- Checkmarx Documentation
- Checkmarx SAST
- SAST Release Notes
- Engine Pack Versions and Delivery Model
- Previous Engine Pack Versions
- Release Notes for Engine Pack 9.4.4
Release Notes for Engine Pack 9.4.4
Engine Pack 9.4.4 contains the following engine deliverables and enhancements:
Installation Notes
Warning
In a distributed environment, the relevant Engine Pack must also be installed on the CxManager host to update the SQL database.
Notice
Engine Packs are cumulative and include previous Engine Pack updates.
For more information about Engine Pack installation, see Engine Pack Versions and Delivery Model.
New Improved Scan Flow Improvements
New Improved Scan Flow now supports the following:
Java
Objective-C
Perl
Language Updates
Engine Pack 9.4.4 introduces several significant language enhancements and updates.
New support for Scala Language
The re-write of the Scala language support has been finalized and includes many additional features, allowing us to improve our overall support and accuracy.
By default, the new Improved Scan Flow is used for calculating the flow.
New support for Swift Language
The re-write of the Swift language support has been finalized and includes many additional features, allowing us to improve our overall support and accuracy.
By default, the new Improved Scan Flow is used for calculating the flow.
Our updated Swift support is now independent from Objective-C, so that Swift and Objective-C are now scanned as two separate languages, not only as Objective-C as in the previous versions, and vulnerabilities are identified and displayed in the SAST Web Portal Results Viewer, according to the specific language. To scan Swift source code and Objective-C without risking a decrease in accuracy, perform the following:
Install 9.4 HF10.
Obtain a new license that includes the Swift language, for the CxAudit.
Improvements in the RPG language support
The RPG support has been improved to include more additional features, allowing us to improve our overall support and accuracy.
TypeScript language support update
This version introduces updated support on the latest versions of TypeScript.
Kotlin language support update
This version introduces updated support on the latest versions of Kotlin.
New Query for Detecting Log4J Vulnerable Versions
The following query was added to the Java language for detecting vulnerable Log4J versions:
Java_High_Risk/Unsafe_JNDI_Lookup - This new query finds usage of Log4J dependencies, as a method of exposing Apache Log4J Remote Execution.
New Query for Detecting Prototype Pollution
The following query was added to the JavaScript language for detecting the Prototype Pollution vulnerability:
JavaScript_High_Risk/Prototype_Pollution - This query finds external properties assignment without validation, which might allow object properties pollution and affect the application's normal behavior.
Preset for KISA Software Secure Coding
The preset for Korean Security Standards, called MOIS/KISA Software Secure Coding 2021 from the Ministry of the Interior and Safety and Korea Internet & Security Agency was enriched with additional queries to improve the accuracy.
A new category for MOIS(KISA) Secure Coding 2021 is also available for tracking results and checking for compliance.
Presets for C++ Coding Standards
The following C++ language presets were enriched with additional queries for improving their accuracy:
SEI CERT
ISO/IEC TS 17961 2013/2016
Preset for C Coding Standards
A new preset, called MISRA C 2012 was added for C language.
This preset aims to be an improved version of the preset MISRA C. In this version, the preset contains new queries for Rules 5.1 to 5.9, 7.1, 7.2 and 7.3. In the upcoming version, the preset will be improved with additional queries and extended rules coverage.
Preset for SANS Top 25
The SANS Top 25 preset was updated to the latest version and a new category was added for tracking results and checking for compliance.
Queries Translated to Chinese
The Chinese translation for the query descriptions is now available.
Log Improvements
Debug messages are no longer printed in the logs.