Releases: rbidou/pyrasp
Releases · rbidou/pyrasp
PyRASP - 0.8.3
New features
- New XSS and SQL injection machine learning engines
Improvements
- SQL Injection grammatical analysis was removed to improve performances and lower false-positive rate
Bug fix
- XSS and SQL injection tests won't fail when model is not loaded
- Fix Base64 decoding, which was a little bit too invasive
- Log only mode was sending empty response on Flask
Limitation
- Version 0.8.3 is not available on AWS Lambda Functions
- AWS Lambda support will be provided in next version
PyRASP - 0.8.2
New feature
- Attack details display with verbose level = 100+
Improvements
- Improved JSON data analysis recursion
- Lowered TCP logs connection timeout
Bug fix
- Removed a debug output when analyzing json data
- Specific payloads may crash XSS detection engine
- Fixed an SQL Injection false positive
- Fixed requirements.txt for build from sources
PyRASP - 0.8.1
New features
- Zero-Trust Application Access
Improvements
- Noticeably improved documentation by fixing typos, dead links, etc.
Bug fix
- Fixed several issues in agents for AWS, GCP and Azure serverless functions
- XSS check would fail while testing very specific JSON content
License
- License changed to CC BY-NC-SA 4.0 (https://creativecommons.org/licenses/by-nc-sa/4.0/)
PyRASP - 0.7.2
New features
- Application routes are sent when first connecting to configuration server (cloud operations)
- New API functions:
- set_config(): change configuration from the protected application
- get_routes(): get routes defined in the applications
Improvements
- Handling of nested base64-encoded JSON structures
- Added explicit versions in dependencies requirements
Bug fix
- No security engine was activated when running with default configuration
PyRASP - 0.7.1
New features
- Added detection engine and machine learning score in SQLI and XSS attack logs
- Added request path in JSON security logs
Improvements
- Improved JSON extraction from headers values
- Improved SQL injection grammatical analysis to prevent some false-positive
- Country identification in logs can be disabled via the RESOLVE_COUNTRY configuration option
- Leaked data can be logged by setting the DLP_LOG_LEAKED_DATA configuration option to True (default: False)
Bug fix
- Some cookie values were not properly processed
- PyRASP would crash at launch if SQL injection or XSS protections are not activated
PyRASP - 0.7.0
New features
- PyRASP classes API
Improvements
- Improved ML engines for SQL Injection and XSS detection
- Default SQL Injection detection probabilities raised to 0.85
- Default XSS detection probabilities raised to 0.70
- Attack payloads are now base64 encoded in logs
Bug fix
- Flask agent was still processing page, even if attack was detected
PyRASP - 0.6.2
v0.6.2
PyRASP - 0.6.1
v0.6.1
PyRASP - 0.6.0
v0.6.0
PyRASP - 0.5.1
v0.5.1