CxSAST Engine Configuration Parameters (v9.2.0 and up)
The engine configuration parameters have been made available for CxSAST administrators and are provided mainly for information purposes.
Parameter Name | Value Type | Default Value | Parameter Description |
---|---|---|---|
ABS_INT_RESOLVE_MEMBER_ACCESSES_LANGUAGES | string | ["JavaScript"] | Activate the Abstract Interpretation based resolver to resolve member accesses for specific languages (if ABS_INT_RESOLVE_MEMBER_ACCESSES is set to false). |
ACTIVE_MESSAGE_QUEUE_URL | string |
| Message queue URL. |
CALCULATE_CONFIDENCE_LEVEL | bool | true | Calculates the Confidence Level for each results and prints it as well as the additional data needed for ML to the results xml. |
CASE_SENSITIVE_FILENAMES | bool | false | For case-sensitive OS (Linux) the value should be true, for non-case-sensitive OS (Windows) it should be false. The value refers to the OS on which the sources compile, not the current OS. |
CLIENTS_CONFIDENCE_LEVEL_COLLECT | string |
| Used when collecting data of results for confidence level future machine learning model training. The values are 'CxAudit' and/or 'EngineAgent' separated with ';' (e.g. CxAudit;EngineAgent). |
CONFIDENCE_LEVEL_COLLECT_DATA_FILE_PATH | string | C:\\Temp\\ConfidenceLevel\\ | Used when collecting data of results for confidence level future machine learning model training. The location of the resutls data files. |
CXAUDIT_TREE_VIEW_FLAT | bool | false | Defines the project Treeview structure as flat or regular. |
EXCLUDE_PATH | string | jquery;angular.js;angular-animate.js;angular-aria.js;angular-cookies.js;angular-messages.js;angular-mocks.js;angular-resource.js;angular-route.js;angular-sanitize.js;angular-touch.js;angular-scenario.js;angular-loader.js;angular.min.js;angular-resource.min.js;angular-cookies.min.js;angular-loader.min.js;angular-aria.min.js;angular-messages.min.js;angular-mocks.min.js;angular-route.min.js;angular-sanitize.min.js;angular-touch.min.js;angular-scenario.min.js;jsoneditor.js;jsoneditor.min.js | Semicolon separated list of file names to exclude from the scan (e.g. file1;file2;file3). Include only file names, not paths. |
MAX_ALLOWED_RESULTS_FILE_SIZE_IN_MB | int | 100 | Max query result file size in MB. |
MAX_QUERY_TIME | int | 60 | Defines part of a formula to calculate the maximum execution time allowed for a single query. After the set time, the query execution is terminated, the result is empty and the log indicates that its execution failed. |
MESSAGE_QUEUE_DELAY_BETWEEN_RETRIES | int | 1000 | The time delay in milliseconds between retries, when opening a connection or sending a message to the message queue. |
MESSAGE_QUEUE_NUMBER_OF_OPEN_RETRIES | int | 10 | The number of retries to perform, when opening a message queue connection. |
MESSAGE_QUEUE_NUMBER_OF_SEND_RETRIES | int | 90 | The number of retries to perform, when sending a message to the message queue. |
MESSAGE_QUEUE_OPEN_TIMEOUT | int | 10 | The time to wait (in seconds) while trying to open a connection to the queue. |
MESSAGE_QUEUE_TTL_DAYS | int | 1 | The time unclaimed messages will wait in the MQ before being deleted. |
NUMBER_OF_RESULTS_FOR_CONFIDENCE_LEVEL_DATA_COLLECTION | int | 150 | Used when collecting data of results for confidence level future machine learning model training. Defines the maximal number of results that are collected per query. |
TIME_LIMIT_WAITING_FOR_CONFIDENCE_LEVEL_DATA_COLLECTION | int | 180000 | Limited time in milliseconds to wait for the confidence level data collection tasks. |
USE_ROSLYN_PARSER | bool | true | Enable the use of Roslyn parser to scan C# files. |
WRITE_CONFIDENCE_LEVEL_TO_LOG | bool | false | Write confidence level calculation tracing to a file in order to help understand why a certain confidence level was given to a certain result. |
ENABLE_SAVE_CPP_PREPROCESSED_FILES | bool | true | Enable/disable the ability of CPP Preprocessor to save the preprocessed files. |
ENCODING | string | utf-8 | Character encoding of source files. |
LANGUAGE_THRESHOLD | double | 2.0 | Sub-setting of MULTI_LANGUAGE_MODE. The minimal percentage of complete number of files required to scan a language. Should be set to 0.0 (and MULTI_LANGUAGE_MODE=2) to match the Portal_s Multi-language mode. See MULTI_LANGUAGE_MODE parameter for more details. |
