Skip to main content

Engine Pack Version 9.7.3

CxSAST Engine

Languages & Frameworks

All supported code Languages & Frameworks versions can be found here.

C++

  • Improved Boost support, with enhancements in the Algorithms library.

  • Enhanced the Macros support by adding a reverse include mechanism.

  • Parse integer literals with ticks (example: 3’00’324’32).

  • Support Microsoft internal and ref keywords.

Go

Go language coverage and accuracy have been improved in this engine pack:

  • New cryptography-focused queries have been added.

  • Multiple general queries were added and refined, expanding detection capabilities and improving overall scan precision.

For further details, please see here.

JavaScript

Several queries have been reviewed and refactored to improve the results' accuracy and reduce the noise by decreasing the FPs.

For further details, please see here.

Optimized Handling of CSharp Configuration Files

Optimized Handling of Configuration Files in C# Scans

Previously, when scanning C# projects, several configuration files were pre-processed and translated into the C# DOM. This approach significantly increased the size of the DOM while providing limited value.

To address this, pre-processing of configuration files has been removed, and related queries have been refactored to use APIs that navigate the configuration files directly. The affected queries are under “CSharp_Web_Config.” For further details, please see here.

Key benefits of this enhancement include a reduced DOM size, which improves scan performance, and code snippet highlighting in both the Results Viewer and Audit interface.

Notice

As a result of this change, some findings may now have a different Similarity ID.

The updated queries related to this change are grouped under CSharp_Web_Config.

Compliance Standards

Base Preset

Until now, the Base preset supported queries for C++, CSharp, Java, JavaScript and Python.

With this engine pack, the preset has been enhanced to include support for additional languages: APEX, ASP, Cobol, Dart, Go, Groovy, Kotlin, Lua, ObjectiveC, Perl, PHP, PLSQL, RPG, Ruby, Rust, Scala, SQL, Swift, VB6, and VBNet.

Recommended Exclusions

Previously available on CxOne, this feature is now included for on-premises users. It allows users to further optimize scan performance by focusing on relevant files, helping maximize accuracy while maintaining a similar scan duration.

By default, no files or folders are excluded. To enable exclusions, configure the PREDEFINED_FILE_EXCLUSIONS_MODES setting and specify the files and/or directories excluded from scans.

CWEs Updates

A few queries have had their CWE classifications reviewed and updated to remove any CWEs no longer supported or allowed by MITRE.

For more information on the affected queries, please refer to here, filtering by “CWE changed“.

Critical Severity

This engine pack completes the severity review of queries. It includes updates for queries whose severity has been changed from any severity to High or Critical, except those upgraded from High to Critical, which were already addressed in engine pack 9.7.1.