Releases: DataDog/guarddog
Releases · DataDog/guarddog
v1.2
What's Changed
Features:
- Add new heuristics for the download-executable module by @romain-dd in #214
Enhancements:
- Create tests to evaluate the number of false positives and false negatives by @romain-dd in #222
- Do not use strict version constraints in pyproject.toml by @AngellusMortis in #245
- Optimize docker container by @AngellusMortis in #252
Bug fixes:
- Fix: Only one result per sourcecode rule is shown #187 by @H4dr1en in #250
- Fixes unclosed file by @AngellusMortis in #260
Chores:
- Bump pygit2 from 1.11.1 to 1.12.0 by @dependabot in #216
- Bump setuptools from 67.6.0 to 67.6.1 by @dependabot in #215
- Bump pytest from 7.2.2 to 7.3.0 by @dependabot in #219
- Bump prettytable from 3.6.0 to 3.7.0 by @dependabot in #218
- Bump pytest from 7.3.0 to 7.3.1 by @dependabot in #224
- Bump termcolor from 2.2.0 to 2.3.0 by @dependabot in #225
- Bump setuptools from 67.6.1 to 67.7.2 by @dependabot in #226
- Bump platformdirs from 3.2.0 to 3.5.0 by @dependabot in #228
- Bump requests from 2.28.2 to 2.29.0 by @dependabot in #227
- Bump docker from 6.0.1 to 6.1.1 by @dependabot in #235
- Cleanup Unused Deps by @AngellusMortis in #246
- Bump setuptools from 67.7.2 to 68.0.0 by @dependabot in #248
- Bump mypy from 1.4.0 to 1.4.1 by @dependabot in #255
- Bump pytest from 7.3.2 to 7.4.0 by @dependabot in #256
- Bump pygit2 from 1.11.1 to 1.12.2 by @dependabot in #254
New Contributors
- @AngellusMortis made their first contribution in #245
- @H4dr1en made their first contribution in #250
Full Changelog: v1.1.4...v1.2
Contributors
AngellusMortis, H4dr1en, and 2 other contributors
Assets 2
v1.1.4
What's Changed
Minor enhancements and bug fixes:
- Detect when join(...) is used in exec/eval/... functions by @romain-dd in #207
- Bump tarsafe version to benefit from a performance improvement by @christophetd in #209
- Allow specifying a location where to cache top packages by @christophetd in #213
Chores:
- Bump platformdirs from 3.0.0 to 3.1.1 by @dependabot in #203
- Bump urllib3 from 1.26.14 to 1.26.15 by @dependabot in #201
- Bump setuptools from 67.4.0 to 67.6.0 by @dependabot in #202
- Bump typing-extensions from 4.3.0 to 4.5.0 by @dependabot in #200
- Bump pathspec from 0.11.0 to 0.11.1 by @dependabot in #208
- Bump platformdirs from 3.1.1 to 3.2.0 by @dependabot in #211
New Contributors
- @romain-dd made their first contribution in #207
Full Changelog: v1.1.3...v1.1.4
Contributors
christophetd, dependabot, and romain-dd
Assets 2
v1.1.3
38105ae
This commit was signed with the committer’s verified signature.
christophetd
Christophe Tafani-Dereeper
What's Changed
Bug fixes:
- Fix integrity rule crash when a project does not have a homepage URL set (#190) by @christophetd in #199
- Fix 'potentially_compromised_email_domain' behavior when a package on… by @christophetd in #198
Chores:
- Bump colorama from 0.4.5 to 0.4.6 by @dependabot in #193
- Bump flake8 from 5.0.4 to 6.0.0 by @dependabot in #196
- Bump pytest from 7.2.1 to 7.2.2 by @dependabot in #192
- Bump tqdm from 4.64.0 to 4.65.0 by @dependabot in #194
- Bump pathspec from 0.9.0 to 0.11.0 by @dependabot in #195
Full Changelog: v1.1.2...v1.1.3
Contributors
christophetd and dependabot
Assets 2
v1.1.2
4ae5645
This commit was signed with the committer’s verified signature.
