Releases: Checkmarx/kics
v1.7.9
🚀 New features and improvements
feat(query): ansible config communication_over_http in #6627
feat(query): ansible config privilege_escalation_using_become_plugin in #6628
feat(query): ansible config logging_of_sensitive_data in #6697
feat(query): ansible playbooks privilege escalation using become plugin in #6695
feat(query): ansible playbooks Unpinned Package Version in #6693
feat(query): ansible playbooks Insecure Relative Path Resolution in #6705
feat(query): ansible playbooks Logging of Sensitive Data in #6700
feat(query): ansible playbooks risky file permissions in #6694
feat(engine): experimental features queries scan in #6614
feat(query): github workflows script injection query in #6744
feat(query): added cicd github query unsecured commands in #6720
feat(query): github workflows run injection query in #6742
🐛 Bug fixes
fix(security): critical CVEs in terraform and terraform-provider-azurerm by @jeremypetit-grtgaz in #6701
👻 Maintenance
docs(guides): changed code-ql action to v2 due to v1 depecration by @LuisVentuzelos in #6750
docs(queries): update queries catalog in #6732
update(doc): adding aws cdk integration in #6740
New Contributors
@jeremypetit-grtgaz made their first contribution in #6701
@LuisVentuzelos made their first contribution in #6750
Contributors
Assets 3
v1.7.8
🚀 New features and improvements
feat(engine): added github workflows scan in #6664
feat(query): unpinned actions full length commit sha in #6698
feat(query): ansible hosts ansible tower exposed to internet in #6691
feat(query): ansible config allow unsafe lookups in #6626
feat(query): ansible playbooks communication over http in #6687
feat(panic): add panic handler to terraform parser by @liorj-orca in #6726
🐛 Bug fixes
fix(workflows): fixed action's pin in #6689
fix(query): ca certificate identifier is outdated tf aws in #6683
fix(engine): added condition to check if gitignore is not empty to fix unit tests in #6706
fix(query): dockercompose Host Namespace is Shared in #6719
fix(test): e2e name in #6685
📦 Dependency updates bumps
ci(deps): bump golang from 1.20.7-alpine to 1.21.0-alpine in #6623
👻 Maintenance
update(docs): adding github icon into readme and docs website in #6722
update(comments): comments related to files extensions updated in #6696
docs(queries): update queries catalog in #6699
Contributors
Assets 3
v1.7.7
🚀 New features and improvements
feat(panic): add panic handler to possible panic places in #6527
🐛 Bug fixes
fix(query): query search_key now contains correct value of resource in #6655
fix(workflow): skip apache license workflow if user is a bot in #6657
fix(parser): added condition in convertExpression in #6635
fix(engine): skip broken symlink/eloop by @liorj-orca in #6665
fix(parser): support nameless tf resources by @liorj-orca in #6510
fix(query): support GCP IAM policy members as lists by @Tohar-orca in #6548
👻 Maintenance
update(doc): kics github action version update in #6667
docs(queries): update queries catalog in #6662
Contributors
Assets 3
v1.7.6
🚀 New features and improvements
feat(query): docdb logging is disabled for pulumi in #6556
feat(query): docdb logging is disabled for crossplane in #6557
feat(query): docdb logging is disabled for cloudformation in #6555
feat(parser): ansible inventory in #6516
feat(query): amazon rds db instance publicly accessible query for pulumi in #6562
feat(query): rds DB Instance Publicly Accessible for Crossplane in #6615
feat(parser): ansible configuration support in #6595
feat(engine): add kics analyze command in #6582
feat(workflow): github workflow to check for apache license in #6606
feat(workflow): new github workflow that checks the PR's Go coverage in #6656
🐛 Bug fixes
fix(query): db instance publicly accessible ansible query refactor in #6558
fix(query): amazon db instance publicly accessible for terraform query refactor in #6560
fix(query): alicloud rds instance address publicly accessible terraform query refactor in #6559
fix(query): amazon rds db instance publicly accessible query refactor in #6561
fix(workflow): fix Pwn Request Vulnerability by @AdnaneKhan in #6638
fix(query): fixed terraform azure query where min_tls_version was not accepting string in #6622
fix(workflows): fixed community label being added to bots prs and pr titles in other workflows in #6597
fix(coverage): add test for analyze command in #6654
fix(test): kics go coverage in #6658
📦 Dependency updates bumps
build(deps): bump github.com/emicklei/proto from 1.11.1 to 1.11.2 in #6380
build(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.2 in #6502
ci(deps): bump lots0logs/gh-action-get-changed-files from 2.1.4 to 2.2.2 in #6406
build(deps): bump github.com/hashicorp/terraform-json from 0.15.0 to 0.16.0 in #6279
ci(deps): bump golang from 1.20.6-alpine to 1.20.7-alpine in #6588
👻 Maintenance
docs(main): add discord invite to readme by @baruchiro in #6570
docs(queries): update queries catalog in #6612
New Contributors
- @baruchiro made their first contribution in #6570
- @AdnaneKhan made their first contribution in #6638
Contributors
Assets 3
v1.7.5
🚀 New features and improvements
feature(engine): upgrade engine error handling for self ref in yaml/json files in #6532
feat(workflow): added github workflow to validate pr title in #6537
feat(workflow): added github workflow to add labels to issues according to its title in #6551
🐛 Bug fixes
