Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 40 million developers.Sign up
- This minor release includes several bug fixes for #56, #54, 81d48a8, and other non-tracked issues
- Support for
nodeintegrationinsubframesboth for JS/HTML resources #52
- Introduced of a global check called
HTTP_RESOURCES_WITH_NODE_INTEGRATION_GLOBAL_CHECKto review the use of plain HTTP resources loaded in node-integrated contexts 71acdd8
- Migrated to cli-table3, word wrapping in columns is now working correctly
- Introduced the
--verbose) flag to display the issues' short description 6e14dc8
- Variable scoping analysis capabilities have been added to inspect the Function and Global variable content, when available.
- Every check now has an importance and accuracy attribute which helps the auditor to determine the importance of each finding. Consequently, we also introduced some new command line flags to filter the results by severity (
--severity) and by confidence (
--confidence), useful for tailored Electronegativity integration in your application security pipelines or build systems.
- Add support for
- Add the
-r, --relativeflag to display relative path for files
in order to support newer versions of TypeScript
- Several bug fixes and improvements (#49, #50, 84316b1, b32b81b, 04016b3)
The official manual for this 1.3.0 release is also available.
- Add support for single check scans, using the
- Introduce a new check type called Global Checks and its own test logic (#37)
- Introduce CSP Global Checks (#35, #36)
- Introduce AffinityGlobalCheck (#39)
- Include node's
setImmediateas dangerous function (ea63162)
We now have our official PDF documentation in docs/manual!
This is a special release for the BlackHat Asia 2019 talk "Preloading Insecurity In Your Electron" by Luca Carettoni, one of the tool's authors.