Skip to content

Latest commit

 

History

History
226 lines (155 loc) · 8.09 KB

CHANGELOG.md

File metadata and controls

226 lines (155 loc) · 8.09 KB
Raw

What's New

Thanks to all our contributors, users, and the many people that make PyT possible! ❤️

If you love PyT, please star our project on GitHub to show your support! ⭐

Unreleased

🎉 New Features

  • Added visting functions in the tests of while nodes (#186, thanks @adrianbn)

0.42

November 1st, 2018

💥 Breaking Changes

  • Changed trigger file format when specifying specific tainted args (#182, thanks @bcaller)

🎉 New Features

  • Function calls such as list.append and dict.update now propagate taint to the list or dict (#181, thanks @bcaller)

🐛 Bugfixes

  • IfExp (or ternary) expression handling improved (#179, thanks @bcaller)

0.40

September 11th, 2018

📣 Release Highlights

  • Logging changes. Logging verbosity can be changed with -v to -vvv (#172, thanks @bcaller)

💥 Breaking Changes

  • Removed --trim option (#169)

🎉 New Features

  • Added --only-unsanitised flag to not print sanitised vulnerabilities (#172, thanks @bcaller)

🐛 Bugfixes

  • Recursive functions don't cause RecursionError (#173, thanks @bcaller)
  • Handling of chained functions improved (#171, thanks @bcaller)

0.39

August 21st, 2018

🎉 New Features

  • Added handling of assignment unpacking e.g. a, b, c = d (#164, thanks @bcaller)
  • Made file loading and vulnerability order deterministic (#165, thanks @bcaller)

🐛 Bugfixes

  • Fixed VarsVisitor RuntimeError on code like f(g(a)(b)(c)) (#163, thanks @bcaller)

🔭 Precision

  • Taint propagates from methods of tainted objects (#167, thanks @bcaller)

🐍 Miscellaneous

  • Cleaned test cases of extraneous reassignments (#166, thanks @bcaller)

0.38

August 2nd, 2018

🎉 New Features

🐛 Bugfixes

🐍 Miscellaneous

0.37

July 30th, 2018

🎉 New Features

  • Ability to analyze directories, -r Recursive option (#129, thanks @omergunal)
  • Added --dont-prepend-root option, makes it so that we don't require imports start with project_root.* (#151, thanks @bcaller)
  • Added --no-local-imports option, to require absolute imports be relative to the project root (#151, thanks @bcaller)
  • PEP 498 support, formatted string literals (#142, thanks @bcaller)
  • PEP 526 support, syntax for variable annotations (#143, thanks @bcaller)
  • Whitelist lines of sources and sinks ending in # nosec (#121, thanks @omergunal)

🔭 Precision

  • Added per-arg taint, for sink functions (#147, thanks @bcaller)
  • AugAssign, Yield, and YieldFrom taint propagation improvements (#155, thanks @bcaller)
  • Improved tuple assingment to be more precise and support starargs (#150, thanks @bcaller)

🐛 Bugfixes

  • Fixed a bug where get_call_names only handled ast.Attribute nodes (#148, thanks @bcaller)
  • Fixed a bug where vars_visitor.py crashed on Python 3.5 dict syntax (#144, thanks @bcaller)

🎭 Performance

  • Added an lru_cache to the generate_ast function (#153, thanks @bcaller)

🎓 Walkthrough / Help

  • Added README.rst files to almost every directory. (Partially #126)

🐍 Miscellaneous

  • Added tests for vars_visitor.py, making our overall coverage 91% (#139, thanks @stannum-l)
  • Cleaned and organized requirements, setup.py, tox.ini and .travis.yml (#152, thanks @bcaller)
  • Cleaned up the new pyt/core/ folder (#132)
  • Fixed all flake8 errors (#114 & #130, thanks @cclauss)
  • Re-organized the entire codebase into different directories (#126)
  • Return exit code 1 if any non-sanitised vulnerabilities are found (#156, thanks @bcaller)

0.34

April 24th, 2018

🎉 New Features

✨ Usability

  • Combined all source/sink information files and made it the default (#116)

🔭 Precision

  • Fixed a bug where Post.query.paginate propagated taint (#115)
  • Fixed a false-positive where self was marked as taint (#119, thanks @lFatty)

🐛 Bugfixes

  • Fixed a bug where visit_Raise raised a TypeError (#117, thanks @lFatty)
  • Fixed a bug where we were not including pyt/vulnerability_definitions files (#122, thanks @Ekultek)
  • Fixed an infinite loop bug that was caused while handling certain loops (#118)

🐍 Miscellaneous