In version 9.4, a semi-automatic approach was added to improve the way the Checkmarx C++ parser handles macros and build files. This section provides a high-level description of what is offered.

From 9.4 on, the configuration as code CppDefaultMacros.json file is replaced by the approach described in this section.

Note that the CppDefaultMacros.json file is still considered if it exists at the root of the project being scanned, and it overrides all information obtained from the semi-automatic approach.

Please contact your Customer Service Manager (CSM), to request Professional Services assistance with this customization

1 Overview
2 C++ Build Files Support
3 C++ Macros Database
- 3.1 Supported Libraries (pre-defined set)
  - 3.1.1 OpenSSL (libssl, libcrypto) 1.1.1
  - 3.1.2 libcurl 7.72.0
  - 3.1.3 libssh2 1.9.0
  - 3.1.4 libtiff 4.1.0
  - 3.1.5 libxml++ 4.9
  - 3.1.6 libzlib 1.2.11
  - 3.1.7 libid3 3.8.3
  - 3.1.8 libpng 1.6.37
  - 3.1.9 libgcrypt 1.8.6
  - 3.1.10 Googletest 1.10.0 (former Google Mock)
4 FAQ

Overview

The objective was to reduce the manual work of configuring a CppDefaultMacros.json file for each project being scanned, by providing the following:

A method of inspecting and extracting macros, including paths and other information from the build files present in the project being scanned.
A method of extracting macros from different repositories and adding them to a database to be used during the C++ preprocessing.

C++ Build Files Support

The new approach includes elementary support for the most common C++ build files.

Currently, the following files/build technologies are detected:

Makefiles
CMake
Autotools
QMake
Compile Database

We inspect these files to extract (when possible):

Macro Definitions
Global Include paths
Target OS Architecture Information
Other specific options, such as trigraphs

C++ Macros Database

The C++ Macros Database gathers C++ macros and their definition to be used in the CxSAST scans.

This database is shipped with the CxSAST solution with a pre-defined set of macros found on known and most-used libraries.

However it can be extended and fine-tuned for the customer (with the help of Checkmarx’s PS people), considering libraries present in the customer code base, which may not be on our database.

Supported Libraries (pre-defined set)

OpenSSL (libssl, libcrypto) 1.1.1

Only the files under include/{crypto,openssl}/* are relevant.

https://github.com/openssl/openssl (Don’t pull master. Instead pull the specific version tag/branch)

libcurl 7.72.0

Only the files under include/curl/* are relevant.

https://curl.haxx.se/download/curl-7.72.0.zip

libssh2 1.9.0

Only the files under include/* are relevant.

libtiff 4.1.0

Only the files under libtiff/* are relevant.

http://download.osgeo.org/libtiff/tiff-4.1.0.zip

libxml++ 4.9

Only the files under libxml++/* are relevant.

libzlib 1.2.11

https://zlib.net/zlib-1.2.11.tar.gz

Only the files immediately under the root are relevant.

libid3 3.8.3

https://downloads.sourceforge.net/id3lib/id3lib-3.8.3.tar.gz

Only the files under include/* (and descendants) are relevant.

libpng 1.6.37

http://prdownloads.sourceforge.net/libpng/lpng1637.zip?download

Only png.h and pngconf.h are relevant.

libgcrypt 1.8.6

https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.6.tar.bz2

Only header files under src are relevant.

Googletest 1.10.0 (former Google Mock)

Main macros are EXPECT_{EQ,NE,…}, imported from gtest.h.

FAQ

Q: Is the CppDefaultMacros.json configuration file needed?

A: No. It is still considered in case it exists at the root of the project. The file is useful if want to add some extra information that is neither in the macro database nor in the build files.

Q: Are the build files processing ON by default?

A: Yes!

Checkmarx Knowledge Center

Configure C++ Macros and Build Files