQL_Injection
2731, Potential_Precision_Problem
3355, Storing_Passwords_in_a_Recoverable_Format
3568, Cross_Site_History_Manipulation
3706, Client_Header_Manipulation
4129, Buffer_Overflow_IndexFromInput
5319, Deserialization_of_Untrusted_Data
69, Dynamic_SQL_Queries
171, Session_Poisoning
182, HTTP_Response_Splitting
211, Buffer_Overflow_boundedcpy
214, Buffer_Overflow_cpycat
215, Buffer_Overflow_fgets
216, Buffer_Overflow_Loops
217, Buffer_Overflow_scanf
219, Buffer_Overflow_unbounded
222, Off_by_One_Error_in_Arrays
223, Off_by_One_Error_in_Loops
224, Off_by_One_Error_in_Methods
226, String_Termination_Error
336, Stored_Buffer_Overflow_boundcpy
337, Stored_Buffer_Overflow_cpycat
338, Stored_Buffer_Overflow_fgets
339, Stored_Buffer_Overflow_fscanf
456, Session_Poisoning
471, HTTP_Response_Splitting
606, Improper_Session_Management
634, HTTP_Response_Splitting
797, Session_Poisoning
812, HTTP_Response_Splitting
1032, Sharing_With_Controller
1202, Buffer_Overflow_LowBound
1204, Buffer_Overflow_OutOfBound
1212, Potential_Path_Traversal
1392, Buffer_Overflow_Indexes
1394, Potential_Off_by_One_Error_in_Loops
1413, Buffer_Overflow_boundcpy_WrongSizeParam
1548, Privilege_Escalation
1681, Use_of_Insufficiently_Random_Values
1696, Storing_Passwords_in_a_Recoverable_Format
2259, HTTP_Response_Splitting
2353, Buffer_Overflow_StrcpyStrcat
2530, Client_DOM_CSRF
2554, Client_Insufficient_Key_Size
2608, Client_Use_Of_JQuery_Deprecated_Version
2613, Client_DB_Parameter_Tampering
2614, Client_Path_Manipulation
2619, Client_Second_Order_Sql_Injection
2620, Client_SQL_Injection
2731, Potential_Precision_Problem
2976, HTTP_Response_Splitting
3355, Storing_Passwords_in_a_Recoverable_Format
3568, Cross_Site_History_Manipulation
3706, Client_Header_Manipulation
3708, VF_Remoting_Client_Potential_CSRF
3910, Client_Password_Weak_Encryption
4129, Buffer_Overflow_IndexFromInput
4480, Kony_Unsecure_iOSBrowser_Configuration
4510, Client_Reflected_File_Download
5319, Deserialization_of_Untrusted_Data
7319, Parameter_Tampering
171, Session_Poisoning
182, HTTP_Response_Splitting
211, Buffer_Overflow_boundedcpy
214, Buffer_Overflow_cpycat
215, Buffer_Overflow_fgets
216, Buffer_Overflow_Loops
217, Buffer_Overflow_scanf
219, Buffer_Overflow_unbounded
222, Off_by_One_Error_in_Arrays
223, Off_by_One_Error_in_Loops
224, Off_by_One_Error_in_Methods
226, String_Termination_Error
290, Boolean_Overflow
291, Char_Overflow
295, Long_Overflow
296, Short_Overflow
456, Session_Poisoning
471, HTTP_Response_Splitting
472, Integer_Overflow
606, Improper_Session_Management
634, HTTP_Response_Splitting
797, Session_Poisoning
812, HTTP_Response_Splitting
813, Integer_Overflow
1032, Sharing_With_Controller
1202, Buffer_Overflow_LowBound
1204, Buffer_Overflow_OutOfBound
1334, Cross_Site_History_Manipulation
1392, Buffer_Overflow_Indexes
1394, Potential_Off_by_One_Error_in_Loops
1413, Buffer_Overflow_boundcpy_WrongSizeParam
1657, Reachable_Assertion
1696, Storing_Passwords_in_a_Recoverable_Format
2353, Buffer_Overflow_StrcpyStrcat
2613, Client_DB_Parameter_Tampering
2614, Client_Path_Manipulation
2619, Client_Second_Order_Sql_Injection
2620, Client_SQL_Injection
3372, Cross_Site_History_Manipulation
3568, Cross_Site_History_Manipulation
3706, Client_Header_Manipulation
3708, VF_Remoting_Client_Potential_CSRF
3910, Client_Password_Weak_Encryption
1413, Buffer_Overflow_boundcpy_WrongSizeParam
182, HTTP_Response_Splitting
191, Unclosed_Connection
211, Buffer_Overflow_boundedcpy
214, Buffer_Overflow_cpycat
215, Buffer_Overflow_fgets
216, Buffer_Overflow_Loops
217, Buffer_Overflow_scanf
219, Buffer_Overflow_unbounded
222, Off_by_One_Error_in_Arrays
223, Off_by_One_Error_in_Loops
224, Off_by_One_Error_in_Methods
226, String_Termination_Error
290, Boolean_Overflow
291, Char_Overflow
295, Long_Overflow
296, Short_Overflow
336, Stored_Buffer_Overflow_boundcpy
337, Stored_Buffer_Overflow_cpycat
338, Stored_Buffer_Overflow_fgets
339, Stored_Buffer_Overflow_fscanf
358, Unchecked_Return_Value
471, HTTP_Response_Splitting
472, Integer_Overflow
482, Unclosed_Connection
513, Unchecked_Return_Value
530, Use_Of_Uninitialized_Variables
634, HTTP_Response_Splitting
701, Catch_NullPointerException
707, Unchecked_Return_Value
719, Use_Of_Uninitialized_Variables
812, HTTP_Response_Splitting
813, Integer_Overflow
820, Unclosed_Connection
1202, Buffer_Overflow_LowBound
1204, Buffer_Overflow_OutOfBound
1392, Buffer_Overflow_Indexes
1394, Potential_Off_by_One_Error_in_Loops
1548, Privilege_Escalation
1585, Null_Pointer_Dereference
1697, Unchecked_Return_Value_to_NULL_Pointer_Dereference
2127, Parse_Double_DoS
2259, HTTP_Response_Splitting
2353, Buffer_Overflow_StrcpyStrcat
2554, Client_Insufficient_Key_Size
2613, Client_DB_Parameter_Tampering
2614, Client_Path_Manipulation
2620, Client_SQL_Injection
2709, Missing_Precision
2731, Potential_Precision_Problem
3334, Parse_Double_DoS
3358, Unchecked_Return_Value_to_NULL_Pointer_Dereference
3706, Client_Header_Manipulation
3708, VF_Remoting_Client_Potential_CSRF
3910, Client_Password_Weak_Encryption
7319, Parameter_Tampering
2620, Client_SQL_Injection
The presets Default and Default 2014 will be removed according to the following rules:
It will be removed if the preset is unrelated to any projects.
It won't be removed if the preset is related to a project.
Supported Code Languages and Frameworks for EP 9.5.5
Environment | Primary Languages | Secondary Languages | Framework | File extensions | |
---|---|---|---|---|---|
|
|
|
| ||
|
|
|
| ||
|
|
|
| ||
|
| ||||
|
|
| |||
| JavaScript |
|
| ||
|
|
| |||
|
|
| |||
|
|
| |||
|
| ||||
|
| ||||
|
|
| |||
|
| ||||
|
| ||||
|
| ||||
|
|
|
| ||
|
|
| |||
|
|
| |||
|
|
| |||
|
|
| |||
|
| ||||
|
| ||||
|
|
|