Stack Overflow
Stack Overflow

Questions tagged [checkmarx]

Source code analyzer software which provides identifying, tracking and repairing technical and logical flaws.

Checkmarx CxSuite is a unique source code analysis solution that provides tools for identifying, tracking, and repairing technical and logical flaws in the source code, such as security vulnerabilities, compliance issues, and business logic problems.

Without needing to build or compile a software project's source code, CxSuite builds a logical graph of the code's elements and flows. CxSuite then queries this internal code graph. CxSuite comes with an extensive list of hundreds of preconfigured queries for known security vulnerabilities for each programming language. Using the CxSuite Auditor tool, you can configure your own additional queries for security, QA, and business logic purposes.

Technical Document

341 questions
-1
votes
2 answers

Checkmarx fix for CGI_Stored_XSS Vulnerability

Checkmarx complains that there is a Unvalidated DB output. How to validate DB output in general?
NPS
  • 71
  • 1
  • 2
  • 6
-1
votes
1 answer

Running Scans automated Checkmarx

I am running security and static code scan through checkmarx manually. Is it possible to run these scans like: It takes code from git/vsts repos. Upload to checkmarx. Run complete scans and publish report through email. Schedule these scans like…
BhattiSaadat
  • 99
  • 2
  • 11
-1
votes
1 answer

Checkmarx issue: The application stores sensitive personal data Write on the client, in an insecure manner

CheckMarx report throws The application stores sensitive personal data Write on the client, in an insecure manner Code var httpWebRequest = (HttpWebRequest)WebRequest.Create(requestUrl); httpWebRequest.Headers.Clear(); httpWebRequest.ContentType =…
user1103146
  • 63
  • 1
  • 7
-2
votes
0 answers

How to resolve HRA_JAVA_Improper_Restriction_of_XXE_Checkmarx scan issue at jaxbUnmarshaller.unmarshal(document) line

Facing checkmarx scan issue HRA_JAVA_Improper_Restrection_of_XXE_Ref and is highlighting that "unmarshall is set to automatically load and replace any DTD entity reference in the XML, including references to external files" private UserDetail…
Reddy
  • 1
  • 1
-2
votes
1 answer

apex checkmarx tampering issue

how to solve the error in checkmarx? Id clientId = (id)inputMap.get('ClientId') Account a= [Select Id, Client__c, ParentId, Parent.RecordType.DeveloperName,CI_ClientID__c from Account where Id = :clientId limit 1000] but its not working. error is :…
SSV
  • 1
  • 1
-2
votes
1 answer

Access private setters in codebase

I have a DTO object which I used in the controller method which initially had all the getters and setters as public. Due to a SAST scanning (Unsafe object binding) in checkmarx tool, I have to make the setters as private in that DTO. Now checkmarx…
sromit
  • 900
  • 3
  • 16
  • 43
-2
votes
1 answer

CxViewer IntelliJ Plugin not working for Checkmarx account with user/pass

I followed the documentation on page and not able to make it working, https://checkmarx.atlassian.net/wiki/spaces/SD/pages/1339490445/Setting+Up+the+IntelliJ+Plugin+v9.0.0+and+up
Ishtiaq Maqsood
  • 528
  • 4
  • 9
  • 24
-2
votes
1 answer

Environment.GetCommandLineArgs() may get an untrusted string

We use Checkmarx to check our project. The result show Environment.GetCommandLineArgs() may get an untrusted string and could allow an attacker to inject an arbitrary command. var args = Environment.GetCommandLineArgs(); var ls = new…
zhangyujason
  • 1
-4
votes
0 answers

I am using checkmarx to scan my Java code, it is showing improper exception handling

Checkmarx scan is giving below bug ""So and so class performs an operation that could be expected to throw an exception and is not properly wrapped with try-catch block.This constitutes improper exceptional handling" Below is the code snippet public…
srinivas reddy
  • 1
  • 2
-4
votes
1 answer

Checkmarx and angular2 template xss warning

I'm facing the follow warning at checkmarx report. I tried to use sanitized pipe to fix but still returning the warning. Any suggestions?
André de Mattos Ferraz
  • 612
  • 5
  • 13
-4
votes
1 answer

Checkmarx source code analysis tool marking mysql_fetch_array as Stored Cross-Site-Scripting attack.. Why and how to solve if it is real bug?

Checkmarx source code analysis tool marking mysql_fetch_array as Stored Cross-Site-Scripting attack.. Why and how to solve if it is real bug? below is the description of report: Method at line 1 of abc.php gets data from the database, for the…
John
  • 15
  • 5
1 2 3
22
23