- Checkmarx Documentation
- Checkmarx SAST
- SAST User Guide
- System Management
- Scan Setting
- Query Viewer
Query Viewer
The Query Viewer displays all default queries in CxSAST. A Query is a set of predefined source code used when scanning for vulnerabilities. Conventionally descriptions are provided for each query with an explanation of the associated risk, a description of the cause and mechanism, recommendations for avoiding the vulnerability, and source code examples. Custom descriptions can be created to best suit your organizations procedures and best practices, therefore shortening the remediation time for your developers and improving the quality of your code. You can also import and export queries.
To open the Query Viewer:
1. Go to Settings > Scan Settings > Query Viewer. The Query Viewer window is displayed.
2. Select a Query in the Queries pane. A description is provided in the Description pane with a full explanation of the risk. The source code is displayed in the Source pane at the bottom of the window.
Creating a Custom Description
You can create a Custom Description to best suit your own organizations procedures and best practices.
Notice
The custom description creation option is enabled by default for Auditor and Admin users only.
To create a custom description:
1. From the Query Viewer, select a Query in the Queries pane. A description is provided in the Description pane.
2. Click Create Custom Description. The Upload File to Create Custom Description window is displayed.
3. Click <Choose File>, navigate to the custom description file (.HTML) and click Open.
Notice
For security reasons CxSAST only supports the following HTML tags, attributes and inline styles:
Tags - b, br, caption, center, col, colgroup, dir, div, dl, dt, em, fieldset, font, footer, h1, h2, h3, h4, h5, h6, header, hr, i, li, ol, p, pre, span, strike, strong, table, tbody, td, tfoot, th, thead, tr, u, ul,
Attributes - align, alt, bgcolor, border, cellpadding, cellspacing, charset, color, cols, colspan, dir, height, lang, list, nowrap, radiogroup, rows, rowspan, selected, size, span, style, title, valign, value, vspace, width, wrap
Styles (CSS values) - background, background-color, background-position, background-repeat, border, border-bottom, border-bottom-color, border-bottom-style, border-bottom-width, border-collapse, border-color, border-left, border-left-color, border-left-style, border-left-width, border-right, border-right-color, border-right-style, border-right-width, border-spacing, border-style, border-top, border-top-color, border-top-style, border-top-width, border-width, bottom, caption-side, clear, clip, color, content, counter-increment, counter-reset, cursor, direction, display, empty-cells, float, font, font-family, font-size, font-style, font-variant, font-weight, height, left, letter-spacing, line-height, list-style, list-style-image, list-style-position, list-style-type, margin, margin-bottom, margin-left, margin-right, margin-top, max-height, max-width, min-height, min-width, orphans, outline, outline-color, outline-style, outline-width, overflow, padding, padding-bottom, padding-left, padding-right, padding-top, page-break-after, page-break-before, page-break-inside, quotes, right, table-layout, text-align, text-decoration, text-indent, text-transform, top, unicode-bidi, vertical-align, white-space, widows, width, word-spacing, z-index.
If you try to upload a file with anything else other than what is listed above, the description will not be saved.
4. Click <Upload>. The Custom Description tab is displayed in the Description pane.
You can replace or delete the custom description by clicking Edit Description and selecting Update Description or Delete Description accordingly.
Importing Queries
You can import queries into CxSAST to best suit your own organizations procedures and best practices.
To import queries:
1. From the Query Viewer, click Import Queries. The Import Queries window is displayed.
2. Click <Import>, navigate to the query file (.XML) and click <Open>. The query is displayed in the Queries pane.
Exporting Queries
You can export queries from CxSAST to use in other departments.
To export queries:
1. From the Query Viewer, click Export Queries. The Export Queries window is displayed.
2. Click <OK>.