Merge from dev for release v2.0.0 #341

emilejq · 2023-10-31T12:09:41Z

New Features

Added support for requests keyword arguments (method, params, data, json, headers, cookies, auth, timeout, allow_redirects, proxies, verify, cert)

CLI

Added support for requests keyword arguments (same as above)
Add the option to configure SSL verification and requests keyword arguments on a per-target basis when bulk scanning
Added a prompt when a scheme is not provided during single scanning
Added shorthand options for all options (not including requests keyword arguments)
POSSIBLE BREAKING CHANGE --verify moved to request args. --verify-enable replaced with --verify
POSSIBLE BREAKING CHANGE --certs/--certificates replaced with --verify path/to/certificate/bundle
POSSIBLE BREAKING CHANGE --json replaced with --output json
POSSIBLE BREAKING CHANGE --rules replaced with --rules-file (for consistency with --rules-uri)

Bug Fixes

Added error handling so that the whole scan doesn't break if a single target isn't reachable when bulk scanning Advance the json output option to produce a valid empty json in case a scanned target is not reachable. #294

Other

Deprecated support for Python <3.8. Added support for Python 3.8 - 3.11
Changed the default HTTP request method from GET to HEAD when retrieving headers from remote endpoint
Add a default timeout of 5 seconds to HTTP requests when retrieving headers from remote endpoint
Default behaviour to follow redirects when retrieving headers from remote endpoint
Added code coverage check to the pipeline (min 80% required)
Use isolated tox environments for pipeline checks & local testing
POSSIBLE BREAKING CHANGE Removed top-level Headers key from the rules specification
POSSIBLE BREAKING CHANGE Changed request_headers argument in main class to headers
POSSIBLE BREAKING CHANGE Moved rules.yml to resources folder
General refactoring & maintenance

Bumps [actions/create-release](https://github.com/actions/create-release) from 1.0.1 to 1.1.4. - [Release notes](https://github.com/actions/create-release/releases) - [Commits](actions/create-release@v1.0.1...v1.1.4) --- updated-dependencies: - dependency-name: actions/create-release dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [actions/upload-release-asset](https://github.com/actions/upload-release-asset) from 1.0.1 to 1.0.2. - [Release notes](https://github.com/actions/upload-release-asset/releases) - [Commits](actions/upload-release-asset@v1.0.1...v1.0.2) --- updated-dependencies: - dependency-name: actions/upload-release-asset dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 1 to 4. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v1...v4) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v3.1.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

…hub_actions/develop/actions/create-release-1.1.4 Bump actions/create-release from 1.0.1 to 1.1.4

…hub_actions/develop/actions/upload-release-asset-1.0.2 Bump actions/upload-release-asset from 1.0.1 to 1.0.2

…hub_actions/develop/github/codeql-action-2 Bump github/codeql-action from 1 to 2

…hub_actions/develop/actions/setup-python-4 Bump actions/setup-python from 1 to 4

…hub_actions/develop/actions/checkout-3.1.0 Bump actions/checkout from 2 to 3.1.0

Bumps [watchdog](https://github.com/gorakhargosh/watchdog) from 2.1.7 to 3.0.0. - [Release notes](https://github.com/gorakhargosh/watchdog/releases) - [Changelog](https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst) - [Commits](gorakhargosh/watchdog@v2.1.7...v3.0.0) --- updated-dependencies: - dependency-name: watchdog dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.3.2 to 7.2.7. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@6.3.2...7.2.7) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [responses](https://github.com/getsentry/responses) from 0.20.0 to 0.23.3. - [Release notes](https://github.com/getsentry/responses/releases) - [Changelog](https://github.com/getsentry/responses/blob/master/CHANGES) - [Commits](getsentry/responses@0.20.0...0.23.3) --- updated-dependencies: - dependency-name: responses dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [tabulate](https://github.com/astanin/python-tabulate) from 0.8.9 to 0.9.0. - [Changelog](https://github.com/astanin/python-tabulate/blob/master/CHANGELOG) - [Commits](astanin/python-tabulate@v0.8.9...v0.9.0) --- updated-dependencies: - dependency-name: tabulate dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [pyyaml](https://github.com/yaml/pyyaml) from 6.0 to 6.0.1. - [Changelog](https://github.com/yaml/pyyaml/blob/6.0.1/CHANGES) - [Commits](yaml/pyyaml@6.0...6.0.1) --- updated-dependencies: - dependency-name: pyyaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Remove Travis CI integration * Deprecate support for Python <3.8

