Engine Pack Version 9.7.4

CxSAST Engine

Languages & Frameworks

All supported code Languages & Frameworks versions can be found here.

C++

Added support for range-based for loop (C++ 11) and pack expansions in lambda capture groups (C++17).
Hand-crafted tokenizer used during macro expansion for enhanced performance.
Boost and stdlib:
- Added support for: "map", "multimap", "unordered_map", "unordered_multimap", "flat_map", "flat_multiset" and "flat_multimap"-
Boost
- Extended support for vector initialization and iteration methods

Go

Added new and improved queries, including:

Cryptography
Information Exposure
JWT
File Handling
Password Management
DoS
XSS
SQL Client

Additionally, some general queries were added and refined, expanding detection capabilities and improving overall scan precision.

Optimized Java .properties Files Handling During Scans

Improved handling of .properties files during SAST scans by skipping their preprocessing and DOM generation. These files are now processed only during query execution using a simpler, more efficient mechanism.

Affected queries are:

Java_Medium_Threat.Use_Of_Hardcoded_Password
Java_Medium_Threat.Use_Of_Hardcoded_Password_In_Config
Java_Low_Visibility.Incorrect_Permission_Assignment_For_File_System_Resources
Java_Best_Coding_Practice.LeftOver_Debug_Code
Java_Best_Coding_Practice.ESAPI_Banned_API
Java_Best_Coding_Practice.Incorrect_Block_Delimitation
Java_Best_Coding_Practice.Potentially_Serializable_Class_With_Sensitive_Data
Java_Best_Coding_Practice.Unused_Variable
Java_Metadata.Get_Values_Assigned_To_Properties

Compliance Standards

PCI has been improved to include queries covering Rule 8.6.2
ASA Premium preset has been updated to include additional queries.
ASA Mobile Premium preset has been updated to include additional queries.

Recommended Exclusions

Added default exclusions for #[test] and #[cfg(test)] annotations in Rust to prevent false positives in test code.

In this section: