What's New
November 24, 2018 ยท View on GitHub
Thanks to all our contributors, users, and the many people that make PyT possible! :heart:
If you love PyT, please star our project on GitHub to show your support! :star:
Unreleased
:tada: New Features
0.42
November 1st, 2018
:boom: Breaking Changes
:tada: New Features
- Function calls such as
list.appendanddict.updatenow propagate taint to the list or dict (#181, thanks @bcaller)
:bug: Bugfixes
0.40
September 11th, 2018
:mega: Release Highlights
:boom: Breaking Changes
- Removed
--trimoption (#169)
:tada: New Features
:bug: Bugfixes
- Recursive functions don't cause
RecursionError(#173, thanks @bcaller) - Handling of chained functions improved (#171, thanks @bcaller)
0.39
August 21st, 2018
:tada: New Features
- Added handling of assignment unpacking e.g.
a, b, c = d(#164, thanks @bcaller) - Made file loading and vulnerability order deterministic (#165, thanks @bcaller)
:bug: Bugfixes
:telescope: Precision
:snake: Miscellaneous
0.38
August 2nd, 2018
:tada: New Features
:bug: Bugfixes
- Fixed a bug where we wrote to the default_blackbox_mapping file even if the
-ioption was not being used. (#161, thanks @polyzen)
:snake: Miscellaneous
0.37
July 30th, 2018
:tada: New Features
- Ability to analyze directories,
-rRecursive option (#129, thanks @omergunal) - Added
--dont-prepend-rootoption, makes it so that we don't require imports start withproject_root.*(#151, thanks @bcaller) - Added
--no-local-importsoption, to require absolute imports be relative to the project root (#151, thanks @bcaller) - PEP 498 support, formatted string literals (#142, thanks @bcaller)
- PEP 526 support, syntax for variable annotations (#143, thanks @bcaller)
- Whitelist lines of sources and sinks ending in
# nosec(#121, thanks @omergunal)
:telescope: Precision
- Added per-arg taint, for sink functions (#147, thanks @bcaller)
- AugAssign, Yield, and YieldFrom taint propagation improvements (#155, thanks @bcaller)
- Improved tuple assingment to be more precise and support starargs (#150, thanks @bcaller)
:bug: Bugfixes
- Fixed a bug where
get_call_namesonly handledast.Attributenodes (#148, thanks @bcaller) - Fixed a bug where
vars_visitor.pycrashed on Python 3.5 dict syntax (#144, thanks @bcaller)
:performing_arts: Performance
:mortar_board: Walkthrough / Help
- Added
README.rstfiles to almost every directory. (Partially #126)
:snake: Miscellaneous
- Added tests for
vars_visitor.py, making our overall coverage 91% (#139, thanks @stannum-l) - Cleaned and organized requirements,
setup.py,tox.iniand.travis.yml(#152, thanks @bcaller) - Cleaned up the new
pyt/core/folder (#132) - Fixed all flake8 errors (#114 & #130, thanks @cclauss)
- Re-organized the entire codebase into different directories (#126)
- Return exit code 1 if any non-sanitised vulnerabilities are found (#156, thanks @bcaller)
0.34
April 24th, 2018
:tada: New Features
- Baseline support (#106, thanks @omergunal)
:sparkles: Usability
- Combined all source/sink information files and made it the default (#116)
:telescope: Precision
- Fixed a bug where
Post.query.paginatepropagated taint (#115) - Fixed a false-positive where
selfwas marked as taint (#119, thanks @lFatty)
:bug: Bugfixes
- Fixed a bug where
visit_Raiseraised aTypeError(#117, thanks @lFatty) - Fixed a bug where we were not including
pyt/vulnerability_definitionsfiles (#122, thanks @Ekultek) - Fixed an infinite loop bug that was caused while handling certain loops (#118)
:snake: Miscellaneous
- Moved out a bunch of historical files to the ReadTheDocs repo (#110, #111)