v0.7.0

Features

Support for skipcq

You can now add // skipcq directives in your comments to ignore issues raised by Globstar checkers.
Examples:

1. Ignore all issues raised in a line:

# skipcq
assert 1 == 1

2. Ignore specific issues raised in a line:

# skipcq
def process(request):
    form = PostForm(request.POST)
    if form.is_valid():
        # skipcq: avoid-assert
        assert name == request.POST['name']

3. You can also ignore multiple issues in a line:

def process(request):
    form = PostForm(request.POST)
    if form.is_valid():
        # skipcq: avoid-assert, post-after-isvalid
        assert name == request.POST['name']

New checkers

Python

1. Add checkers for miscellaneous Flask app.run() vulnerabilities
2. Add checker to detect user data formatted string return in Flask
3. Add checker to detect user data injection vulnerabilities in Flask
4. Add checker to detect dangerous subprocess exec in aws-lambda handler functions
5. Add checker to detect AWS Lambda SQL injection due to event tainted query

v0.6.1

What's Changed

• feat: allow excluding checkers with directive comment by @MashyBasker in #185

Full Changelog: v0.6.0...v0.6.1

v0.6.0

What's Changed

• checker: detect insecure pickle deserialization with user tainted data by @MashyBasker in #173
• checker: request tainted file write and request tainted HttpResponse/HttpResponseBadRequest by @MashyBasker in #172
• checker: detect user data from python request passed into method calls causing injection vulnerabilities by @MashyBasker in #170
• checker: miscellaneous Django security checkers by @MashyBasker in #169
• ci: add .deepsource.toml by @deepsource-autofix in #176
• Feature : Add Incremental Analysis by @unnxt30 in #171
• chore: automatic built-in Go checker discovery by @MashyBasker in #174
• feat: add Requires field to the Analyzer struct by @sourya-deepsource in #184
• checker: add unused-import checker for JavaScript

New Contributors

• @deepsource-autofix made their first contribution in #176
• @unnxt30 made their first contribution in #171

Full Changelog: v0.5.1...v0.6.0

v0.5.1

What's Changed

• [Feat] Python: checker for usage of assert statements by @yashnator in #118

New Contributors

• @yashnator made their first contribution in #118

Full Changelog: v0.5.0...v0.5.1

v0.5.0

What's Changed

This release adds 49 new checkers. The checkers are listed below:

