Content Pack Version - CP. (Java)

Each Ruleset Content Pack includes improvements to queries, and optionally also to presets. Technically, these changes are delivered through DB upgrade scripts which affect relevant tables.

Detailed content descriptions can be found in the table below:

Content Pack VersionCompatible VersionRelease DateContent
CP. August 2019

Download link:

This Ruleset Content Pack (CP) includes improvements for reducing the amount of false positive results. The following Java queries were updated:

  • LDAP_Injection
  • Stored_Absolute_Path_Traversal
  • Stored_Command_Injection
  • Stored_Relative_Path_Traversal
  • Improper_Restriction_of_stored_XXE_Ref
  • Plaintext_Storage_of_a_Password
  • Stored_LDAP_Injection
  • Stored_Code_Injection
  • Stored_HTTP_Response_Splitting
  • Stored_Open_Redirect
  • Stored_XPath_Injection
  • Connection_String_Injection

Details on the queries changed:

  • LDAP_Injection - Directory Context search method support was improved. Updated support for LDAP ESAPI support.
  • Stored_XPath_Injection - Stored inputs were updated by improving support on Database Outputs and File streams. 
  • Connection_String_Injection - Connection string outputs Improved
  • Other queries were improved on database inputs/outputs and file accesses

It is also includes a new Preset: Checkmarx Express containing following Java queries which have the accuracy improved:

  • LDAP_Injection
  • Plaintext_Storage_of_a_Password
  • Stored_LDAP_Injection
  • Connection_String_Injection

In this CP the following improvements were done:

  • At High Risk queries the accuracy is improved by 20%
  • At Medium Threat queries the accuracy is improved by 22%