Query Coding Example
Creating code for a new query may require studying the CxSAST query programming language (detailed in the Checkmarx CxQuery API Guide). However, some shortcuts are available.
In the QA analysis example of creating a query to find hardcoded text in generated files, we might look at the building-block queries under Cx > General, and find a query called Find_Strings . Its code is as follows:
result = All.FindByType(typeof(StringLiteral)); result -= Find_Dead_Code_Contents();
Clearly, it is the first line that is searching for literal strings. We don't want that in a final result, but rather in a variable, so in our query we'll write:
CxList strings = All.FindByType(typeof(StringLiteral));
Then we need to find places where files are generated. If we can find one place in the code where a file is generated, we can right-click it and select one of the Findby options. The resulting code is put into the Corp > CxDefaultQueryGroup > CxDefaultQuery query, and we can then copy it to our query and edit it. For our purposes we would change it to:
CxList filescreation= All.FindByShortName("file",false);
For the final query result, we need to find where file creation is at the end of a path coming from a literal string. So, the whole query would be:
CxList strings = All.FindByType(typeof(StringLiteral)); CxList filescreation= All.FindByShortName("file",false); result = filescreation.DataInfluencedBy(strings);