Skip to content

Latest commit

 

History

History
424 lines (272 loc) · 14 KB

CHANGELOG.md

File metadata and controls

424 lines (272 loc) · 14 KB
Raw

What's New

Thanks to all our contributors, users, and the many people that make detect-secrets possible! ❤️

If you love detect-secrets, please star our project on GitHub to show your support! ⭐

v0.12.2

March 21st, 2019

🐛 Bugfixes

  • Fixed a bug where the improved performance for high-entropy strings (#144) did not work on Python 2 (#147)

v0.12.1

March 21st, 2019

🎭 Performance

  • Improved performance when scanning for high-entropy strings (#144, thanks @killuazhu)

🎉 New Features

🔭 Accuracy

  • For the KeywordDetector plugin: made quotes required for secrets in .cls and .java files, and skipped {{secrets like this}} in YAML files (#133/#145)

🐛 Bugfixes

  • Fixed an uncaught UnicodeEncodeError exception in our ini file parser, when using Python 2 (#143)

🐍 Miscellaneous

  • Fixed the example pre-commit configuration in the README (#135, thanks @nymous) (#138, thanks @neunkasulle)
  • Refactored some audit code into CodeSnippet and CodeSnippetHighlighter classes (#137)

v0.12.0

February 11th, 2019

🎉 New Features

  • Added a SlackDetector plugin (#122, thanks @killuazhu)
  • Added a --use-all-plugins argument to --update that adds all plugins to the baseline (#124, thanks @killuazhu)
  • Added --exclude-files and --exclude-lines arguments to scan (#127)

💥 Breaking Changes

  • Removed the --exclude CLI scan argument (#127)

🔭 Accuracy

  • Reduced false-positives by excluding more characters (!$&\';) in the BasicAuthDetector regex (#126, #123, thanks @killuazhu)
  • Added more to the FALSE_POSITIVES dict for the KeywordDetector plugin, including password (#118)

🐛 Bugfixes

  • Fixed a bug where --update was adding all plugins to the baseline, instead of respecting the plugins used in the baseline (#124, thanks @killuazhu)
  • Fixed an uncaught UnicodeEncodeError exception when scanning non-ini files (e.g. markdown) containing unicode, when using Python 2 (#128, thanks @killuazhu)
  • Fixed a bug where non-ini files (e.g. markdown) containing unicode caused a UnicodeEncodeError exception in the audit functionality, when using Python 2 (#129, thanks @killuazhu)
  • Fixed a bug where non-posix end of line characters caused a "Secret not found on line...." error in the audit functionality (#120, thanks @killuazhu)
  • Fixed a bug where scan_diff, called by detect-secrets-server, was ignoring inline pragma: whitelist secret comments (#127)

🐍 Miscellaneous

v0.11.4

January 7th, 2019

🐛 Bugfixes

  • Fixed a TypeError bug introduced in #111 (#116)

v0.11.3

January 4th, 2019

🐛 Bugfixes

  • Fixed a bug where we were adding an extra-newline in detect-secrets scan output (#111)

🐍 Miscellaneous

  • Reorganized the code, mainly creating a common/ directory (#113)

v0.11.2

January 4th, 2019

🔭 Accuracy

v0.11.1

January 4th, 2019

🎉 New Features

  • Turned the KeywordDetector plugin back on, with new regexes and accuracy improvements (#86)
  • Added an AWSAccessKeyDetector plugin (#100)
  • Added the ability to scan .ini types files that do not have a header (#106)

🔭 Accuracy

  • Add blacklisting of PGP private key headers in PrivateKeyDetector plugin (#104)
  • Reduced false-positives by improving BasicAuthDetector plugin regex (#98)

🐛 Bugfixes

  • Fixed a bug where we were not showing removed lines in the audit functionality (#98)

🐍 Miscellaneous

  • Added whitelist directive regexes to match against inline comment syntaxes in more languages (#105)
  • Refactored various detectors to use RegexBasedDetector (#103)
  • Refactored the BashColor singleton into the colorize function (#109)
  • Small improvements to existing file parsers (#107)
  • Refactored the BasePlugin to use the WHITELIST_REGEX (#99)
  • Removed unidiff from standard dependencies (#101)

v0.11.0

November 26th, 2018

🎉 New Features

  • Made the pre-commit hook automatically update the baseline (#96)
  • Added the audit --diff functionality (#95)

