Skip to content

Releases: pumasecurity/puma-scan

v2.4.11

01 Feb 14:49
@meadisu27 meadisu27
2.4.11
0ccc34d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.4.11 Latest
Latest

No rule updates. Created a new VSIX to enable use in Visual Studio 2022.

Assets 2
Loading

v2.4.7

12 Feb 14:02
@ejohn20 ejohn20
2.4.7
546d8fc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.4.7

No material updates to the scanner or rules. Closes the expired signing certificate for the VSIX file in the marketplace #68.

Assets 2
Loading

v2.4.6

13 Jul 13:52
@ejohn20 ejohn20
2.4.6
546d8fc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.4.6

Closes #63.

Assets 2
Loading

v2.3.0.0

08 Aug 14:30
@ejohn20 ejohn20
2.3.0.0
a34fdab
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.3.0.0

NuGet package enhancement only. The core rules engine remains the same. This release upgrades the parser utility for stopping automated builds. See details below.

Framework Enhancements

  • Parser utility shipped with the NuGet package was upgraded with a new --errors switch that takes a list of rule ids. If a rule id is found in the results, the parser returns an exit code of 1. This exit code can be used to stop a build if offending rules are found.

System Requirements

  • .NET Compiler API version 2.9
  • Puma Scan Visual Studio extension requires Visual Studio v15.8 or higher
Assets 3
Loading

v2.2.0.0

19 Jul 15:00
@ejohn20 ejohn20
2.2.0.0
e24154f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.2.0.0

Version 2.2.0.0 adds a few rules targeting .NET Core APIs:

Framework Enhancements

System Requirements

  • .NET Compiler API version 2.9
  • Puma Scan Visual Studio extension requires Visual Studio v15.8 or higher
Assets 4
Loading

Release-2.1.0.0

29 Mar 17:58
@ejohn20 ejohn20
v2.1.0.0
b8d7812
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Release-2.1.0.0

The version 2.1.0.0 is a release enhances the overall scanning framework with the following:

  • Puma.Security.Rules converted to netstandard2.0, which paves the way for us to run the analyzers in VSCode and inside a Docker container

  • Visual Studio Extension support for VS2019

System Requirements

  • .NET Compiler API version 2.9
  • Puma Scan Visual Studio extension requires Visual Studio v15.8 or higher
Assets 4
Loading

PREVIEW-2.1.0.0

28 Mar 21:30
@ejohn20 ejohn20
2.1.0.0
9484fc5
Compare
Choose a tag to compare
PREVIEW-2.1.0.0 Pre-release
Pre-release

v2.1.0.0 Preview

Version 2.1.0.0 is a preview release that enhances the overall scanning framework with the following:

  • Puma.Security.Rules converted to netstandard2.0, which paves the way for us to run the analyzers in VSCode and inside a Docker container

  • Visual Studio Extension support for VS2019

The NuGet package is not ready for preview, as we are still encountering issues referencing dependencies. That will be released in a coming version.

System Requirements

  • .NET Compiler API version 2.9
  • Puma Scan Visual Studio extension requires Visual Studio v15.8 or higher
Assets 3
Loading

Patch-2.0.0.1

10 Aug 04:33
@meadisu27 meadisu27
2.0.0.1
7a52253
Compare
Choose a tag to compare
Patch-2.0.0.1

v2.0.0.1

Version 2.00.1 uses the .NET Compiler API version 2.9. To use this version, you must be running at least Visual Studio 2017 v15.8. For more details, see the Roslyn NuGet Packages Wiki.

Patch release to:

  • correctly limit the extension package to Visual Studio 15.7+.
  • fix bug in the Code Block Analyzer to handle a more robust set of scenarios.

System Requirements

  • .NET Compiler API version 2.9
  • Puma Scan Visual Studio extension requires Visual Studio v15.8 or higher
Assets 4
Loading

Release-1.0.7

08 Aug 19:23
@ejohn20 ejohn20
1.0.7
03ab9ee
Compare
Choose a tag to compare
Release-1.0.7

v.1.0.7

Puma Scan v1.0.7 runs the Roslyn API version 1.3.2, which is supported by Visual Studio 2015 Update 2+ and all Visual Studio 2017 versions. This is the last Puma Scan version that supports Visual Studio 2015. For more details, see the Roslyn NuGet Packages Wiki.

Bug fix to improve performance issues that caused Visual Studio builds to hang when encountering unexpected syntax nodes in SEC0025, SEC0026, and SEC0028.

Git Issues Closed:

System Requirements

  • .NET Compiler API version 2.3
  • Puma Scan Visual Studio extension requires Visual Studio 2015 Update 3 or higher
Assets 4
Loading

Release-2.0

08 Aug 00:35
@meadisu27 meadisu27
2.0
f73ff8c
Compare
Choose a tag to compare
Release-2.0

v.2.0

Version 2.0 upgrades the Puma Scan analyzers to the current Roslyn API version 2.8.2. To use this version, you must be running at least Visual Studio 2017 v15.7. For more details, see the Roslyn NuGet Packages Wiki.

Framework enhancements

  • New code block analyzer base class
  • Consolidation of analyzers

New rules

  • SEC0115 - Insecure Random Number Generator
  • SEC0116 - Path Tampering: Unvalidated File Path
  • SEC0117 - LDAP Injection Path Assignment
  • SEC0118 - LDAP Injection Directory Searcher
  • SEC0119 - LDAP Injection Filter Assignment
  • SEC0031 - Command Injection: Process.Start
  • SEC0032 - Command Injection: ProcessStartInfo
Assets 4
Loading