Releases: ParzivalHack/PySpector
v0.2.0-beta
What's Changed
-
Added a quiet mode (enabled by default) that prevents DEBUG statements from being printed on console during scans, to improve console output visibility, and introduced a new --debug flag, to turn them back on when needed
-
Added 24 new detectors for common creential formats (AWS, GitHub, GitLab,
Slack, Stripe, Google, OpenAI, Anthropic/Claude, SendGrid, PostHog, NPM,
PyPI, Discord, Telegram, DigitalOcean, Doppler, Cloudflare, Heroku,
HubSpot, Fastly...), and tightened False Positives suppression (reducing FP by another 76%) -
Added per-rule CWE fields and CWE-aware cross-rules deduplication, to give priority, in case of 2 distinct vulnerability classes being detected on the same line of code, to the CWE with the highest severity
-
Added new AI rules, tailored specifically to detect dangerous LLM product vulnerabilities (like, Hugging Face model loading leading to RCE, just to name one)
-
Added incremental AST cache to reduce the workload of AstEncoder, which also increased PySpector's scanning speed by 41.9%
-
Introduced a new "watch" command, that monitors in real time a local codebase, scanning only python code changes, and reporting any newly introduced vulnerability, giving CD pipelines and developers a new feature to develop securely while reducing the probability of vulnerable code being pushed and/or deployed
-
Improved the --help flag, which now lists all of PySpector's flags and commands, with also improved descriptions
-
Added new unit tests and improved already existing ones
-
Added significant docs updates all across the project
New Contributors
- @ynachiket made their first contribution in #57
- @divyat2605 made their first contribution in #62
- @wali-reheman made their first contribution in #69
- @bte808 made their first contribution in #67
- @Aakif-Kohari made their first contribution in #71
- @Jokasan made their first contribution in #75
Full Changelog: v0.1.9-beta...v0.2.0-beta
Contributors
Assets 12
v0.1.9-beta
What's Changed
This is the biggest and most important PySpector release so far, as we introduced:
- A new modern and advanced pre-commit hook
- A new --stats flag that shows a bunch of useful performance metrics and scan info, in a structured ASCII table
- Automatic exclusion from scan of unittests, tests, and examples directories
- As well as a complete refactor and improvement of the whole Rust Core (and more specifically, of the Taint Analysis Engine), which reduced False Positives by 98%, while increasing by 5x scan speed, especially on huge monorepos (500k+ LoC)
- plus some minor bug fixes
Full Changelog: v0.1.8-beta...v0.1.9-beta
v0.1.8-beta
What's Changed
Fixed a vulnerability leading to arbitrary code execution via plugin bypass, adjusted docs, fixed a bug preventing the generation of html reports, and 2 other bugs preventing the --wizard and --supply-chain flag from working properly, expanded error messages during AST file parsing and added a new cli flag to enable python SyntaxWarning, and last we (finally) expanded support for Python up to the latest v3.14
Full Changelog: v0.1.7-beta...v0.1.8-beta
v0.1.7-beta
Patches for 2 major vulnerabilities + minor docs updates and bug fixes
Full Changelog: v0.1.6-beta...v0.1.7-beta
v0.1.6-beta: Fixed some major and minor bugs, improved docs, added new --supply-chain flag
What's Changed
- Improved error handling for scan engine failures by @bhanupratapvk06 in #30
- Added reporting.py unit test v1 by @f4berack in #31
- Replace oversized int literals with 0 to avoid json.dumps 4300-digit conversion limit by @satoridev01 in #35
- Fix panic on non-UTF-8 file paths in analysis walker by @satoridev01 in #34
- Use relative paths instead of absolute paths by @satoridev01 in #33
Full Changelog: v0.1.5-beta...v0.1.6-beta
Contributors
Assets 8
v0.1.5-beta: Inter-Procedural Taint Analysis & Graph-Based Engine Upgrade
What's New in v0.1.5
This release introduces a fundamental architectural shift in PySpector's core analysis engine, moving from local AST matching to project-wide graph-based tracking (finally, i would say lol)
Core Engine Upgrades
- Inter-Procedural Analysis: Track tainted data as it moves across function boundaries using global fixed-point iteration.
- Flow-Sensitive CFG: A brand new Control Flow Graph (CFG) engine ensures PySpector understands the execution order, significantly reducing false positives.
- Function Summaries: Introduced context-sensitive mapping to track how specific parameters flow into return values.
Bug Fixes
- Resolved a critical error in the Call Graph builder where function definitions were misidentified.
- Fixed edge-case handling in the Rust core during complex branch merging.
Documentation
- README updated with deep-dives into the new engine architecture and inter-procedural examples.
Full Changelog: v0.1.4-beta-hotfix...v0.1.5-beta
Hotfix: Fixed bug preventing SARIF reports from being created, fixed versioning throughout the codebase to reflect the current version, added stupid ass jokes cause if i'm already crying for my code, a laugh helps out
Hotfix: Fixed bug preventing SARIF reports from being created, fixed versioning throughout the codebase to reflect the current version, added stupid ass jokes cause if i'm already crying for my code, a laugh helps out
Full Changelog: v0.1.4-beta...v0.1.4-beta-hotfix
v0.1.4-beta: Minor improvements, a couple of bug fixes and a major website update with also a new design
Minor improvements, a couple of bug fixes and a major website update with also a new design.
Full Changelog: v0.1.3-beta...v0.1.4-beta
v0.1.3-beta: Major Bux Fixes, added plugin system to allow the creation of community plugins that go together with PySpector, added an AI exploit generator plugin for PySpector, updated docs
Major Bux Fixes, added plugin system to allow the creation of community plugins that go together with PySpector, added an AI exploit generator plugin for PySpector, updated docs.
Full Changelog: v0.1.3-beta...v0.1.3-beta
v0.1.2-beta: Major Bug fix in AST Analysis, minor documentation and rules enhancements
Major Bug fix in AST Analysis, minor documentation and rules enhancements
Full Changelog: v0.1.1-beta...v0.1.2-beta