v0.5.0
·
30 commits
to master
since this release
What's Changed
This release adds 49 new checkers. The checkers are listed below:
- chore: add checker to detect usage of weak SSL version by @MashyBasker in #146
- chore: add checker to detect usage of django secret key used as salt in HashID by @MashyBasker in #125
- rust: avoid using unwrap() by @hrideshmg in #117
- checker: ruby_ssl_no_verify by @Thiru-moorthi in #110
- checker: ruby_skip_authorization by @Thiru-moorthi in #109
- feat(javascript): implement Go-based SQL injection checker by @hrideshmg in #139
- checker: ruby_sha1_weak_hash by @Thiru-moorthi in #108
- checker: ruby_rsa_weak_crypto by @Thiru-moorthi in #107
- checker: ruby_rails_unsafe_direct_assignment by @Thiru-moorthi in #106
- checker: ruby_rails_samesite_cookie by @Thiru-moorthi in #105
- checker: ruby_rails_insecure_smtp by @Thiru-moorthi in #104
- checker: ruby_rails_httponly_cookie by @Thiru-moorthi in #103
- checker: ruby_rails_http_hardcoded_passwd by @Thiru-moorthi in #102
- checker: ruby_rails_force_ssl by @Thiru-moorthi in #101
- checker: ruby_md5_weak_hash by @Thiru-moorthi in #100
- checker: ruby_eval_method by @Thiru-moorthi in #99
- checker: ruby_dsa_weak_crypto by @Thiru-moorthi in #98
- checker: ruby_blowfish_weak_crypto by @Thiru-moorthi in #96
- checker: go_math_rand by @Thiru-moorthi in #95
- checker: go_pprof_endpoint_automatic_exposure by @Thiru-moorthi in #94
- checker: go_postgres_conn_raw_passwd by @Thiru-moorthi in #93
- checker: go_postgres_config_raw_passwd by @Thiru-moorthi in #92
- checker: go_os_create_file_default_permission by @Thiru-moorthi in #91
- checker: go_net_bind_all_interfaces by @Thiru-moorthi in #90
- java: unsafe file traversal by @hrideshmg in #116
- checker: go_mysql_conn_raw_passwd by @Thiru-moorthi in #89
- checker: go_missing_error_file by @Thiru-moorthi in #87
- checker: go_fmt_print_in_prod by @Thiru-moorthi in #76
- checker: go_md5_weak_hash by @Thiru-moorthi in #86
- checker: go_jwt_none_algorithm by @Thiru-moorthi in #85
- checker: go_jwt_hardcoded_signing_key by @Thiru-moorthi in #84
- checker: go_insecure_cookie by @Thiru-moorthi in #83
- checker: go_http_file_server by @Thiru-moorthi in #80
- checker: go_html_req_template_injection by @Thiru-moorthi in #79
- checker: go_grpc_server_insecure_tls by @Thiru-moorthi in #78
- checker: go_grpc_client_insecure_tls by @Thiru-moorthi in #77
- checker: go_des_weak_crypto by @Thiru-moorthi in #75
- checker: go_cgi_import by @Thiru-moorthi in #73
- checker: go_unsafe_pkg by @Thiru-moorthi in #72
- checker: go_tls_insecure by @Thiru-moorthi in #71
- checker: go_tls_config_minver by @Thiru-moorthi in #70
- checker: go_reflect_pkg by @Thiru-moorthi in #66
- checker: go_samesite_cookie by @Thiru-moorthi in #67
- checker: go_sha1_weak_hash by @Thiru-moorthi in #68
- checker(python): add checkers to detect insecure ftp connections in
urllibby @MashyBasker in #162 - chore: restructure and rename python checkers by @MashyBasker in #60
- chore: add checker to detect globals context in django render method by @MashyBasker in #121
- chore: add checker to detect 'none' algo in JWT token encode/decode method by @MashyBasker in #122
- chore: add checker to detect flask app running on insecure host by @MashyBasker in #147
There are some improvements in the runtime:
- fix: return non-zero exit code if checks fail by @sanket-deepsource in #156
New Contributors
- @Thiru-moorthi made their first contribution in #110
Full Changelog: v0.4.1...v0.5.0
Contributors
Thiru-moorthi, sanket-deepsource, and 2 other contributors