christophetd
Christophe Tafani-Dereeper
What's Changed
Bug fixes:
- Fix JSON output (#188)
Chores:
- Bump python-dotenv from 0.20.0 to 1.0.0 by @dependabot in #184
- Bump setuptools from 67.3.2 to 67.4.0 by @dependabot in #185
- Bump charset-normalizer from 2.1.0 to 2.1.1 by @dependabot in #181
- Bump wcmatch from 8.4 to 8.4.1 by @dependabot in #183
Full Changelog: v1.1.1...v1.1.2
Contributors
dependabot
Assets 2
v1.1.1
What's Changed
Enhancements:
- Catch code execution through exec(...(zlib.decompress(xxx)) by @christophetd in #164
- Remove incorrect double quotes from semgrep rule for code-execution (closes #178) by @christophetd in #179
Bug fixes:
- Fix duplicate bug in NPM typosquatting algorithm (fixes #131) by @christophetd in #165
- Consider 'guarddog xxx scan .' a local target (fixes #175) by @christophetd in #176
Chores:
- Bump setup-python versions and remove unused files by @christophetd in #167
- Bump setuptools from 65.7.0 to 67.3.2 by @dependabot in #173
- Bump urllib3 from 1.26.11 to 1.26.14 by @dependabot in #171
- Bump mypy-extensions from 0.4.3 to 1.0.0 by @dependabot in #172
Full Changelog: v1.1.0...v1.1.1
Contributors
christophetd and dependabot
Assets 2
v1.1.0
What's Changed
New features:
- Create new heuristic to identify PyPI packages with a single Python file (closes #160) by @christophetd in #162
Enhancements:
- Catch dynamic execution of base64-encoded code through
__import__(fixes #157) by @christophetd in #158
Bug fixes:
- Don't run Semgrep when no sourcecode rule should be run (fixes #161) by @christophetd in #163
- Fix package extraction for namespaced npm packages (fixes #155) by @christophetd in #156
Chores:
- Bump click-option-group from 0.5.3 to 0.5.5 by @dependabot in #152
- Bump docker from 6.0.0b1 to 6.0.1 by @dependabot in #149
- Bump idna from 3.3 to 3.4 by @dependabot in #151
- Bump platformdirs from 2.5.2 to 3.0.0 by @dependabot in #150
- Sync requirements.txt by @christophetd in #154
Full Changelog: v1.0.2...v1.1.0
Contributors
christophetd and dependabot
Assets 2
v1.0.2
What's Changed
Bug fixes:
- Fixed a bug where a local target could be considered a remote one by mistake (e.g.
guarddog pypi scan ../foo) (#147)
Full Changelog: v1.0.1...v1.0.2
v1.0.1
What's Changed
Bug fixes:
- Fix a bug where a remote target could be considered a local one by mistake (#144)
Chores:
- Bump ujson from 5.4.0 to 5.7.0 by @dependabot in #143
- Bump jsonschema from 4.9.1 to 4.17.3 by @dependabot in #142
- Bump websocket-client from 1.3.3 to 1.5.1 by @dependabot in #141
- Bump requests from 2.28.1 to 2.28.2 by @dependabot in #140
- Bump pathos from 0.2.9 to 0.3.0 by @dependabot in #139
Full Changelog: v1.0.0...v1.0.1
Contributors
dependabot
Assets 2
v1.0.0
This is a new major version with breaking changes.
What's Changed
Breaking changes:
- The commands
guarddog scanandguarddog verifyhave been deprecated and will be removed in an upcoming version. Useguarddog pypi scanandguarddog pypi verifyinstead
New features:
- Added support for scanning npm packages (
guarddog npm scan) and package.json (guarddog npm verify) - Support SARIF output to allow for easy use with GitHub Code Scanning
- Added commands
guarddog pypi list-rulesandguarddog npm list-rules - Support verbose debugging output through
guarddog --log-level debug ...
New heuristics:
- New Python heuristic
silent-process-executionto identify packages silently executing processes, similar to the Pytorch attack - New PyPI metadata heuristic:
repository_integrity_mismatchcompares the contents of a package on PyPI with its contents on GitHub, and flags packages that have extraneous or modified files not reflected on GitHub - New npm heuristic: typosquatting
- New npm heuristic: detecting silent process execution
- New npm heuristic: detecting post and pre-install hooks
- New npm heuristic: detecting when a npm package serializes
process.env
Cosmetics:
- GuardDog now has an official logo!
- README heuristics documentation is now automatically generated and injected in the README
Minor changes:
- chores: Bump certify version to fix GHSA-43fp-rhv2-5gv8
Full Changelog: v0.1.10...v1.0.0
v0.1.10
What's Changed
- Add pre-commit hooks configuration for local development by @christophetd in #107
- Fixing False Positives and Duplicate Errors in the Typosquatting Algorithm by @QuinceyJames in #108
New Contributors
- @QuinceyJames made their first contribution in #108
Full Changelog: v0.1.9...v0.1.10
Contributors
christophetd and QuinceyJames