Warm Ocean

Overview

This release provides a human readable output option (--pretty), binary wheels to simplify installation on common platforms, and adds support for additional archive types.

🛠️ New Features

• Human readable output.
  • Via --pretty command-line option.
  • Designed for humans, where SARIF is designed for machines.
• New archives types supported.
  • eXtensible ARchive format (xar).
    • Also provides support for macOS pkg files.
  • CPIO (cpio).
    • Enables processing of several new archive types, such as rpm.
  • Microsoft Cabinet (cab).
  • archiver (ar).
    • Enables processing of several new archive types, such as dpkg.
  • Roshal Archive (rar).

🍩 Improvements

• Binary wheels are now provided for popular platforms.
  • This should remove the need to fight with out-of-date libarchive on macOS.

🐛 Bug Fixes

• Fixed several issues when processing malformed archives.

Choppy Ocean

Overview

This release introduces a number of convenience and performance improvements to STACS.

🛠️ New Features

• Exit status is now non-zero if there are unsuppressed findings.
  • This was based on the suggestion as part of #19.
  • Exit status is now 100 when there are unsuppressed findings.
• STACS supports multiple paths to scan.
  • This was based on the suggestion as part of #18.
  • Mutiple paths can now be passed directly to STACS at runtime, and they will all be scanned.
• When running a container, specification of thread count, whether to enable debug, and whether to skip unprocessable archives can be controlled by environment variables
  • STACS_SKIP_UNPROCESSABLE
  • STACS_THREADS
  • STACS_DEBUG

🍩 Improvements

• SIGNIFICANT performance improvements due to optimisation of rules.
  • In testing this has seen scan runtime improvements of up to 8x in some cases.
• Dependencies have been updated.

🐛 Bug Fixes

• Resolved a minor edge-case where non UTF-8 characters would break sample generation.
  • Unprocessable samples will now be base64 encoded - the same way that binary data is handled.

Dark Ocean

Overview

This release adds a few convenience features to STACS. It also relaxes the version constraint to allow STACS to be installed under Python 3.8.

🛠️ New Features

• Specification of the number of threads is now possible via --threads (defaults to: 10)

🍩 Improvements

• Version constraint has been relaxed to allow Python 3.8 (per request #16).
• Cache directories are attempted to be cleaned-up after run.
• Cache directories now have a timestamp appended to avoid collisions if previous run failed.
• Minor changes to release management process to allow easier rebuilds of containers with new rules.

🐛 Bug Fixes

• N/A

Shallow Ocean

Overview

This release makes a small change to the way the STACS container runs. The container entrypoint now checks whether the scan directory contains an ignore list. If so, this will be loaded automatically.

🛠️ New Features

• The STACS container now attempts to automatically load a stacs.ignore.json from the scan directory.
• Latest STACS rules, including new rules for:
  • JSON Web Tokens (JWTs)
  • Stripe API tokens (secret keys).

🍩 Improvements

• Clean-up of Pydantic validator for the ignore list model.

🐛 Bug Fixes

• N/A

Rough Ocean

Overview

🛠️ New Features

• Added the ability to skip corrupt archives rather than failing the STACS run.
  • This must be explicitly enabled using the --skip-unprocessable flag.
  • A warning message will be produced for each 'skipped' archive.

🍩 Improvements

• Added additional debug level logging related to file enumeration.
  • This output is only provided when run with the --debug flag.

🐛 Bug Fixes

• N/A

Calm Ocean

Overview

This releases uses a different libarchive wrapper in order to improve compatibility, due to an unresolved issue with the currently used wrapper.

🛠️ New Features

• N/A

🍩 Improvements

• Move to python-libarchive from libarchive for better cross distribution compatibility.
  • This is mostly a work around, so it may be swapped in future, but this should be a transparent change.

🐛 Bug Fixes

• N/A

Deep Ocean

Overview

🛠️ New Features

• N/A

🍩 Improvements

• N/A

🐛 Bug Fixes

• Adjust samples to ensure that the sample after the finding starts from the end of the finding, rather than the start.

Clear Ocean

Overview

🛠️ New Features

• N/A

🍩 Improvements

• Added development extras to simplify development environment setup.
• Identification of rules now uses the rule identifier, rather than name.

🐛 Bug Fixes

• Fix off-by-one in finding line number counting.

Windy Cavern

Overview

🛠️ New Features

• N/A

🍩 Improvements

• N/A

🐛 Bug Fixes

• Ensure ignore-lists without a module specified default to a fully qualified module (stacs.scan.scanner.rules).

Stormy Cavern

Overview

🛠️ New Features

• N/A

🍩 Improvements

• N/A

🐛 Bug Fixes

• Minor fixes to use the correct offset for ISO file magic.