1.4.0 - 2022-06-06
- CHANGES
- Change SCA package name format and signature #118
1.3.2 - 2022-03-09
- FEATURES
- Add str/bytes/bytearray concat hook #106
1.3.1 - 2022-02-23
- FEATURES
- BUGFIXES
- ENHANCEMENTS
- BUILD
- When the github action runs, it automatically triggers openapi to pull the latest agent package #113
1.3.0 - 2022-01-07
1.2.1 - 2022-01-05
- BUGFIXES
- Fix memory leak in fstring hook #97
1.2.0 - 2021-12-31
- FEATURES
- BUGFIXES
- TESTING
- When testing for vulnerabilities, separate Django and Flask project names #94, DockerVulspace#8
1.1.4 - 2021-12-18
- FEATURES
- Add funchook for Python C API functions/methods
- Add
fstringpatch - Add
str/bytes/bytearraycformat(%)patches - Add
str.__new__,bytes.__new__,bytearray.__init__patches - Add
pickle.load,pickle.loadshook rules for Insecure Deserialization detection - Add some filtering rules for HTML escaping
- BUGFIXES
- Fix
yaml.loadandyaml.load_allsink parameters check
- Fix
- CHANGES
- Change
yaml.load,yaml.unsafe_loadstrategy type to Insecure Deserialization - For requests containing multiple sink methods, tracking is no longer stopped after the first sink method is detected
- Change
- BUILD
- Support for C extension build under Windows
- Add build actions on Ubuntu/macOS/Windows
1.1.3 - 2021-12-03
- FEATURES
- Use the environment variable
ENGINE_NAMEto customize agent name - Use the environment variable
LOG_PATHto customize log file path - Add
exechook and policy rule to detect code execution vulnerabilities
- Use the environment variable
- ENHANCEMENTS
- Code refactoring: Add scope to prevent recursive execution of the agent's own code
- Code refactoring: Add runtime settings and replace the configuration that uses global variables
- Code refactoring: Add request context to store tainted data
- Performance improvements: Tainted data processing optimization
- Performance improvements: Remove unnecessary
listpolicy rules
- BUGFIXES
- Fix
evalexceptions with contextual variables
- Fix
1.1.1 - 2021-11-20
- FEATURES
- Add agent auditing on startup
- Use environment variable
PROJECT_VERSIONfor auto create project version
- ENHANCEMENTS
- Add Django template hook rule for XSS detection
- Add old version werkzeug request body hook rule
- Add Django route match hook rule
- BUGFIXES
- Fix SQL injection sink arguments processing
- Fix the duplicate agent name caused by using the same configuration file under multiple frameworks
- Fix the problem that Django response body is getting empty
- Fix object hash generation method to avoid duplicate hashes
- Fix the problem of method pooling under multiple threads
- Fix the case that some methods return values from their own parameters
- Fix old version werkzeug compatibility
1.1.0 - 2021-11-05
- FEATURES
- Agent pause/start by DongTai server
- Agent pause/start based on system resource usage
- Use environment variable
AUTO_CREATE_PROJECT=1for auto create project - Report Agent startup time
- Add Reflected XSS detection
- Add XXE detection
- Add SSRF detection
- BUGFIXES
- Fix report data parameter
classNameto fully named class name - Fix report data request/response body format
- Fix streaming response processing
- Fix response body processing
- Fix Django request form data processing
- Fix missing
kwargsparameter for taint data - Fix invalid tainted data in method pool
- Fix incorrect filter of tainted data
- Fix report data parameter
- BUILD
- Auto upload package to Aliyun OSS by Github actions
- Add vulnerability testing Github actions
- TESTING
- Add vulnerability testing script
1.0.6 - 2021-10-26
- Auto update on start with
dongtai-cli - Pull policy rules from openapi
- Change report data parameter
- Asynchronous report data
- Add data pending report count
- Fix agent name format
- Fix environment value get on windows