MULTI_LANGUAGE_MODE | int | 1 | Defines which languages the application should scan. 1 = One Primary Language, 2 = All Languages, 3 = Matching Sets, 4 = Selected Languages. |
SCAN_BINARIES | bool | false | Whether or not to scan binary files (only available for .jar files – Java – and for .dll files – C#). *Note*: Requires Java to be installed on the machine. |
SUPPORTED_LANGUAGES | string | 1,32;128,256;4,2048 | Sub-setting of MULTI_LANGUAGE_MODE. If MULTI_LANGUAGE_MODE = 1 or 2 ignore/meaningless. If MULTI_LANGUAGE_MODE = 4 then languages are separated by commas. See MULTI_LANGUAGE_MODE parameter for more details. |
TYPES_TO_DECOMPILE | string | * | When SCAN_BINARIES is set to true, this flag should be used to specify which packages/namespaces should be decompiled and then included in the scan. Format x.y.* can be used to specify that all the types under package/namespace x.y should be decompiled and scanned. The list of packages/namespaces should be separated by a semicolon (;). |
PRINT_DEBUG | bool | false | Defines whether writing additional details to application logger with debug orientation is enabled or not. True = Enabled, False = Disabled. |
PRINT_LOG | bool | true | Defines whether the output of Function log.Write is printed to the log or not. True = Print, False = Dont Print. |
ENABLE_CPP_IBM_DECODE | bool | false | Enable the C++ Preprocessor to search, file by file, for IBM pragma filetag directive, in order to find the correct encode. |
BEAUTIFIER_MIN_NUMBER_OF_WORDS_IN_MINIMIZED_LINE | int | 500 | BEAUTIFIER: If length of line bigger then this value - this is min.js file. |
BEAUTIFIER_NUMBER_OF_ROWS_TO_CHECK | int | 3 | BEAUTIFIER: number of last rows to check. If they are longer than BEAUTIFIER_MIN_NUMBER_OF_WORDS_IN_MINIMIZED_LINE - this is min.js file. |
BEAUTIFIER_TIMEOUT_IN_SEC | int | 180 | After this value of seconds the beautification of single file will aborted and the original file will returned. Put 0 to disable the watchdog. |
MAXFILESIZEKB | int | 1000 | Files exceeding the set size (in KB) will not be scanned. |
PARAMETER_VALUE_CORES_NUMBER | string | SingleSocket,0;MultiSocket,0 | Parameter value for method SetToAllCores in EngineInfrastructure.ProcessAffinityManager class - setting cores number for current process. Different parameter for single and multi-socket (e.g. SingleSocket,0;MultiSocket,0). |
PROCESS_AFFINITY_MANAGER_SETTINGS | string | SingleSocket,NoLimitation;MultiSocket,NoLimitation | Settings for methods of the EngineInfrastructure.ProcessAffinityManager class. Possible values one of OldVersion,NewVersion,NewVersionOneSocketOnly,NoLimitation. Different parameter for single and multi-socket. (e.g. SingleSocket,OldVersion;MultiSocket,NoLimitation). |
MAX_PATH_LENGTH | int | 57 | Defines the maximum amount of flow elements allowed in an influence flow calculation. Paths with length exceeding this number are ignored. |
MAX_QUERY_TIME_PER_100K | int | 15 | Sub setting of MAX_QUERY_TIME. Defines part of formula to calculate the maximum execution time allowed for a single query. See MAX_QUERY_TIME parameter for more details. |
ENABLE_FICTITIOUS_DEFINITION | bool | false | Enables the use of the Fictitious Definitions inside the Java Resolver. |
ABS_INT_LAMBDAS_IMPLICIT_INVOCATION (new in CxSAST 9.2) | bool | false | Currently, lambda expressions are only processed by AbsInt if they are invoked somewhere. However, in some cases, we want to process the lambda expressions even when their invocations are not explicit (eg: partial scans). In order for this to be possible, a flag was added to the Engine configuration: ABS_INT_LAMBDAS_IMPLICIT_INVOCATION (acceptable value is a boolean; default value is false). This functionality is still in the test phase and must therefore be used with caution. Activating this flag may create unexpected flows or unexpected Abstract values because the lambdas are invoked with the context/environment of their declaration rather than their invocation. This flag is linked with ABS_INT_CALL_STACK_DEPTH flag. Since its default value is 3 (levels in stack depth), it might be necessary to increase it in order to find the relevant flows. Be aware that performance will be affected. |
ABS_INT_CALL_STACK_DEPTH | int | 3 |
.