🎨 Display Changes

  • Added display of secret type in audit functionality (#94)

v0.10.5

October 30th, 2018

🎨 Display Changes

  • Added a "Please git add the baseline" message (#89)
  • Improved the "Unable to open baseline file" message (#91)

🐛 Bugfixes

  • Update scan --update results to only propagate is_secret of new secrets (#90)

0.10.4

October 23rd, 2018

💥 Breaking Changes

  • Disabled KeywordDetector plugin temporarily (#89)

🎨 Display Changes

  • Ordered baseline hashes, for better diffs (#84)
  • Added a "Please git add the baseline" message (#89)
  • Improved error messages for pre-commit hook (#85)

🐛 Bugfixes

  • Fixed a couple bugs in the audit functionality, one for small files and the other case-sensitivity in the KeywordDetector plugin (#83, thanks @jkozera)

0.10.3

October 4th, 2018

🎉 New Features

  • Added a KeywordDetector plugin, that was horrible and regretful (#76)

🐛 Bugfixes

  • Fixed a bug in scan --update where we would append the baseline exclude regex to itself (#78)
  • Fixed the regular expression in the BasicAuthDetector plugin so that it didn't run forever (#80)
  • Removed trailing whitespace from scan output (#78)

🐍 Miscellaneous

  • Added command line hints and baseline clarification in the README (#81, thanks @JoshuaRLi)

0.10.2

September 12th, 2018

🎉 New Features

  • Added a (b)ack option to 'Is this a valid secret?' (#72, thanks @cleborys)
  • Added a BasicAuthDetector plugin (#74)
  • Added CLI functionality to check strings in an adhoc manner (#73)

🐛 Bugfixes

  • Added a check to only load json from stdin if it exists (#69, thanks @guykisel)

🐍 Miscellaneous

0.10.1

August 1st, 2018

🐛 Bugfixes

  • Fixed a bug where we didn't skip sequential strings when we should have (#67)

0.10.0

August 1st, 2018

🎉 New Features

  • Scan --all-files option (#57)
  • YAML inline whitelisting support (#50)

💥 Breaking Changes

  • Changed --audit and --scan to audit and scan (#51)
  • Changed scan --import <baseline> to scan --update <baseline> (#58)

🔭 Accuracy

  • Reduced false-positives caused by sequential strings, e.g. ABCDEF (#64)

🐛 Bugfixes

  • Fixed a bug where the pre-commit code would remove the is_secret attribute from audited baselines (#65)
  • Fixed an audit bug where we would crash if a file in the baseline did not exist (#56)
  • Improved the audit functionality to handle short files better (#48)

0.9.1

June 28th, 2018

🐛 Bugfixes

  • Fixed numbering system with interactive audit
  • Fixed "leapfrog" edge case for audit functionality (#47)

0.9.0

June 27th, 2018

🎉 New Features

  • Added ability to migrate baselines from an older version to a newer version
  • Added functionality to audit baseline, to distinguish difference between false and true positives in the baseline file (#44)
  • Upgraded PrivateKeyPlugin: more search parameters, more lines searched, and secret hash created using payload (rather than the entire line content)

💥 Breaking Changes

  • Differentiate between Base64HighEntropyStrings and HexHighEntropyStrings through secret_type (#26)
  • Got rid of SensitivityValues as a means to store plugin configs

🔭 Accuracy

  • Improved the heuristic for HexHighEntropyStrings, reducing the false positive rates for large numbers identified in code

🐛 Bugfixes

  • Baseline always outputs in sorted order now, to prevent unnecessary diffs (#25)
  • Escape exclude regex statements before compilation (#39)
  • Fixed case where details of plugins used were not included in the baseline, when the pre-commit hook updated it (#40)

🐍 Miscellaneous

  • Simplified logging by removing CustomLog (#46)

Before 0.9.0

🎉 New Features

  • Allow scanning of non-git files (#18)

🔭 Accuracy

  • Improved scanning of INI config files with HighEntropyString (#13, #17)
  • Improved scanning of YAML files with HighEntropyString (#16)

🐛 Bugfixes

  • Fixed PrivateKeyDetector plugin analyze results' representation (#15)