Releases: DataDog/datadog-static-analyzer
Releases · DataDog/datadog-static-analyzer
0.3.5
What's Changed
- Test all default rulesets by @juli1 in #361
- [STAL-2082] Ignore generated files by @juli1 in #364
- [STAL-2148] Fix flaky CI test by @jasonforal in #368
- [STAL-1960] Add tree-sitter query wrapper by @jasonforal in #366
- Use a member function of PathConfig to check if the path config allows a file. by @jacobotb in #369
- Move argument provider to its own file. by @jacobotb in #370
- [STAL-2019] ci: add action to test for regressions by @amaanq in #365
- [STAL-1960] Add generic Rust <> v8 data structures by @jasonforal in #374
- [STAL-1960] Introduce ddsa JsRuntime by @jasonforal in #381
- [STAL-2139] Ignore rules for the whole file by @juli1 in #376
- Split configuration data object and parsing code by @jacobotb in #371
- [STAL-1960] Introduce patterns for refactored JavaScript modules by @jasonforal in #382
- [STAL-1960] Introduce bridge design; implement ddsa context by @jasonforal in #384
- [STAL-1960] Chore: update naming convention by @jasonforal in #386
- [STAL-1960] Add ddsa FileContextGo by @jasonforal in #385
- [STAL-1960] Add bridge for (TsSymbol <> Name) mappings by @jasonforal in #387
- Add a specific type for values that depend on the subtree by @jacobotb in #372
- fix(analyzer): fix 'lines to ignore' parsing functionality by @robertohuertasm in #388
- Add the ability to call other endpoints with JWT tokens. by @jacobotb in #373
- [STAL-1960] Implement ddsa TreeSitterNode + bridge by @jasonforal in #390
- [STAL-1960] Implement ddsa NamedCapture by @jasonforal in #391
- [STAL-1960] Implement ddsa Violation bridge by @jasonforal in #392
- [STAL-2179] Add better error message for ruleset fetch failure by @amaanq in #395
- [STAL-1960] Implement ddsa QueryMatch + bridge by @jasonforal in #393
- [STAL-1960] Implement ddsa JsRuntime scoped execution by @jasonforal in #398
- [STAL-1960] Return TreeSitterNode instances from QueryMatch
get
andgetMany
by @jasonforal in #399 - [STAL-1960] Implement compatibility layer with Stella for QueryMatch. by @jasonforal in #400
- [STAL-1960] Implement ddsa JsRuntime rule execution by @jasonforal in #402
- [STAL-1960] Implement compatibility layer for Stella visit function by @jasonforal in #403
- [STAL-1960] Address various bugs by @jasonforal in #408
- Fix overly-restrictive lifetime of
tree_sitter::Node
during ops by @jasonforal in #405 - [STAL-1960] Add functionality to configure a v8 isolate's default context by @jasonforal in #404
- [STAL-1960] Add console.log tests, special TreeSitterNode serialization by @jasonforal in #407
- [STAL-1960] Add ability to fetch tree-sitter node children from JavaScript by @jasonforal in #415
- [STAL-2335] ci: fix error when multiple repos have potential regressions detected by @amaanq in #406
- [STAL-2296] fix: improve
test-rules
script with retries and better error handling by @amaanq in #411 - Filter invalid violations for SARIF report by @juli1 in #401
- [STAL-1960] Fix performance issues introduced by creating new v8 Contexts by @jasonforal in #416
- [STAL-2337] feat: add Starlark support by @amaanq in #413
- [STAL-1906] feat: add Dockerfile + ci workflow to publish to GHCR by @amaanq in #383
- Update op to only return named children by @jasonforal in #417
- Fix ddsa
node_type_id
to match stella semantics by @jasonforal in #419 - [STAL-1960] Optimize memory usage of JS timeout functionality by @jasonforal in #412
- Fix
null
check in JavaScript by @jasonforal in #420 - [STAL-1960] Implement TsLanguageContext by @jasonforal in #423
- [STAL-1960] Implement "field name" for tree-sitter node children by @jasonforal in #424
- [STAL-2338] feat: add Bash support by @amaanq in #414
- [STAL-2336] Include paths configuration for diff-aware hash by @juli1 in #418
- Change ddsa rule script template to properly initialize local variables by @jasonforal in #425
- Add various ddsa compatibility workarounds for the stella syntax by @jasonforal in #426
- [STAL-2289] feat: add terraform file context helper in the JS code by @amaanq in #409