• chore: add checker to detect usage of weak SSL version by @MashyBasker in #146
• chore: add checker to detect usage of django secret key used as salt in HashID by @MashyBasker in #125
• rust: avoid using unwrap() by @hrideshmg in #117
• checker: ruby_ssl_no_verify by @Thiru-moorthi in #110
• checker: ruby_skip_authorization by @Thiru-moorthi in #109
• feat(javascript): implement Go-based SQL injection checker by @hrideshmg in #139
• checker: ruby_sha1_weak_hash by @Thiru-moorthi in #108
• checker: ruby_rsa_weak_crypto by @Thiru-moorthi in #107
• checker: ruby_rails_unsafe_direct_assignment by @Thiru-moorthi in #106
• checker: ruby_rails_samesite_cookie by @Thiru-moorthi in #105
• checker: ruby_rails_insecure_smtp by @Thiru-moorthi in #104
• checker: ruby_rails_httponly_cookie by @Thiru-moorthi in #103
• checker: ruby_rails_http_hardcoded_passwd by @Thiru-moorthi in #102
• checker: ruby_rails_force_ssl by @Thiru-moorthi in #101
• checker: ruby_md5_weak_hash by @Thiru-moorthi in #100
• checker: ruby_eval_method by @Thiru-moorthi in #99
• checker: ruby_dsa_weak_crypto by @Thiru-moorthi in #98
• checker: ruby_blowfish_weak_crypto by @Thiru-moorthi in #96
• checker: go_math_rand by @Thiru-moorthi in #95
• checker: go_pprof_endpoint_automatic_exposure by @Thiru-moorthi in #94
• checker: go_postgres_conn_raw_passwd by @Thiru-moorthi in #93
• checker: go_postgres_config_raw_passwd by @Thiru-moorthi in #92
• checker: go_os_create_file_default_permission by @Thiru-moorthi in #91
• checker: go_net_bind_all_interfaces by @Thiru-moorthi in #90
• java: unsafe file traversal by @hrideshmg in #116
• checker: go_mysql_conn_raw_passwd by @Thiru-moorthi in #89
• checker: go_missing_error_file by @Thiru-moorthi in #87
• checker: go_fmt_print_in_prod by @Thiru-moorthi in #76
• checker: go_md5_weak_hash by @Thiru-moorthi in #86
• checker: go_jwt_none_algorithm by @Thiru-moorthi in #85
• checker: go_jwt_hardcoded_signing_key by @Thiru-moorthi in #84
• checker: go_insecure_cookie by @Thiru-moorthi in #83
• checker: go_http_file_server by @Thiru-moorthi in #80
• checker: go_html_req_template_injection by @Thiru-moorthi in #79
• checker: go_grpc_server_insecure_tls by @Thiru-moorthi in #78
• checker: go_grpc_client_insecure_tls by @Thiru-moorthi in #77
• checker: go_des_weak_crypto by @Thiru-moorthi in #75
• checker: go_cgi_import by @Thiru-moorthi in #73
• checker: go_unsafe_pkg by @Thiru-moorthi in #72
• checker: go_tls_insecure by @Thiru-moorthi in #71
• checker: go_tls_config_minver by @Thiru-moorthi in #70
• checker: go_reflect_pkg by @Thiru-moorthi in #66
• checker: go_samesite_cookie by @Thiru-moorthi in #67
• checker: go_sha1_weak_hash by @Thiru-moorthi in #68
• checker(python): add checkers to detect insecure ftp connections in urllib by @MashyBasker in #162
• chore: restructure and rename python checkers by @MashyBasker in #60
• chore: add checker to detect globals context in django render method by @MashyBasker in #121
• chore: add checker to detect 'none' algo in JWT token encode/decode method by @MashyBasker in #122
• chore: add checker to detect flask app running on insecure host by @MashyBasker in #147

There are some improvements in the runtime:

• fix: return non-zero exit code if checks fail by @sanket-deepsource in #156

New Contributors

• @Thiru-moorthi made their first contribution in #110

Full Changelog: v0.4.1...v0.5.0

v0.4.1

What's Changed

• chore: bump globstar.dev to v0.4.0 in analyzer stubs by @sourya-deepsource in #153

Full Changelog: v0.4.0...v0.4.1

v0.4.0

What's Changed

• docs: add guide for writing checkers in Go by @sanket-deepsource in #149
• fix: fix analysis and test runners by @sourya-deepsource in #151

Full Changelog: v0.3.1...v0.4.0

v0.3.1

What's Changed

• chore: use v0.3.0 in analyzer stub by @sourya-deepsource in #150

Full Changelog: v0.3.0...v0.3.1

v0.3.0

What's Changed

• feat: add version flag in the CLI by @sanket-deepsource in #43
• chore: add PR template by @sourya-deepsource in #46
• updated the link by @tusharxoxoxo in #49
• php: dangerous eval by @hrideshmg in #115
• docker: avoid using sudo in RUN commands by @hrideshmg in #133
• docker: avoid the use of the ADD instruction by @hrideshmg in #130
• docker: avoid the use of latest tag by @hrideshmg in #124
• feat: add test runner for Go-based rules by @sourya-deepsource in #123
• feat (#25): add support for custom Go rules by @sourya-deepsource in #145

New Contributors

• @tusharxoxoxo made their first contribution in #49
• @hrideshmg made their first contribution in #115

Full Changelog: v0.2.0...v0.3.0

v0.2.0

What's Changed

• chore(examples): add yaml checkers for unsafe django patterns by @MashyBasker in #18
• feat: support creating and testing built-in checkers by @sourya-deepsource in #23
• feat: add support for built-in Go-based rules by @sourya-deepsource in #26
• chore (#39): allow nesting yaml rules in arbitrary sub directories by @sourya-deepsource in #40
• fix (#41): add globstar.dev path for go-import by @sourya-deepsource in #42

New Contributors

• @MashyBasker made their first contribution in #18

Full Changelog: v0.1.1...v0.2.0