Skip to main content

Query Coding Example

Creating code for a new query may require studying the CxSAST query programming language (detailed in the Checkmarx CxQuery API Guide). However, some shortcuts are available.

In the QA analysis example of creating a query to find hardcoded text in generated files, we might look at the building-block queries under Cx > General, and find a query called Find_Strings . Its code is as follows:

result = All.FindByType(typeof(StringLiteral));
result -= Find_Dead_Code_Contents();

Clearly, it is the first line that is searching for literal strings. We don't want that in a final result, but rather in a variable, so in our query we'll write:

CxList strings = All.FindByType(typeof(StringLiteral));

Then we need to find places where files are generated. If we can find one place in the code where a file is generated, we can right-click it and select one of the Findby options. The resulting code is put into the Corp > CxDefaultQueryGroup > CxDefaultQuery query, and we can then copy it to our query and edit it. For our purposes we would change it to:

CxList filescreation= All.FindByShortName("file",false);

For the final query result, we need to find where file creation is at the end of a path coming from a literal string. So, the whole query would be:

CxList strings = All.FindByType(typeof(StringLiteral));
CxList filescreation= All.FindByShortName("file",false);
result = filescreation.DataInfluencedBy(strings);