The code is here (Gist) and the standalone exe is at Util - CheckMarx Rule and Guidance Viewer v1.0.exe
Here is the Util - CheckMarx Rule and Guidance Viewer v1.0.exe in action (on checkmark's public server):
When you start the tool you will be asked for a user (now on SI's test server):
Then the password:
And if the login was successful, you will see the list of supported languages:
Which you can then expand into the desired Query.
The selected Query's source code will be shown on the top-right code viewer, and the Query CWE mapping is shown on the bottom-right browser.
Now look at that last screenshot, specially the query's code.
THAT code is the rule that checkmarx's engine uses to find SQL Injections!!!!!!
- It gets the Interactive Inputs (it knows about)
- Then the sanitation and (I expect) the validation methods
- Then it passes this values into an method that returns the findings
C# managed rules for SAST!
THIS is how things should be done!!!
The 2nd screenshot shows a more advanced/complex rule, and since we are in C# land, we should be able to perform real comprehensive/complex analysis (with external data/mappings if required).
Now if only Checkmarx released these rules under an Open License, so that we can easily share our customisations and write rules like for non-supported frameworks :)
