Refining a Query - Extending Checkmarx Sanitization

If you need to extend Checkmarx’s out of the box recognized list of sanitizers, or other language constructs like known inputs or known database access functions, you can do so by overriding the building-block queries (see Query Structure).

The building block queries are located in {Language} > Cx General (or Language > Cx > {Language}_General).

Checkmarx provides automatic extension of the building block queries.

Right-click your code and add it to the desired building block query.
For example, to remove false positive results in Reflected_XSS_All_Clients, do the following:

Open the CxAudit and audit the relevant project.

Find the query definition.


Find the definition of the sanitization for this function.

In the example below it is: Find_XSS_Sanitize

In the application code, find the function that you want Checkmarx to regard as a valid sanitization for this query.

Right-click the function and select Add all instances to > {Language} > {Sanitizer_list} (the sanitization for the query).

As a result, a new Find_XSS_Sanitize() function is created and is located in Corp > General.

To save the changes, click Save All Queries.

This function will now be used as it overrides the original Find_XSS_Sanitize() function.