Languages/Frameworks | Generics | Added Generics support for cases where Generic is defined in the class, the base class type and in member methods. |
| .Net Core | This version introduces new and updated support on the latest versions of .Net Core (version 2.1 and 2.2) for C#. Support for the following language features has been added: Use_Of_Broken_Or_Risky_Cryptographic_Algorithm - Hash Passwords Use_Of_Broken_Or_Risky_Cryptographic_Algorithm - Cryptography Unsafe_Object_Binding Reflected_XSS_All_Clients Overly_Permissive_Cross_Origin_Resource_Sharing_Policy Open_Redirect Insecure_Cookie Information_Exposure_Through_an_Error_Message Heap_Inspection Hardcoded_Cryptographic_Key Find_XSRF_Sanitize Find_HttpOnlyCookies Find_HSTS_Configuration_In_Code Find_Encrypt Base64 Encode/Decode queries refactor
|
Languages/Frameworks | Java | This version introduces new and updated support on the latest versions of Java (version 10, 11 and 12) Support for the following language features has been added: Add SHA-3 Support Input | TIFF Image Support Module System (JPMS) Update Use_Of_Obsolete_Functions Query Update Exception-related queries to support java.lang.SecurityManager Methods Update Exception-related queries to support constructor of MBeanOperationInfo Update Exception-related Queries Support Optional.orElseThrow() in Relevant Queries Support Local-Variable Type Inference (var) - Research and Initial Setup Support Local-Variable Type Inference (var) - Populate inferred types on parsing stage Support Local-Variable Type Inference (var) - Collect symbols using new grammar Support Local-Variable Type Inference (var) Support checkMemberAccess method in Relevant Queries Update Exception-related Queries Update Direct_Use_of_Threads for Removal of Thread.destroy() and Thread.stop() Methods Support Nest Based Access Control in Relevant Queries Support Nest Based Access Control in Exposure_of_Resource_to_Wrong_Sphere Support Local-Variable Syntax for Lambda Expressions Support for the square character for the Japanese new era Add URLClassLoader's constructor to Exception-related queries Add ClassgetAnnotation method to Exception-related queries Support Unicode 11 Support the Remove of finalize methods Support Switch as Expressions Support for Compact Number Formatting Support Compact Number Formatting - Parse String to Number
Support for the following queries was added/updated: Improper_Exception_Handling Find_Commands_With_Exception Uncaught_Exceptions Use_of_Obsolete_Functions Find_CORBA_Deprecated_Methods Find_Java_Awt_Deprecated_Methods Find_Java_IO_Deprecated_Methods Find_Java_Lang_Deprecated_Methods Find_Java_Net_Deprecated_Methods Find_Java_Rmi_Deprecated_Methods Find_Java_Security_Deprecated_Methods Find_Java_Sql_Deprecated_Methods Find_Java_Util_Deprecated_Methods Find_Javax_Swing_Deprecated_Methods
|
Languages/Frameworks | Vue.JS | This version introduces new and updated support on Vue.JS framework. Support for the following language features has been added: Vue.component() - Support Context Object Vue instance - Support Context Object Update CxOutputs to CxEscapedOutputs Transform Templates in ViewDecl and View Call Dom Objects Support X-Templates Support Vue.js Single-File Components Support Vue Router API in Queries Support directive Support tag <template> Support Regular Markups Support Inline Templates Support Html files Support filters Support Context Objects Flattener Support Context Objects Support context computed Directive Support components Invocation Support components declaration Support Associative Array scoped This Update CxOutputs to CxEscapedOutputs Support X-Templates Support Vue Router API in Queries
Support for the following queries was added: |
Languages/Frameworks | SAPUI5 and Fiori apps | This version introduces new and updated support on SAPUI5 and Fiori. Update XSS sinks OData response affect the custom controls renderers and their connections Sap XML Views - ToUpper() and LastAttribute invocation Parse Fiori XML template views Connect Control View Attributes to set methods in Control Catch hardcoded links from SAP domains in all files Catch ABAP system information exposed in the comments Assigning window.location to Open Redirect and XSS Add XHR Response as an input for Fiori apps Add Input for event handling inputs Add connections between getView().byId("ControlName") and the respective associative array of the Control Add connections between a setProperty of a property of a model and the respective getProperty
Support for the following queries was added: |
Languages/Frameworks | Kotlin support | This version introduces new and updated support on the latest Kotlin version. The following language features have been added: The following CxSAST Queries: were added: CxSAST Type Inference Library: |
Languages/Frameworks | Kotlin Server Side - Ktor support | The following language features have been added: Parsing improvements to deal with Ktor specific issues (kotlinx-html) Improvements in type inference Handling of Ktor routing to template outputs through FrameworkFactory Creation of five new queries and identification of inputs/outputs/sanitizers for relevant queries Support of templates (Mustache.js and kotlinx-html)
The following CxSAST Queries have been added: |
Languages/Frameworks | GO Lang support | The following language features have been added: GO version supported in CxSAST is 1.8 The language support was completely rewritten Scan time improved by ~50% TP rate is also high, but more details to come
The following CxSAST Queries: have been added: |
Languages/Frameworks | Cobol support | The following language features have been added: COBOL support is based on the ANSI85 dialect It was extended to also support IBM Enterprise COBOL for Z/OS up to version 6.2 MicroFocus and ILE COBOL have partial coverage only. It supports three formats: Tandem, Variable and Fixed
The following CxSAST Queries have been added: Command_Injection Module_Injection Reflected_XSS_All_Clients Resource_Injection Sql_Injection Ignored_Error_Conditions Path_Traversal Information_Leak_Through_Comments Use_Of_Hardcoded_Passwords Possible_Module_Injection
|
Languages/Frameworks | Angular support | The following framework features have been added: Missing features to fully support Angular 9.0: Router Directive – the RouterLinkWithHRef attribute Router Lifecycle events Material UI - Select - (mat-select) Router configs with Dynamic Imports Angular Web Workers Dependency Injection – the ProvidedIn mode
|
Languages/Frameworks | MyBatis support | MyBatis: MyBatis has been rewritten using Framework Factory. The supported version is 3.5.3 The following CxSAST Queries have been added: |
Languages/Frameworks | React Native support | This version introduces new and updated support to React Native. The support includes some community packages: React Navigation - In React Navigation, there are several components that can be used to navigate inside the application AsyncStorage - This is an asynchronous, decrypted, persistent, key-value storage system for React Native.
The following new queries have been added: Missing Root Or Jailbreak Check Insecure Text Entry Clipboard Information Leakage Insufficient Transport Layer Security Unencrypted Sensitive Data Storage
|
Languages/Frameworks | Currently, lambda expressions are only processed by AbsInt if they are invoked somewhere. However, in some cases, we want to process the lambda expressions even when their invocations are not explicit (eg: partial scans). In order to enable this please search for: ABS_INT_LAMBDAS_IMPLICIT_INVOCATION in: CxSAST Engine Configuration Parameters (v9.2.0 and up) |
Vulnerability Descriptions | New and updated vulnerability descriptions | Providing more detailed guidance for code remediation. The list is available for download from 9.2.0 Vulnerability Queries. |
Vulnerability Queries for Presets | Vulnerability Queries according to Presets | The list is available for download from 9.2.0 Vulnerability Queries. |
Vulnerability Queries | | The list is available for download from 9.2.0 Vulnerability Queries. |
CxQL API Guide | Updated according to changes and updates for version 9.0.0 | |