- Checkmarx Documentation
- Checkmarx SAST
- SAST Release Notes
- Engine Pack Versions and Delivery Model
- Previous Engine Pack Versions
- Release Notes for Engine Pack 9.4.2
Release Notes for Engine Pack 9.4.2
Engine Pack 9.4.2 contains the following engine deliverables and enhancements:
Installation Notes
Warning
In a distributed environment, the relevant Engine Pack must also be installed on the CxManager host to update the SQL database.
Notice
Engine Packs are cumulative and include previous Engine Pack updates.
For more information about Engine Pack installation, see Engine Pack Versions and Delivery Model.
Support for OWASP Top 10 2021
A preset query for the OWASP Top 10 2021 is available out-of-the-box with this Engine Pack.
In addition to this new preset, the Engine Pack includes the following enhancements for OWASP Top 10 2021:
New Results Viewer category
New queries (security rules) which extend our support for the new standard
An “OWASP Top 10 2021” report format
For more information, see OWASP Top 10 2021.
New Flow Improvements
New Flow has been improved in the following ways:
New Flow now supports the following:
Python Kwargs type parameters
JS Spread operators on objects and arrays
Where multiple classes can implement an interface, New Flow can now keeps track of which concrete type implements the interface, and only enters the methods of that implementation into the flow analysis.
The recording of the New Flow statistics has been improved by printing the entire statistics to the log file after the flow is completed. Previously, partial statistics were printed to the log once a minute, while the flow was still running.
Incremental Scan Improvements
In 9.4.2 the incremental scan process is more accurate because of improvements to the closure file build mechanism. By including more data in the method mapping files, the incremental scan process achieves more accurate results.
Languages and Frameworks Updates
This release includes several improvements in support of the following languages and frameworks:
For current information about language and framework support in general, see Supported Code Languages and Frameworks for Engine Pack 9.4.2.
Java Frameworks: JSF, PrimeFaces
In 9.4.2 we finished the support rewrite of JSF.
JSF
The JSF (Jakarta Server Faces, formerly JavaServer Faces) framework is now supported up to version 2.3.0
In JSF, the major improvements were on the following:
Managed Bean is a regular Java Bean class registered with JSF.
Conditional Navigation, making it is possible to define multiple paths, each for different conditions, but all with the same outcome name
The tags defined by the JavaServer Faces standard HTML tag library representing HTML form components and other basic HTML elements
The following security queries were added:
JSF_Local_File_Inclusion
JSF_CSRF
JSF_Managed_Bean_PII_Leak
The following security queries were improved:
Reflected_XSS_All_Clients
Stored_XSS
Client_State_Saving_Method_JSF
ReDoS_From_Regex_Injection
Expression_Language_Injection_OGNL
Open_Redirect
Stored_Open_Redirect
PrimeFaces
PrimeFaces is a popular open-source framework for JavaServer Faces and it’s now partially supported up to version 10.
In PrimeFaces, the major features available are the following:
Inputs Tags
Output Tags
Data Tags
JavaScript Frameworks: Angular
Angular is now supported up to versions 11 and 12.
In Angular, the major improvements were on the following:
Nullish Coalescing
Updated Deprecated_API
The following security query was improved:
Angular_Deprecated_API
Python
In 9.4.2 Python support was improved by correcting specific bugs and improving its accuracy.
Technology Preview: RPG, Scala
Notice
Technology Preview features provide early access to upcoming product innovations, enabling you to test functionality and provide feedback during the development process. However, these features are not fully supported, might not be functionally complete, and are not intended for production use.
As Checkmarx considers making future iterations of Technology Preview features generally available, we will attempt to resolve any issues that customers experience when using these features.
The following languages are available as Technology Preview in CxSAST 9.4.2:
RPG
RPG is a high-level programming language for business applications. We are introducing brand new language support.
Scala
Scala combines object-oriented and functional programming in one concise, high-level language.
Scala will be redesigned using the latest engine technologies and bringing them in line with all other supported languages resulting in improved scan duration and better accuracy.