Skip to main content

Engine Pack Version 9.6.3

CxSAST Engine

Languages & Frameworks

All supported code Languages & Frameworks versions are listed here: Engine Pack Supported Code Languages and Frameworks (9.6.3).

Rust

In 9.6.3, we are introducing support for the Rust language as a Technical Preview in the SAST engine, including the following features:

Notice

To overcome licensing issues in CxAudit when scanning Rust, perform the following actions after installing 9.6.3:

  1. Install 9.6 HF5

  2. Obtain a new license that includes the Rust language.

Notice

Technology Preview features provide early access to upcoming product innovations, enabling you to test functionality and provide feedback during development. However, these features are not fully supported and might not be functionally complete.

As Checkmarx considers making future iterations of Technology Preview features generally available, we will attempt to resolve any issues customers experience when using these features.

Fast Scan

To speed up SAST engine scans, a new scan mode is being introduced: Fast Scan.

Fast scan mode decreases the scanning time of projects, making it faster to identify relevant vulnerabilities and enable continuous deployments while ensuring that security standards are followed. This will help relevant personas like developers react much faster to what they need to tackle immediately. While the fast scan mode identifies the most significant and relevant vulnerabilities, the in-depth scan mode offers deeper coverage. For the most critical projects with a zero-vulnerability policy, it is advised also to use our in-depth scan mode. With the introduction of the new scanning mode in addition to the in-depth scan mode, the SAST engine addresses two distinct use cases:

  • Fast scanning for more relevant vulnerabilities.

  • Exhaustive and deep scanning for the most mission-critical sensitive projects and applications.

See the Fast Scan bullet here on how to configure this scan.

Presets

Base Preset

A new preset, the Base Preset, has been added to the SAST engine.

It boosts scanning efficiency, prioritizing the swift retrieval of results with pertinent and impactful vulnerabilities. The preset can be used as a starting point and customized to meet your requirements.

For further details, please see Base Preset .

STIG

The STIG preset and its corresponding category have been updated to support the version 5.3.

Scanning Unsupported Files - New Error Code

The error code previously designated as -1 for attempting to scan unsupported files has now been updated to a new code, 60.

Notice

To ensure a seamless transition and prevent potential errors, we strongly recommend to:

  • Carefully review your existing pipelines and workflows.

  • Identify whether there are any configurations or dependencies currently relying on the current error code.

Making the necessary configuration adjustments before upgrading to version 9.6.3 is essential. By making these changes, you'll be able to avoid any disruptions caused by the change in error code and ensure the continued smooth operation of your processes.

XML Files Pre-Processing in Java

Until now, when scanning Java, several XML files were translated into the Java DOM through pre-processing (such as AndroidManifest.xml, build.xml, structs-config.xml).

This caused the DOM to become excessively large, offering minimal benefits for less than 1% of queries. To overcome having a huge DOM, the pre-processing of XML has been removed and queries refactored with APIs for navigating through the XML files.

Notice

These changes have discontinued using DOM for XML files during Java scanning. Consequently, if there are customized queries relying on the DOM of these files, they must now be updated to utilize the XML API.

Engine Pack Supported Code Languages and Frameworks (9.6.3)

Environment and Primary Languages

Secondary Languages

Framework

File extensions

Additional Information

6022007568
  • Java

  • J2SE

  • J2EE

  • JSP

  • JavaScript

  • VBScript

  • PL\SQL

  • HTML5

  • ATG DSP Taglib

  • GWT

  • Hibernate

  • Google Guice

  • Java Server Faces (JSF)

  • JSP

  • JSTL FMT Taglib

  • OWASP ESAPI

  • MyBatis

  • PrimeFaces

  • Spring Boot

  • Spring MVC

  • Spring

  • Struts

  • Velocity

  • .java

  • .jsp

  • .jspf

  • .jsf

  • .tag

  • .tld

  • .mf

  • .xhtml

  • .vm

  • .gradle

  • .properties

  • .jspdsbld

  • .wod

  • .xml

  • .yml

  • .yaml

Java can be configured as a unified language with Scala.

6022007571.png
  • ASP.NET

  • JavaScript

  • VBScript

  • PL\SQL

  • HTML5

  • ASP.NET Core

  • ASP.Net Core Razor

  • ASP.Net MVC framework

  • Enterprise Libraries

  • ComponentArt

  • Entity framework

  • Hibernate.Net

  • Infragistics

  • iBatis

  • Telerik

  • Dapper

  • .cs

  • .cshtml

  • .xaml

  • .vb

  • .config

  • .aspx

  • .ascx

  • .asax

  • .tag

  • .master

  • .xml

6022007574.png
  • ASP

  • JavaScript [**]

  • VBScript

  • PL\SQL

  • HTML5

  • ASP.Net MVC framework

  • .asp

  • .inc

6022007577.png
  • VB6

  • .bas

  • .vbp

  • .frm

  • .cls

  • .dsr

  • .ctl

6022007580.png
  • C

  • C++

  • C MISRA

  • C++ MISRA

  • Informix ESQL/C

  • MySQL

  • .cpp

  • .c

  • .cc

  • .c++

  • .cxx

  • .hpp

  • .hh

  • .h++

  • .hxx

  • .h

  • .ec

  • .cmake

  • .pro

  • .ac

  • .am

  • .txt (related to CmakeLists)

