Skip to content
This repository has been archived by the owner on Feb 16, 2024. It is now read-only.

SUPER 0.3.0

Pre-release
Pre-release
Compare
Choose a tag to compare
@Razican Razican released this 12 Feb 19:23
· 200 commits to master since this release
0.3.0
5604019

Third release of SUPER, with many changes and bug fixes.

Changelog

Features

  • You can now specify the minimum criticality of a vulnerability for being reported. Using the --min-criticality CLI option, you can specify if the minimum reported criticality should be warning, low, medium, high or critical.
  • Optional JSON and HTML reports: By default, SUPER will generate an HTML report, but no JSON report. This behaviour can be changed either by changing two configuration options in the config.toml file html_report and json_report) or by invoking the script with --json or --html parameters. By default, if --json is used, the HTML report won't get generated, but if you want both, you can specify so by using both options: --json --html.
  • Tab completions: If you now install SUPER using one of the provided packages for UNIX, you will get tab completions. So, anytime you don't exactly know the command, you can simply press TAB and you will get suggestions or even command completions. This works for Bash, Fish and ZSH.

Internal Changes

  • SUPER now requires Rust 1.15.1.
  • Converted all try!() statements to use the new ? Rust operator.
  • Reduced cyclomatic complexity of Config::load_from_file() (#78): This makes configuration loading
    faster and easily maintainable.
  • Improved logging using the log crate.
  • Upgraded dependencies:
    • clap: 2.18 => 2.20
    • colored: 1.3 => 1.4
    • serde: 0.8 => 0.9
    • handlebars: 0.22 => 0.25
    • chrono: 0.2 => 0.3
    • regex: 0.1 => 0.2
      And some other minor upgrades. Both the regex and the serde dependencies have been the major upgrades and should improve our future releases.

Changes in Rules

  • Changed some regular expressions to match the new regex crate classes.
  • The files to be searched with a given rule can now be filtered by two new fields:
    • include_file_regex: A regex that all tested files will match.
    • exclude_file_regex: A regex that will whitelist files matched by the previous regex.
      This enables much better file searching: If you need to search for R class variables, no need to search other files than R.java.

Bug Fixes

  • SUPER no longer prints to stderr on tests.
  • Finally fixed all output coloring errors.

Contributions

Apart from the core team, the following people have contributed to this release:

Assets 8
Loading