fix(secrets): improve oAuthSecret secret to detect more valid characters in #6522
fix(regex): add Quotation mark in #6529
fix(query): non detection of . in vars for Terraform in #6534
fix(summary): add SearchLine Key to qItem in #6494
fix(query): transit_encryption attribute changed in #6477
fix(query): split One Query Policy in #6540
fix(query): add CidrIp Comparision in #6542
fix(query): add Allow Rule to Generic Private Key in #6538
fix(inspector): change regex special mask in #6535
fix(query): change ExpectedValue and ActualValue in #6543
fix(analyzer): remove optional dockercompose regex in #6539
📦 Dependency updates bumps
ci(deps): bump golang from 1.20.5-alpine to 1.20.6-alpine in #6512
👻 Maintenance
docs(queries): update queries catalog in #6546
update(docker): drop patch version from alpine docker tag in #6463
v1.7.4
🚀 New features and improvements
Remove searching for vuls in resolved files in #6500
🐛 Bug fixes
iam_access_analyzer_not_enabled Query Changed in #6490
fix(comment): Changed comment count in #6472
Fix FN in string due to bad allowRule matches in #6497
fix(query): ddd missing search value in response code missing query for open api in #6508
fix(regex): added regex into allow rule list in #6506
Fix(Extracted-Info) - Fix metadata.json from template being used in #6515
Fix(Regex) - fix putty file key query regex in #6517
Fix(Engine) - Fix resolver panic in #6519
fix(resolver): recover panic during resolve in #6511
Fix(Engine) - Json non ref being ref in #6518
fix(Tracker): Add Resolved File Lines' counter in #6501
fix missing queries in #6526
fix(regex): update regex allow rule in #6523
📦 Dependency updates bumps
build(deps): bump github.com/aws/aws-sdk-go from 1.44.227 to 1.44.295 in #6495
👻 Maintenance
Add assets to extractedinfo.zip in #6507
v1.7.3
🚀 New features and improvements
Add terraform vars path feature in #6456
feature(logs): Add Ignored Lines in #6447
🐛 Bug fixes
fix(sink): Added regex to subs "\r" (line break) in #6469
Bug(Engine) - Remove counting comments as references in Yaml in #6482
fix(query): Add SearchLine in #6487
fix(query): adding fuzzy version in #6492
👻 Maintenance
Update README.md in #6471
Add Terraform variables path docs in #6467
docs(update): terraform vars path in #6476
v1.7.2
🚀 New features and improvements
feat(query): Aurora With Disabled at Rest Encryption query for Terraform in #6392
feat(query): DynamoDB Table not Encrypted Query in #6400
Performance(Engine) - Increase Resolvers Performance by reutilizing resolved files in #6388
feat(query): EFS Volume With Disabled Transit Encryption in #6357
feat(query): Elasticsearch with HTTPS disabled for Ansible in #6393
feat(query): Elasticsearch with HTTPS disabled for CloudFormation in #6398
feat(query): Elasticsearch with HTTPS disabled for Pulumi in #6399
feat(query): Elasticsearch with HTTPS disabled for Terraform in #6394
feat(query): ec2 instance monitoring disabled for CloudFormation in #6401
feat(terraform/gcp): Add GKE Shielded Nodes is Disabled query for Terraform. by @bbergstrom in #6248
feat(query): Elasticsearch Log Disabled in #6410
feat(query): Elasticsearch with HTTPS disabled for CloudFormation in #6412
feat(query): Publicly Accessible Amazon DMS in #6352
Feature(Engine) Resolve internal/external section references in #6405
🐛 Bug fixes
Bug(query) - Fix not correct line for query RDS Storage Encryption Disabled in #6372
Bug(query) - Add query specificity for php composer in #6374
fix(query): KMS Key With Full Permissions in #6389
Bug(query) - Add support for v1 to query API Gateway V2 Stage Access Logging Settings Not Defined in #6371
bug(docs): Changed Light Scheme Name in #6415
fix(regex) - Fix generic password regex rule in #6461
fix(analyzer): Removed void Symlinks in #6452
📦 Dependency updates bumps
build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible in #6375
build(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 in #6271
build(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 in #6280
ci(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 in #6424
ci(deps): bump golang from 1.20.2-alpine to 1.20.4-alpine in #6337
ci(deps): bump golang from 1.20.4-alpine to 1.20.5-alpine in #6431
👻 Maintenance
Github Action tag update in #6368
Change severity of CloudTrail Log Files Not Encrypted With KMS to Medium and add edge case in #6369
Update kics-gh-action.yaml in #6382
remove unused allowRule in #6439
docs(secrets): add entropy info in #6421
chore(-): update gitlab sast schema to 15.0.6 by @stegojulia in #6426
fix(tests): update incomplete positive expected results in #6300
Dockerfile: upgrade alphine to 3.18.0 in #6428
docs(queries): update queries catalog in #6378
New Contributors
- @bbergstrom made their first contribution in #6248
- @stegojulia made their first contribution in #6426
Contributors
Assets 3
v1.7.1
🚀 New features and improvements
feat(secrets): add secrets mask to preview lines by @roy-yablonka in #6349
feat(documentation): add query page generator by @cx-ruiaraujo in #6313
🐛 Bug fixes
fix(bug): fix ignore lines with comments only at the end by @YosefNaftali in #6351
fix(analyser) Fix to ignore files (pnpm-lock.yaml) in #6297
fix(method): Added regex to calculate Levenshtein distance correctly in #6353
fix(query): Added SearchValue to diferentiate missing response codes in #6355
fix(query): add rule for generic access_key in #6360
👻 Maintenance
Deprecated doc update in #6358
docs(queries): update queries catalog in #6364
