Skip to content

Latest commit

 

History

History
151 lines (96 loc) · 5.08 KB

HISTORY.md

File metadata and controls

151 lines (96 loc) · 5.08 KB

Release History

1.7.1

  • Fix on Pyyaml inspector looking for 'loader' keyword argument instead of 'Loader'.
  • Fix on plugin XML having wrong standard library short name
  • Fix on pickle not matching aliases imports

1.7.0

  • Added pickle load inspection PIC100
  • Added django safe strings inspection DJG102
  • Added hardcoded temp path read or write inspection TMP101
  • Added XML standard library DoS inspection XML100
  • Added XML RPC dotted paths inspection XML200

1.6.0

  • Dockerfile compiles from source, so 'latest' docker image is from master and each tag is correctly set issue#41
  • Annotations descriptions have links to the documentation issue#43
  • GitHub Action now supports "failure on warning"
  • GitHub Action now always uses latest image
  • GitHub Action supports setting path to custom inspection XML file

1.5.0

  • Github actions now have annotations

1.4.5

  • Updated documentation for GitHub actions. Made path optional

1.4.4

  • Fixed bug in BindAllInterfacesInspection where a call to bind() with no arguments would raise an NPE issue#36

1.4.3

  • Added github action support (alpha)

1.4.2

  • Fixed a bug where packages that had a vulnerability in safetydb but no CVE record would raise a NPE to PyCharm issue#33

1.4.1

  • Changed YML100 to not match when loader=SafeLoader is used
  • Altered PW100 to only match on == and != operators, reducing false positives

1.4.0

  • Added DJG101 Using quoted, parametrized literal will bypass Django SQL Injection protection

1.3.0

  • Added TRY100 check for try..except..pass statements
  • Added TRY101 check for try..except..continue statements
  • Added AST100 check for assert usage outside of a test
  • Added NET100 check unspecified binding
  • Added PAR100 check for host key bypass in paramiko ssh client usage
  • Added OS100 check calls to os.chmod() for dangerous POSIX permissions

1.2.0

  • Added SQL injection with Python formatting check SQL100
  • Support for PyCharm 2020.1

1.1.0

  • Added new hardcoded password check PW100
  • Added new builtin exec check EX100
  • Added new mako unescaped input check MK100
  • Added new mako HTML escape quick fix
  • Fixed minor bug in Flask debug mode check

1.0.15

1.0.14

  • All checks are now local inspections, so within the Code Inspection tool, they will show as "Python Security"
  • Users can now alter the severity of any particular check and mute for a given project, file or IDE

1.0.13

1.0.12

  • Added Shell Escape Fixer, recommended by PR100
  • Modified the shell injection validator to match subprocess.call, .run and .Popen
  • Modified the shell injection validator to ignore string literals or lists of literals

1.0.11

  • Annotations "Read Documentation" fix will go to the new documentation site instead of GitHub.

1.0.10

  • PW100 uses secrets.compare_digest if the Python version is 3.7+
  • Fixed bug in test suite (doesn't affect plugin)

1.0.9

  • Added a documentation action to all recommendations
  • Added a timing attack fixer for using hmac.compare_digest
  • Added a timing attack test for comparing a password string
  • Added hashlib test for cryptographically weak algorithm usage
  • Added hashlib check for algorithms vulnerable to length-attacks

1.0.8

  • Notification summarising package scan, even when no issues are found
  • Issues warning notification when no Python SDK is configured
  • Various minor bug fixes

1.0.7

  • Fixed a bug when instantiating the vulnerability database at startup. Raised by @m-aciek #3

1.0.6

  • Fixed error when checking incomplete statements. Raised by @jugmac00 #1

1.0.5

  • Package checker works with specific (PEP440) version ranges.

1.0.4

  • Checks installed packages against safetydb and alerts for any known vulnerabilities

1.0.3

  • Added django debug mode check
  • Added tempfile.mktemp check with fixer to replace tempfile.mkstemp with existing arguments
  • Added subprocess.call(shell=true) check
  • Added httpx no-verify check
  • Added requests no-verify check

1.0.2

  • Added flask debug mode check
  • Added pyyaml load check