github Bearer/bearer v0.25.0

latest releases: v1.46.4, v1.46.3-rc.0, v1.46.2...
21 months ago

Highlights

  • We now support Algolia, Airbrake, Bugsnag, Open Telemetry, New Relic, and Segment on JavaScript
  • We now support ClickHouse, and Google Analytics on Ruby
  • We increased our OWASP Top 10 coverage on both Ruby and JavaScript
  • Project is renamed from Curio to Bearer
  • We removed DSR (our own stuff) to use standard CWE instead.

Changelog

  • f858b18 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.181 to 1.44.199 (#558)
  • af614f5 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.199 to 1.44.204 (#614)
  • 6b557e4 chore(deps): bump github.com/open-policy-agent/opa from 0.48.0 to 0.49.0 (#559)
  • eb34366 chore(deps): bump golang.org/x/mod from 0.7.0 to 0.8.0 (#561)
  • 2a74803 chore(deps): bump golang.org/x/net from 0.2.0 to 0.7.0 in /battle_tests/quickstart (#612)
  • b04fdd4 chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 (#613)
  • d7a80d0 chore(deps): bump golang.org/x/oauth2 from 0.4.0 to 0.5.0 (#560)
  • e88963b chore(deps): bump google.golang.org/api from 0.109.0 to 0.110.0 (#615)
  • acee9e2 chore(rename): codebase packages (#625)
  • 87dedd6 chore(rename): curio to bearer banner (#609)
  • 0561a77 chore(rename): vars, urls and arguments (#628)
  • 528dd0b chore: redo rules tests (#603)
  • 457310c chore: remove dataflow tests (#589)
  • bcee4fe chore: update rule descriptions (#638)
  • 5f64daa ci(battletest): fix json marshaling (#555)
  • 7454623 ci(battletest): run summary output in all cases (#585)
  • 3e63dc2 ci(goreleaser): update deprecated argument (#610)
  • e226b87 docs(fix): Update remediation messages for js/ruby rules (#556)
  • 64173bc docs(fix): resolve incomplete sitemap bug (#571)
  • f774f10 docs(rename): Update doc site branding/colours (#635)
  • 10388d2 docs(rename): change name curio to bearer (#611)
  • c50c2cf docs(rename): let people know doc may be outdated (#616)
  • b98110a docs(rename): update site logo (#631)
  • 198eb3a docs(rule): rename rules (#627)
  • 1c050d4 feat(JS rules): add CWE 548 for JS express (#617)
  • c7ce0f9 feat(JS rules): add CWE 601 for express (Open Redirect) (#641)
  • 9878f93 feat(JS rules): add check for no-entity flag in libXML calls (#619)
  • 65c1f69 feat(JS rules): add express rule against server side request forgery (#636)
  • 57f5d02 feat(JS rules): add express rule around unsafe deserialization (#630)
  • 15b5b30 feat(JS rules): add express rule for insecure reference resolution (#634)
  • c286ad0 feat(JS rules): add express rule for sql injection (#648)
  • 7ef4369 feat(JS rules): add rule for express cross-site scripting (#643)
  • 1725cf5 feat(JS rules): express.js path traversal (#645)
  • 0625cae feat(JS rules): extend CWE-611 for express (#640)
  • f1d5475 feat(js rules): add Algolia (#574)
  • e4cb525 feat(js rules): add airbrake rule (#598)
  • e03bab8 feat(js rules): add bugsnag rule (#593)
  • 4f9b217 feat(js rules): add open telemetry rule (#597)
  • 782ff6e feat(js rules): add rule for new relic (#578)
  • 24a9cba feat(js rules): add segment rule (#582)
  • 495232e feat(ruby rules): add ClickHouse (#568)
  • 566ac52 feat(ruby rules): add google analytics (#564)
  • eaaed72 feat(ruby rules): add ruby google dataflow rule (#553)
  • 7e28dbe feat(summary): condense rule list and show CWE (#647)
  • 45eadee feat: add "not" and regex filters (#575)
  • 31a30e5 feat: add CWE ids to newer JS rules (#602)
  • bed26f3 feat: add datadog browser rule (#581)
  • 9e4f531 feat: add datadog(hot-shots) rule (#576)
  • 53e7fe4 feat: add elasticsearch (#580)
  • c9b815d feat: add google analytics rule (#566)
  • b947c2c feat: add honeybadger js rule (#596)
  • e71b235 feat: add javascript react google analytics rule (#567)
  • bb06b74 feat: add javascript rule for google tag manager (#554)
  • 02c751a feat: add jwt weak encryption (#652)
  • fa8c122 feat: add rails open redirect rule (#649)
  • ecebb04 feat: add rollbar (#595)
  • 82092fa feat: insecure http password and weak encryption (#632)
  • e4fc9ba feat: javascript http insecure rule (#551)
  • e23dbcc feat: jwt hardcoded secret (#650)
  • cf86bff feat: log when loading rules (#599)
  • efb1037 feat: optimise compilation time (#618)
  • e7ddfd7 feat: ruby BigQuery rule (#563)
  • bef4292 feat: ruby CWE-502 deserialization of user input (#583)
  • 3214c9a feat: ruby rule for CWE-94 eval using user input (#587)
  • d49bf1b feat: ruby rule for ftp using user input (#626)
  • f9ce066 feat: ruby rule for path using user input (#624)
  • cd0eb22 feat: ruby rule for session key using user input (#590)
  • af8a13f feat: ruby rule for user input in http url (#646)
  • a8041cd feat: rules e2e (#621)
  • 9309dbc fix: fix algolia JS client patterns (#586)
  • a93c1c4 fix: fix algolia integration test (#579)
  • 0e26e2d fix: fix severity and remove DSW for JS insecure XML ref rule (#623)
  • 9c79e95 fix: flow and nested detections (#572)
  • 4e941b9 fix: ruby file generation (#565)

Don't miss a new bearer release

NewReleases is sending notifications on new releases.