Releases: doyensec/electronegativity
Releases · doyensec/electronegativity
v1.10.0 Release
v1.9.1 Release
v1.9.0 Release
- A new Github Action for the tool is available at doyensec/electronegativity-action to easily integrate Electronegativity in your continuous integration pipeline
- Improved
LimitNavigationGlobalCheck6a8639e - Global checks can now be disabled using inline annotations #78
- Dependencies upgrade dc2a6b2, 2dca108
v1.8.1 Release
v1.8.0 Release
- Allow inline annotations in source code to ignore a check (
// eng-disable) #78 - Introduce a new exclusion flag (
-x) to exclude specific checks 1497db6 - The verbose flag (
-v) is now enabled by default, the checks descriptions will now be shown in the results table 733e44a - Add options for parser plugins (
-por--parser-plugins <plugins>) #76 - Fix false positive for global navigation check in typescript #77
- Upgrade npm dependencies
Thanks to @bchurchill for the last two PRs!
v1.7.0 Release
- Don't require
customScanwhen running programmatically #72 - Don't fail in
CSPGlobalCheckif CSP is invalid #68, 86fb1ed - Better Electron version detection #67
- Consider Electron version and update checks according to new defaults (fixes #23, #58) #66
- Update
NodeIntegrationJSCheckto respect the default changes 3d1beb7 - Pass
webPreferencesdefaults to checkers 29a8627 - Don't fail in version check if Electron version is unknown #65
...and other non-tracked issues
Thanks @baltpeter for the valuable contributions on this release! <3
v1.6.0 Release
- Electronegativity now features a Node API-friendly function that can be used programmatically (thanks @baltpeter!) #59
const run = require('@doyensec/electronegativity')
// or: import run from '@doyensec/electronegativity';
run({
// input (directory, .js, .html, .asar)
input: '/path/to/electron/app',
// save the results to a file in csv or sarif format (optional)
output: '/path/for/output/file',
// true to save output as sarif, false to save as csv (optional)
isSarif: false,
// only run the specified checks
customScan: ['dangerousfunctionsjscheck', 'remotemodulejscheck'],
// only return findings with the specified level of severity or above (optional)
severitySet: 'high',
// only return findings with the specified level of confidence or above (optional)
confidenceSet: 'certain',
// show relative path for files (optional)
isRelative: false,
// run Electron upgrade checks, eg -u 7..8 to check upgrade from Electron 7 to 8 (optional)
electronUpgrade: '7..8'
})
.then(result => console.log(result))
.catch(err => console.error(err));v1.5.2 Release
- Add Electron upgrade checks to Electronegativity. The intention of this feature is for developers to discover the breaking changes that will affect them when they upgrade to a newer version of Electron. As it currently stands this feature will add checks for Electron versions 5-8. To use this feature a new argument
-uor--upgradehas been added (thanks @jkleinsc!) #60 - Add new Remote Module Check #57
- Fix a dependency issue of Electronegativity preventing it from running properly #63
- The Electron releases' file is now stored in the correct temporary path for every OS #54
v1.4.0 Release
- This minor release includes several bug fixes for #56, #54, 81d48a8, and other non-tracked issues
- Support for
nodeintegrationinsubframesboth for JS/HTML resources #52 - Introduced of a global check called
HTTP_RESOURCES_WITH_NODE_INTEGRATION_GLOBAL_CHECKto review the use of plain HTTP resources loaded in node-integrated contexts 71acdd8 - Migrated to cli-table3, word wrapping in columns is now working correctly
- Introduced the
-v(--verbose) flag to display the issues' short description 6e14dc8