Skip to main content

Engine Pack Version 9.7.4

CxSAST Engine

Languages & Frameworks

All supported code Languages & Frameworks versions can be found here.

C++

  • Added support for range-based for loop (C++ 11) and pack expansions in lambda capture groups (C++17).

  • Hand-crafted tokenizer used during macro expansion for enhanced performance.

  • Boost and stdlib:

    • Added support for: "map", "multimap", "unordered_map", "unordered_multimap", "flat_map", "flat_multiset" and "flat_multimap"-

  • Boost

    • Extended support for vector initialization and iteration methods

Go

Added new and improved queries, including:

  • Cryptography

  • Information Exposure

  • JWT

  • File Handling

  • Password Management

  • DoS

  • XSS

  • SQL Client

Additionally, some general queries were added and refined, expanding detection capabilities and improving overall scan precision.

Optimized Java .properties Files Handling During Scans

Improved handling of .properties files during SAST scans by skipping their preprocessing and DOM generation. These files are now processed only during query execution using a simpler, more efficient mechanism.

Affected queries are:

  • Java_Medium_Threat.Use_Of_Hardcoded_Password

  • Java_Medium_Threat.Use_Of_Hardcoded_Password_In_Config

  • Java_Low_Visibility.Incorrect_Permission_Assignment_For_File_System_Resources

  • Java_Best_Coding_Practice.LeftOver_Debug_Code

  • Java_Best_Coding_Practice.ESAPI_Banned_API

  • Java_Best_Coding_Practice.Incorrect_Block_Delimitation

  • Java_Best_Coding_Practice.Potentially_Serializable_Class_With_Sensitive_Data

  • Java_Best_Coding_Practice.Unused_Variable

  • Java_Metadata.Get_Values_Assigned_To_Properties

Compliance Standards

  • PCI has been improved to include queries covering Rule 8.6.2

  • ASA Premium preset has been updated to include additional queries.

  • ASA Mobile Premium preset has been updated to include additional queries.

Recommended Exclusions

Added default exclusions for #[test] and #[cfg(test)] annotations in Rust to prevent false positives in test code.