Merge pull request #94 from lostsnow/feature/sep-vul-test-project-names

separate project names in vul tests

.github/workflows/vul-test.yml

@@ -38,13 +38,12 @@ jobs:
         shell: python
         run: |
           import json
+          example_filename = '${{ github.workspace }}/DockerVulspace/DongTai-agent-python/dongtai_agent_python/config-example.json'
           filename = '${{ github.workspace }}/DockerVulspace/DongTai-agent-python/dongtai_agent_python/config.json'
-          with open(filename) as f:
+          with open(example_filename) as f:
               data = json.load(f)
-          data['debug'] = True
           data['iast']['server']['token'] = '0f0025dff8311467f6da5b5109a469f1831aa782'
-          data['iast']['server']['url'] = 'http://iast-test.huoxian.cn/openapi'
-          data['project']['name'] = 'Python-DockerVulspace'
+          data['iast']['server']['url'] = 'https://iast-test.huoxian.cn/openapi'
           with open(filename, 'w') as f:
               json.dump(data, f)
 

.gitignore

@@ -7,3 +7,4 @@ __pycache__/
 /dist
 /dongtai_agent_python.egg-info
 *.log
+config.json

CHANGELOG.md

@@ -2,13 +2,17 @@
 
 ## Unreleased
 
+## [1.2.0](https://github.com/HXSecurity/DongTai-agent-python/releases/tag/v1.2.0) - 2021-12-31
+
 * FEATURES
-  * Add `pymongo` hook rules for NoSQL injection detection #84
-  * Add `python-ldap` and `ldap3` hook rules for LDAP injection detection #86, #88
-  * Use the environment variable `DEBUG=1` to enable debug mode #92
+  * Add `pymongo` hook rules for NoSQL injection detection [#84](https://github.com/HXSecurity/DongTai-agent-python/pull/84)
+  * Add `python-ldap` and `ldap3` hook rules for LDAP injection detection [#86](https://github.com/HXSecurity/DongTai-agent-python/pull/86), [#88](https://github.com/HXSecurity/DongTai-agent-python/pull/88)
+  * Use the environment variable `DEBUG=1` to enable debug mode [#92](https://github.com/HXSecurity/DongTai-agent-python/pull/92)
 * BUGFIXES
-  * Fix request and response header formats #87
-  * Bypass the hook in the filter rules #93
+  * Fix request and response header formats [#87](https://github.com/HXSecurity/DongTai-agent-python/pull/87)
+  * Bypass the hook in the filter rules [#93](https://github.com/HXSecurity/DongTai-agent-python/pull/93)
+* TESTING
+  * When testing for vulnerabilities, separate Django and Flask project names [#94](https://github.com/HXSecurity/DongTai-agent-python/pull/94), [DockerVulspace#8](https://github.com/jinghao1/DockerVulspace/pull/8)
 
 ## [1.1.4](https://github.com/HXSecurity/DongTai-agent-python/releases/tag/v1.1.4) - 2021-12-18
 

CHANGELOG_CN.md

@@ -2,13 +2,17 @@
 
 ## 尚未发布
 
+## [1.2.0](https://github.com/HXSecurity/DongTai-agent-python/releases/tag/v1.2.0) - 2021-12-31
+
 * 功能
-  * 增加 `pymongo` 策略规则以检测 NoSQL 注入漏洞 #84
-  * 增加 `python-ldap` and `ldap3` 策略规则以检测 LDAP 注入漏洞 #86, #88
-  * 使用环境变量 `DEBUG=1` 开启 DEBUG 模式 #92
+  * 增加 `pymongo` 策略规则以检测 NoSQL 注入漏洞 [#84](https://github.com/HXSecurity/DongTai-agent-python/pull/84)
+  * 增加 `python-ldap` and `ldap3` 策略规则以检测 LDAP 注入漏洞 [#86](https://github.com/HXSecurity/DongTai-agent-python/pull/86), [#88](https://github.com/HXSecurity/DongTai-agent-python/pull/88)
+  * 使用环境变量 `DEBUG=1` 开启 DEBUG 模式 [#92](https://github.com/HXSecurity/DongTai-agent-python/pull/92)
 * 修复
-  * 修复请求头和响应头格式 #87
-  * 绕过过滤规则中的 hook #93
+  * 修复请求头和响应头格式 [#87](https://github.com/HXSecurity/DongTai-agent-python/pull/87)
+  * 绕过过滤规则中的 hook [#93](https://github.com/HXSecurity/DongTai-agent-python/pull/93)
+* 测试
+  * 靶场测试时, 将 Django 和 Flask 的项目名称分开 [#94](https://github.com/HXSecurity/DongTai-agent-python/pull/94), [DockerVulspace#8](https://github.com/jinghao1/DockerVulspace/pull/8)
 
 ## [1.1.4](https://github.com/HXSecurity/DongTai-agent-python/releases/tag/v1.1.4) - 2021-12-18