  • .ph

64d4d824681bd.svg
  • PHP

JavaScript

  • bWapp

  • CakePHP

  • OWASP ESAPI

  • Kohana

  • Symfony

  • Smarty

  • Zend

  • .php

  • .php3

  • .php4

  • .php5

  • .phtm

  • .phtml

  • .tpl

  • .ctp

  • .twig

  • .inc

  • .cgi

  • .env

  • .ini

6022007586.png
  • Apex

  • VisualForce

  • Lightning (Aura)

  • Lightning Web Components

  • .apex

  • .apexp

  • .apxc

  • .page

  • .component

  • .cls

  • .trigger

  • .tgr

  • .object

  • .report

  • .workflow

  • -meta.xml

  • .xml

This is for Salesforce APEX only.

6022007589.png
  • Ruby

  • Ruby on Rails

  • .rb

  • .rhtml

  • .rxml

  • .rjs

  • .erb

  • .cgi

  • .lock

6022007592.png
  • JavaScript

  • Typescript

  • Ajax

  • Angular

  • AngularJS

  • Backbone

  • Cordova / PhoneGap

  • Handlebars

  • Hapi.JS

  • JQuery

  • Knockout

  • Kony Visualizer

  • Node.js

    • Buffer

    • CryptoJS

    • ExpressJS

    • File System

    • Hapi

    • Mongodb

    • OracleDB

    • Sequelize

  • Pug (Jade)

  • React Native

  • ReactJS

  • SAPUI5

  • VueJS

  • XS (SAP)

  • RequireJS

  • .js

  • .jsx

  • .htm

  • .html

  • .json

  • .ts

  • .tsx

  • .aspx

  • .ascx

  • .xsjs

  • .xsjslib

  • .xsaccess

  • .xsapp

  • .app

  • .evt

  • .cmp

  • .hbs

  • .handlebars

  • .jade

  • .pug

  • .vue

  • .xml

  • .apexp

  • .page

  • .component

  • .cshtml

  • .jsf

  • .xhtml

  • .jsp

  • .jspf

  • .asp

  • .master

  • .php

6022007598.png
  • VBScript

  • .vbs

  • .aspx

  • .ascx

  • .asp

  • .cshtml

  • .html

  • .htm

  • .master

6022007601.png
  • Perl

  • .pl

  • .pm

  • .plx

  • .psgi

  • .cgi

6022007604.png
  • Android (Java)

  • Volley

  • .java

  • .kt

6022007607.png
  • Objective-C

  • Swift

  • .m

  • .h

  • .swift

  • .xib

  • .plist

6022007610.png
  • HTML 5

  • .html

  • .htm

6022007613.png
  • PL/SQL

  • .pls

  • .sql

  • .pkh

  • .pks

  • .pkb

  • .pck

6022007616.png
  • Python

  • JavaScript

  • VB script

  • PL\SQL

  • Django

  • Flask

  • Jinja and DTL

  • Pandas library

  • Marshmallow

  • .py

  • .gtl

  • .csv

  • .latex

  • .tex

  • .html

  • .xml

  • .txt

6022007619.png
  • Groovy

  • JavaScript

  • VB script

  • PL\SQL

  • .groovy

  • .gsh

  • .gvy

  • .gy

  • .gsp

  • .gradle

6022007622.png
  • Scala

  • Akka

  • Finagle

  • Finatra

  • .scala

  • .conf

Scala can be configured as a unified language with Java.

6022007625.png
  • GO Language

  • Protobuf

  • gin-gonic/gin

  • gorilla-mux

  • .go

  • .mod

kotlinlogo.png
  • Kotlin

  • Ktor (Server Side)

  • Vert.x (Server Side)

  • Spring

  • .kt

  • .kts

  • .mustache

  • .ftl

  • .xml

6022007508.jpg
  • Cobol

  • .cbl

  • .cob

  • .eco

  • .pco

  • .sqb

  • .cpy

6994002109.png
  • RPG

  • .rpg

  • .rpg38

  • .sqlrpg

  • .rpgle

  • .sqlrpgle

  • .dspf

6994002106.png
  • Dart

  • Flutter

  • .dart

  • .yaml

6993019381.png
  • Lua

  • OpenResty

  • .lua

  • .conf

Rust.png
  • Rust

  • .rs

Vulnerability Queries 9.6.3

All queries that are executed in version 9.6.3 are available for download  - PDF, CSV

New and updated queries in version 9.6.3 are available for download - PDF, CSV

Queries associated with predefined query presets are available for download - PDF, CSV

New and Changed Queries Details

Release Notes for Engine Pack (EP) 9.6.3 Patches

Version 9.6.3.1001 February 2024

  • Enhancements made in the following Ruby queries to prevent false positives:

    • Ruby_High_Risk\Stored_XSS

    • Ruby_High_Risk\SQL_Injection