Each Ruleset Content Pack includes improvements to queries, and optionally also to presets. Technically, these changes are delivered through DB upgrade scripts which affect relevant tables.
Detailed content descriptions can be found in the table below:
| Content Pack Version | Compatible Version | Release Date | Content |
|---|
| CP.8.9.0.12 | 8.9.0 | 21 August 2019 | Download link: https://www.checkmarx.com/downloads/ This Ruleset Content Pack (CP) includes improvements for reducing the amount of false positive results. The following Java queries were updated: - LDAP_Injection
- Stored_Absolute_Path_Traversal
- Stored_Command_Injection
- Stored_Relative_Path_Traversal
- Improper_Restriction_of_stored_XXE_Ref
- Plaintext_Storage_of_a_Password
- Stored_LDAP_Injection
- Stored_Code_Injection
- Stored_HTTP_Response_Splitting
- Stored_Open_Redirect
- Stored_XPath_Injection
- Connection_String_Injection
Details on the queries changed: - LDAP_Injection - Directory Context search method support was improved. Updated support for LDAP ESAPI support.
- Stored_XPath_Injection - Stored inputs were updated by improving support on Database Outputs and File streams.
- Connection_String_Injection - Connection string outputs Improved
- Other queries were improved on database inputs/outputs and file accesses
It is also includes a new Preset: Checkmarx Express containing following Java queries which have the accuracy improved: - LDAP_Injection
- Plaintext_Storage_of_a_Password
- Stored_LDAP_Injection
- Connection_String_Injection
In this CP the following improvements were done: - At High Risk queries the accuracy is improved by 20%
- At Medium Threat queries the accuracy is improved by 22%
|
.