Skip to content

v0.7.0

Latest
Latest
Compare
Choose a tag to compare
@sourya-deepsource sourya-deepsource released this 14 Apr 16:53
· 5 commits to master since this release
v0.7.0
b463434
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Features

Support for skipcq

You can now add // skipcq directives in your comments to ignore issues raised by Globstar checkers.
Examples:

  1. Ignore all issues raised in a line:
# skipcq
assert 1 == 1
  1. Ignore specific issues raised in a line:
# skipcq
def process(request):
    form = PostForm(request.POST)
    if form.is_valid():
        # skipcq: avoid-assert
        assert name == request.POST['name']
  1. You can also ignore multiple issues in a line:
def process(request):
    form = PostForm(request.POST)
    if form.is_valid():
        # skipcq: avoid-assert, post-after-isvalid
        assert name == request.POST['name']

New checkers

Python

  1. Add checkers for miscellaneous Flask app.run() vulnerabilities
  2. Add checker to detect user data formatted string return in Flask
  3. Add checker to detect user data injection vulnerabilities in Flask
  4. Add checker to detect dangerous subprocess exec in aws-lambda handler functions
  5. Add checker to detect AWS Lambda SQL injection due to event tainted query
Assets 12
Loading