Content Pack Version - CP.9.2.0.21058 (Java, Groovy)

Owned by Rui Pereira (Unlicensed)
Last updated: Dec 27, 2021 by Nuno Oliveira
2 min read

The content of this Content Pack (CP.9.2.0.21058), will be available for CxSAST version 9.4 in CxSAST Engine Pack version 9.4.3.

Each Ruleset Content Pack includes improvements to queries, and optionally also to presets. Technically, these changes are delivered through database upgrade scripts which affect the relevant tables.

As with any CxSAST product release, the Content Pack resets the Checkmarx built-in presets to the default query set.

This Content Pack uses a unified installer and it includes all the Content Packs published for version 9.2.0. It includes updates to Java, Groovy.

Installation order

  • This is a cumulative Content Pack, it can be installed over any of the version 9.2.0 Content Packs and does not require other Content Packs.

  • This Content Pack requires 9.2.0 Hotfix 20 or higher previously installed on the CxSAST Environment (Manager and Engines).

It includes all the changes provided by Content Pack 20 and the following improvements:

  • Java, Groovy

  • Best_Coding_Practice/Usage_of_Vulnerable_Log4J - This new query finds usage of Log4J dependencies, as a way of exposing Apache Log4J Remote Execution.

Note: Common queries were added that could serve as a basis for defining the same queries in other languages.

 

Version Upgrade
In general, it is mandatory to install at least the same Content Pack number for newer versions while upgrading. For instance, when upgrading from v9.2.0 CP20 it is necessary to upgrade to v9.3.0 CP20. This step ensures the accuracy of the results is maintained while upgrading.

 

Which CxSAST version is this Content Pack for?
As stated in the release notes, this Content Pack is only compatible with CxSAST v9.2.0.

Which languages were targeted in this Content Pack?
This Content Pack adds new queries in Java and Groovy to handle the Log4J vulnerability.

Can this Content Pack be installed on top of other Content Packs?
Yes, this Content Pack is a multi-language Content Pack. It inherits all the characteristics of previous Content Packs, in other words, it is cumulative.

Does this Content Pack depend on other Content Packs?
No, there are no dependencies on other Content Packs. All Content Packs are cumulative, meaning that when one Content Pack is installed it includes all the previous Content Packs.

Can this Content Pack be installed over other Content Packs?
Yes it can. It will override its content.

Is there any order of installation between this Content Pack and Content Pack 20?
Yes. But there is no need to install other Content Packs. This Content Pack includes all the previous.

Can this Content Pack be installed in further/previous versions, like CxSAST 9.0?
No.

Does this Content Pack depend on any HotFix?
Yes, It requires the Hotfix 20 previously installed on the environment (manager and engines).