Releases: coffeeandsecurity/DakshSCRA
Beta Release v0.25
- Fixed issues related to -android flag
- Updated few rules
Beta Release v0.24
Introduced support for opening/parsing files with a fallback encoding mechanism.
- Supported Encodings: ISO-8859-1, UTF-8 (default).
- Encodings are configurable and can be extended by modifying the fallback_order parameter in the readfile_FallbackEncoding helper function located in /utils/file_utils.py.
- The ability to configure or set the file encoding will later be moved to a configuration file, enabling users to make changes without altering the code files.
Improved Console Output:
- Long file paths displayed during scanning are now redacted or partially obscured to prevent unnecessary wrapping and reduce excessive screen scrolling.
Beta Release v0.23
- Added support for -r auto: Automatically detects platforms within the project and applies the corresponding supported rules.
- Fixed a JavaScript rule: Resolved an issue with a specific JavaScript rule for improved accuracy.
Beta Release v0.22
Project Refactor and Reporting Enhancements
This release brings significant improvements to the project structure and reporting features:
Refactoring and Restructuring: As the project has grown in complexity, we've reorganized files and directories to ensure the codebase is more manageable and clean.
Enhanced Reporting:
- Platform-specific headings are now included in reports for better clarity.
- Each reported issue now includes a unique ID for easier tracking.
Improved Report Template: The report template has been revamped, with plans for further iterative improvements in upcoming releases.
Known Issues
- Some reporting inconsistencies exist when scanning multiple platforms simultaneously (e.g., using -r php,java,cpp).
These issues are actively being addressed and will be resolved in future updates. Stay tuned and subscribe to stay updated with the latest releases!
Beta Release v0.21
New Features & Improvements
- Platform-Specific Rule Loading: The -r flag now accepts comma-separated values for platforms (e.g., -r php,cpp,java). Only the specified platform-specific rules will be loaded, and the scan will be restricted to the corresponding project files for each selected platform.
- Isolated Rule Application: Rules are now applied exclusively within each selected platform, preventing cross-application of rules across unrelated platforms. Common, platform-independent rules will continue to apply to all project files.
- Enhanced Rule Optimization: Updated and optimized multiple scanning rules for greater performance and accuracy.
Coming Soon
Stay tuned for more updates and additional rule enhancements!
Beta Release v0.20
Multi-Platform Scan Flag Support - Design Update
This release introduces design changes to enable multi-platform scan flags, allowing the -r flag to support multiple platforms (e.g., PHP, C++, Java) instead of restricting it to a single rule-based scan.
While the flag now interprets and loads platform-specific file types for scanning with respective rules, please note that all platform rules currently apply to all identified platform file types, rather than limiting each rule set to its specific file types. This is a work in progress, and we aim to refine platform-specific rule application in future releases.
Beta Release v0.19
Updates on additional C++ rules
Full Changelog: v0.18-beta...v0.19-beta
Beta Release v0.18
Release Notes: C and C++ Scanning Support (Preliminary)
New Languages Supported:
Preliminary scanning support for C and C++ has been added earlier than planned, based on user interest.
C Rules:
Well-tested and ready to use.
C++ Rules:
Early-stage rules included. A more stable version will be available in a few days after further testing.
How to Scan:
Use the following command to scan C sources:
python3 dakshscra.py -r c -t <path to source directory>
Known Limitations:
- Currently, C and C++ cannot be scanned together.
- A future release will enable merging rule sets with the c-cpp option, allowing seamless scanning across both languages.
Beta Release v0.17
- Included Golang rules - Few rules included, more to be included later
Full Changelog: v0.16-beta...v0.17-beta
Beta Release v0.16
Included Android app specific checks - Early development stage - More work in progress
- Added check to identify misconfigurations or insecure configurations in the manifest file.
- Added Kotlin-specific checks.
This module is still in its initial stage, and work is ongoing to enhance its robustness and include more comprehensive checks.