- remove secrets features by @juli1 in #427
- [STAL-1960] Enable ddsa as a feature flag by @jasonforal in #428
- Add stopgap cache clearing for ddsa on the analyzer server by @jasonforal in #429
- Release 0.3.5 by @jasonforal in #430
Full Changelog: 0.3.4...0.3.5
0.3.4
What's Changed
- Test tree-sitter 0.22.6 by @juli1 in #353
- update cc dependency by @juli1 in #356
- show rule that fails to convert by @juli1 in #357
- Test rules in staging and prod by @juli1 in #355
- [STAL-1863] fix: update c-sharp grammar for parsing improvements by @amaanq in #344
- fix: correct workflow step name for staging rules by @amaanq in #358
- [STAL-2057] Hardcode include testing rules in CLI by @modernplumbing in #359
- Release 0.3.4 by @amaanq in #360
Full Changelog: 0.3.3...0.3.4
Release 0.3.3
What's Changed
- [STAL-2002] Add documentation by @juli1 in #342
- [STAL-1686] Add is_testing to rules by @modernplumbing in #339
- Use higher-level constructs for configuration serializer/deserializer. by @jacobotb in #341
- [STAL-2027] Preparing 0.3.3 by @modernplumbing in #345
- [STAL-2007] debug static analyzer by @juli1 in #348
- Fix OWASP benchmark changes by @juli1 in #352
- [STAL-2007] Handle branch from Gitlab pipelines by @juli1 in #350
- [STAL-1686] Follow-up for handling rules marked as
is_testing
by @modernplumbing in #349 - [STAL-2007] remove repository url from logs by @juli1 in #354
New Contributors
- @modernplumbing made their first contribution in #339
Full Changelog: 0.3.2...0.3.3
Performance improvements
What's Changed
- [STAL-1818] Tidying, prep for YAML rule definition by @jasonforal in #317
- [STAL-1818] Implement creation of HTTP validator from YAML definition by @jasonforal in #318
- [STAL-1818] Implement complete YAML-based rule construction by @jasonforal in #319
- [STAL-1818] Integrate secrets scanning into the main binary by @jasonforal in #320
- [STAL-1850] Introduce proximity keywords by @jasonforal in #321
- [STAL-1851] Add normalized entropy Checker by @jasonforal in #322
- [STAL-1172] Use Result for
execute_rule_inner
by @jasonforal in #330 - [STAL-1645] fix: use maintained and up-to-date yaml grammar by @amaanq in #334
- [STAL-1921] More instructions when we fail to get the repository for diff-aware by @juli1 in #333
- [STAL-1172] Optimize threading and instantiation of v8 runtimes by @jasonforal in #331
- [STAL-1172] Serialize Rust structs directly to v8 objects by @jasonforal in #332
- [STAL-1967] Add helper script to display the violation diff between two SARIF files by @jasonforal in #335
- [STAL-1986] Fix macOS x86 GitHub Actions build by @jasonforal in #338
- Prepare version 0.3.2 by @juli1 in #340
New Contributors
Full Changelog: 0.3.1...0.3.2
Release 0.3.1
What's Changed
- [STAL-1678] add documentation on OWASP benchmark by @juli1 in #313
- Add documentation on reporting issue by @juli1 in #315
- [STAL-1704] Simplify rule definition/evaluation by @jasonforal in #312
- [STAL-1701] add more performance statistics by @juli1 in #314
- Prepare version 0.3.1 by @juli1 in #316
Full Changelog: 0.3.0...0.3.1
Release 0.3.0
What's Changed
- fix(ide): use proper glob for ignore rule creation by @robertohuertasm in #294
- Apply global ignore/only in server by @jacobotb in #295
- [STAL-1493] Add ability to use a fake clock for tests by @jasonforal in #296
- Add rule fields 'severity' and 'category' to schema and deserializer by @jacobotb in #300
- Document the ability to set rule arguments. by @jacobotb in #299
- [STAL-1493] Add builders for HTTP validator by @jasonforal in #297
- Improve HTTP validator edge-case handling by @jasonforal in #302
- Override a rule's severity and category when specified in the configuration file by @jacobotb in #301
- feat(ide): return raw string instead of JSON by @robertohuertasm in #303
- fix(ide): support for new properties when ignoring rules by @robertohuertasm in #304
- fix(ra): fix rust-analyzer for vs code users by @robertohuertasm in #305
- [STAL-1493] Enable validation in the secrets engine by @jasonforal in #306
