Releases: stacscan/stacs
Releases · stacscan/stacs
Warm Ocean
Overview
This release provides a human readable output option (--pretty
), binary wheels to simplify installation on common platforms, and adds support for additional archive types.
🛠️ New Features
- Human readable output.
- Via
--pretty
command-line option. - Designed for humans, where SARIF is designed for machines.
- Via
- New archives types supported.
- eXtensible ARchive format (
xar
).- Also provides support for macOS
pkg
files.
- Also provides support for macOS
- CPIO (
cpio
).- Enables processing of several new archive types, such as
rpm
.
- Enables processing of several new archive types, such as
- Microsoft Cabinet (
cab
). - archiver (
ar
).- Enables processing of several new archive types, such as
dpkg
.
- Enables processing of several new archive types, such as
- Roshal Archive (
rar
).
- eXtensible ARchive format (
🍩 Improvements
- Binary wheels are now provided for popular platforms.
- This should remove the need to fight with out-of-date
libarchive
on macOS.
- This should remove the need to fight with out-of-date
🐛 Bug Fixes
- Fixed several issues when processing malformed archives.
Choppy Ocean
Overview
This release introduces a number of convenience and performance improvements to STACS.
🛠️ New Features
- Exit status is now non-zero if there are unsuppressed findings.
- This was based on the suggestion as part of #19.
- Exit status is now
100
when there are unsuppressed findings.
- STACS supports multiple paths to scan.
- This was based on the suggestion as part of #18.
- Mutiple paths can now be passed directly to STACS at runtime, and they will all be scanned.
- When running a container, specification of thread count, whether to enable debug, and whether to skip unprocessable archives can be controlled by environment variables
STACS_SKIP_UNPROCESSABLE
STACS_THREADS
STACS_DEBUG
🍩 Improvements
- SIGNIFICANT performance improvements due to optimisation of rules.
- In testing this has seen scan runtime improvements of up to 8x in some cases.
- Dependencies have been updated.
🐛 Bug Fixes
- Resolved a minor edge-case where non UTF-8 characters would break sample generation.
- Unprocessable samples will now be base64 encoded - the same way that binary data is handled.
Dark Ocean
Overview
This release adds a few convenience features to STACS. It also relaxes the version constraint to allow STACS to be installed under Python 3.8.
🛠️ New Features
- Specification of the number of threads is now possible via
--threads
(defaults to:10
)
🍩 Improvements
- Version constraint has been relaxed to allow Python 3.8 (per request #16).
- Cache directories are attempted to be cleaned-up after run.
- Cache directories now have a timestamp appended to avoid collisions if previous run failed.
- Minor changes to release management process to allow easier rebuilds of containers with new rules.
🐛 Bug Fixes
- N/A
Shallow Ocean
Overview
This release makes a small change to the way the STACS container runs. The container entrypoint now checks whether the scan directory contains an ignore list. If so, this will be loaded automatically.
🛠️ New Features
- The STACS container now attempts to automatically load a
stacs.ignore.json
from the scan directory. - Latest STACS rules, including new rules for:
- JSON Web Tokens (JWTs)
- Stripe API tokens (secret keys).
🍩 Improvements
- Clean-up of Pydantic validator for the ignore list model.
🐛 Bug Fixes
- N/A
Rough Ocean
Overview
🛠️ New Features
- Added the ability to skip corrupt archives rather than failing the STACS run.
- This must be explicitly enabled using the
--skip-unprocessable
flag. - A warning message will be produced for each 'skipped' archive.
- This must be explicitly enabled using the
🍩 Improvements
- Added additional debug level logging related to file enumeration.
- This output is only provided when run with the
--debug
flag.
- This output is only provided when run with the
🐛 Bug Fixes
- N/A
Calm Ocean
Overview
This releases uses a different libarchive wrapper in order to improve compatibility, due to an unresolved issue with the currently used wrapper.
🛠️ New Features
- N/A
🍩 Improvements
- Move to
python-libarchive
fromlibarchive
for better cross distribution compatibility.- This is mostly a work around, so it may be swapped in future, but this should be a transparent change.
🐛 Bug Fixes
- N/A
Deep Ocean
Overview
🛠️ New Features
- N/A
🍩 Improvements
- N/A
🐛 Bug Fixes
- Adjust samples to ensure that the sample after the finding starts from the end of the finding, rather than the start.
Clear Ocean
Overview
🛠️ New Features
- N/A
🍩 Improvements
- Added
development
extras to simplify development environment setup. - Identification of rules now uses the rule identifier, rather than name.
🐛 Bug Fixes
- Fix off-by-one in finding line number counting.
Windy Cavern
Overview
🛠️ New Features
- N/A
🍩 Improvements
- N/A
🐛 Bug Fixes
- Ensure ignore-lists without a
module
specified default to a fully qualified module (stacs.scan.scanner.rules
).
Stormy Cavern
Overview
🛠️ New Features
- N/A
🍩 Improvements
- N/A
🐛 Bug Fixes
- Minor fixes to use the correct offset for ISO file magic.