Highlights
- Further OWASP Top 10 coverage on both Ruby and JavaScript
- Fix some false positives notably #673 and #675
Changelog
- b978e90 chore(deps): bump github.com/aws/aws-sdk-go from 1.44.204 to 1.44.209 (#669)
- 44cad85 chore(deps): bump github.com/open-policy-agent/opa from 0.49.0 to 0.49.2 (#668)
- cb33381 chore(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#670)
- 84fd36b chore(deps): bump github.com/weppos/publicsuffix-go from 0.20.0 to 0.30.0 (#671)
- ee20cb9 chore(deps): bump github.com/zricethezav/gitleaks/v8 from 8.15.3 to 8.16.0 (#672)
- 8bbf6bc chore: fix open redirect snapshot (#653)
- 92ef2f9 docs(action): update links and version of github action (#677)
- 5031541 docs(fix): readme broken link (#681)
- 4efef6b docs(rename): readme updates (#620)
- b0adc93 docs(update): Updating documentation (#663)
- a8606c4 feat(JS rules): Add CWE 89 SQL injection rule for AWS lambda (#655)
- b49b54a feat(JS rules): add CWE-78 AWS OS command injection (#661)
- 83b946d feat(JS rules): add express rule for UI redress / clickjacking (#651)
- c0d3f29 feat(JS rules): express sendFile with request data (#622)
- 8f94547 feat(javascript rule): hardcoded string support (#678)
- f018419 feat(ruby rule): add rails render to path rule (#656)
- 850933a feat(ruby rule): add rule for exec using user input (#654)
- e1d0859 feat: add js express knex sqli rule (#662)
- fb746ef feat: add rule for dangerous eval (#658)
- e98d439 feat: enrich eval user input rule (#667)
- 8c341ce feat: rails rule for insecure disabling callback (#657)
- ab95571 feat: update JS express rule descriptions (#660)
- 79bfd05 fix(rules): check languages in data types for missing encryption (#675)
- 3b78b05 fix(summary): fix display for summary (#680)
- 1ca0ad5 fix: fix false positives on req detection (#673)