- [STAL-1529] Enable secret validation for integration testing by @jasonforal in #307
- fix(serialization): correctly serialize arguments by @robertohuertasm in #310
- Add version of the tool by @juli1 in #309
- [STAL-1159] Add secret scanning rule file parsing by @jasonforal in #308
Full Changelog: 0.2.9...0.3.0
Release 0.2.9
Full Changelog: 0.2.9...0.2.9
What's Changed
- [STAL-1496] add option to fail if there is any violation by @juli1 in #255
- Add initial secrets-core crate by @jasonforal in #247
- [STAL-1470] add details in FAQ by @juli1 in #256
- Mechanism to provide arguments to rules by @jacobotb in #254
- Validator for the static analyzer configuration parser by @jacobotb in #257
- check ruby rules in gitlab pipeline by @juli1 in #262
- Add secrets-core engine by @jasonforal in #261
- Update links to https by @dastrong in #264
- feat(kernel): add support for ConfigFile serialization by @robertohuertasm in #263
- [STAL-1362] add ruby in default languages by @juli1 in #266
- Update README.md with ignore/only and ruleset/rule config information. by @jacobotb in #267
- [STAL-1123] Add caching to GitHub actions build by @jasonforal in #269
- Display a nicer error message for configuration file errors by @jacobotb in #265
- [STAL-1523] add documentation for diff-aware by @juli1 in #270
- [STAL-1557] add documentation for go by @juli1 in #274
- Fix leftover legacy field
ignore-paths
in README. by @jacobotb in #275 - [STAL-1322] Support Vectorscan build for Windows by @jasonforal in #276
- [STAL-1164] Prepare SARIF output for multiple rule types by @jasonforal in #278
- Prevent RuleResult from being built with an absolute path by @jasonforal in #280
- [STAL-1575] Fingerprint improvements by @juli1 in #281
- [STAL-1523] add diff-aware doc by @juli1 in #282
- Fix build by @juli1 in #284
- [STAL-1164] Improved concurrency ergonomics for secrets Worker by @jasonforal in #279
- [STAL] Add missing rulesets by @dastrong in #283
- [STAL-1522] add instructions to troubleshoot diff-aware by @juli1 in #290
- [STAL-1164] Initial secrets scan workflow integration test by @jasonforal in #285
- Read the 'arguments' field from the rules by @jacobotb in #291
- Add execution time in sarif reports by @juli1 in #292
- feat(server): add IDE module by @robertohuertasm in #289
Full Changelog: 0.2.8...0.2.9
Version 0.2.8
What's Changed
- JSON Schema for the static analyzer configuration file. by @jacobotb in #241
- Add a schema-version field to the configuration file JSON Schema. by @jacobotb in #246
- Replace glob_match with globset by @jacobotb in #250
- Make the matcher function a member of PathPattern. by @jacobotb in #251
- [STAL-1467] Support for file context by @juli1 in #249
- The server may receive the configuration file and apply includes/excludes by @jacobotb in #248
- [STAL-1486] Properly handle CSV output by @juli1 in #252
- Prepare version 0.2.8 by @juli1 in #253
Full Changelog: 0.2.7...0.2.8
Release 0.2.7
What's Changed
- Parse improperly formatted YAML for the ruleset config. by @jacobotb in #226
- [STAL-1418] Violation fingerprints by @juli1 in #228
- Upgrade tree-sitter to the latest version by @juli1 in #233
- Update ruby syntax by @juli1 in #234
- Fix Stella console by @juli1 in #235
- Allow the GitLab pipeline to override the
DataDog/images
branch used by @jasonforal in #236 - [STAL-1457] add better handling of git SHA finding by @juli1 in #237
Full Changelog: 0.2.6...0.2.7
0.2.6
What's Changed
- update output by @juli1 in #217
- Update Documentation by @juli1 in #216
- Update configuration file format for path-based inclusion/exclusion by @jacobotb in #211
- Update download links by @juli1 in #220
- Add Vectorscan bindings and library by @jasonforal in #205
- Add the ability to include and exclude paths for individual rules and rulesets by @jacobotb in #218
- [STAL-1351] Diff-Aware Scanning Support by @juli1 in #224
- Handle legacy configuration fields during deserialization by @jacobotb in #219
- Prepare 0.2.6 by @juli1 in #225
Full Changelog: 0.2.5...0.2.6