Skip to content

Releases: Skyscanner/cfripper

1.13.2

20 Apr 08:42
@w0rmr1d3r w0rmr1d3r
1.13.2
75c0d7c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.13.2

[1.13.2]

Fixes

  • Fixes docs formatting with #235
Assets 2
Loading

1.13.1

23 Sep 07:50
@w0rmr1d3r w0rmr1d3r
1.13.1
02c9e69
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.13.1

[1.13.1]

Fixes

  • Fixes GenericResourcePartialWildcardPrincipalRule and GenericCrossAccountTrustRule message, since sometimes it was bad-formatted in markdown.
Assets 2
Loading

1.13.0

17 Aug 15:51
@w0rmr1d3r w0rmr1d3r
1.13.0
b2cb2ca
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.13.0

[1.13.0]

Additions

  • Default logging level from INFO to WARNING #230

Updates

  • GenericResourceWildcardPrincipalRule (therefore GenericResourcePartialWildcardPrincipalRule and GenericResourceFullWildcardPrincipalRule as well) now ignores AWS::KMS::ReplicaKey. It as the same use case as a AWS::KMS::Key.

Fixes

  • Update GenericWildcardPrincipalRule, FullWildcardPrincipalRule, GenericResourceWildcardPrincipalRule and GenericResourceFullWildcardPrincipalRule message, since sometimes it was bad-formatted in markdown.
Assets 2
Loading

1.12.0

01 Jun 15:38
@oscarbc96 oscarbc96
1.12.0
3c7b068
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.12.0

Improvements

  • Refactored the KMSKeyWildcardPrincipalRule rule

Updates

  • Update GenericWildcardPrincipalRule, PartialWildcardPrincipalRule and GenericResourcePartialWildcardPrincipalRule message
  • Update docs

Fixes

  • Fix GenericWildcardPrincipalRule that could add a false-positive
  • Fix GenericWildcardPrincipalRule that wasn't handling canonical IDs
  • Fix unit tests
Assets 2
Loading

1.11.0

30 May 13:48
@w0rmr1d3r w0rmr1d3r
1.11.0
2154f25
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.11.0

[1.11.0]

Additions

  • New regex REGEX_CONTAINS_WILDCARD to check for any wildcard

Updates

  • GenericResourceWildcardPolicyRule now uses REGEX_CONTAINS_WILDCARD instead of REGEX_HAS_STAR_OR_STAR_AFTER_COLON.
  • Bump dev dependency moto to ==3.1.9.
Assets 2
Loading

1.10.0

23 May 09:26
@w0rmr1d3r w0rmr1d3r
1.10.0
1385c7a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.10.0

[1.10.0]

Improvements

  • GenericCrossAccountTrustRule can now scan IAM Roles correctly as CrossAccountTrustRule does

Additions

  • New rule: RDSSecurityGroupIngressOpenToWorldRule

Updates

  • Bumped minimum pycfmodel version to 0.20.0
Assets 2
Loading

1.9.0

19 Apr 11:04
@w0rmr1d3r w0rmr1d3r
1.9.0
8c8c924
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.9.0

[1.9.0]

Improvements

  • CFRipper is now compatible with Python3.10
  • CFRipper is now able to detect new types of wildcard usage.
  • Default config will now detect lambda resource wildcards as through IAM overpowered roles.

Fixes

  • Fixed docs creation

Updates

  • Bump dev dependency moto to allow >=3.0.0.
Assets 2
Loading

1.8.0

06 Apr 06:27
@w0rmr1d3r w0rmr1d3r
1.8.0
ade94e2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.8.0

[1.8.0]

Improvements

  • Pin click to at least version 8.0.0.
  • Update black to 22.3.0, and run make format with this new version of black.
Assets 2
Loading

1.7.1

01 Apr 14:08
@w0rmr1d3r w0rmr1d3r
1.7.1
d442689
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.7.1

[1.7.1]

Fixes

  • EBSVolumeHasSSERule can now understand encrypted_status if modelled as a bool.
  • Add support to EC2SecurityGroupOpenToWorldRule for use cases where ports are not defined in the CloudFormation template. By default, this means all ports are included.

Updates

  • Updated EBSVolumeHasSSERule to iterate only over AWS::EC2::Volume resources.
  • Update RuleConfig documentation.

Improvements

  • Bump pycfmodel to 0.18.0.
Assets 2
Loading

1.7.0

23 Mar 13:40
@w0rmr1d3r w0rmr1d3r
1.7.0
c7c7693
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.7.0

[1.7.0]

Updates

  • Added resource_types to failures.
Assets 2
Loading