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.4.0 to 4.18.4. - [Release notes](https://github.com/python-jsonschema/jsonschema/releases) - [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst) - [Commits](python-jsonschema/jsonschema@v4.4.0...v4.18.4) --- updated-dependencies: - dependency-name: jsonschema dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 4.3.0 to 7.1.2. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/master/CHANGES) - [Commits](sphinx-doc/sphinx@v4.3.0...v7.1.2) --- updated-dependencies: - dependency-name: sphinx dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [m2r2](https://github.com/crossnox/m2r2) from 0.3.2 to 0.3.3.post2. - [Changelog](https://github.com/CrossNox/m2r2/blob/development/CHANGES.md) - [Commits](CrossNox/m2r2@v0.3.2...v0.3.3.post2) --- updated-dependencies: - dependency-name: m2r2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [wheel](https://github.com/pypa/wheel) from 0.38.1 to 0.41.1. - [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst) - [Commits](pypa/wheel@0.38.1...0.41.1) --- updated-dependencies: - dependency-name: wheel dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [tox](https://github.com/tox-dev/tox) from 4.6.4 to 4.8.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.6.4...4.8.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.18.4 to 4.19.0. - [Release notes](https://github.com/python-jsonschema/jsonschema/releases) - [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst) - [Commits](python-jsonschema/jsonschema@v4.18.4...v4.19.0) --- updated-dependencies: - dependency-name: jsonschema dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [twine](https://github.com/pypa/twine) from 3.8.0 to 4.0.2. - [Release notes](https://github.com/pypa/twine/releases) - [Changelog](https://github.com/pypa/twine/blob/main/docs/changelog.rst) - [Commits](pypa/twine@3.8.0...4.0.2) --- updated-dependencies: - dependency-name: twine dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.5.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3.1.0...v3.5.3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Kwargs for HTTP call when init drheader instance * Change default HTTP method when retrieving headers to HEAD * Request kwargs input options for CLI * Integration tests for CLI * Update documentation for the CLI

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 4.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3.5.3...v4.0.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [tox](https://github.com/tox-dev/tox) from 4.8.0 to 4.11.3. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.8.0...4.11.3) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.19.0 to 4.19.1. - [Release notes](https://github.com/python-jsonschema/jsonschema/releases) - [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst) - [Commits](python-jsonschema/jsonschema@v4.19.0...v4.19.1) --- updated-dependencies: - dependency-name: jsonschema dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [wheel](https://github.com/pypa/wheel) from 0.41.1 to 0.41.2. - [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst) - [Commits](pypa/wheel@0.41.1...0.41.2) --- updated-dependencies: - dependency-name: wheel dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.0.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.0.0...v4.1.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: emilejq <[email protected]>

Bumps [wheel](https://github.com/pypa/wheel) from 0.41.2 to 0.41.3. - [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst) - [Commits](pypa/wheel@0.41.2...0.41.3) --- updated-dependencies: - dependency-name: wheel dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.19.1 to 4.19.2. - [Release notes](https://github.com/python-jsonschema/jsonschema/releases) - [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst) - [Commits](python-jsonschema/jsonschema@v4.19.1...v4.19.2) --- updated-dependencies: - dependency-name: jsonschema dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

… job (#342)

dependabot bot and others added 30 commits April 18, 2022 10:17

Merge pull request #235 from Santandersecurityresearch/dependabot/git…

a20dcbd

…hub_actions/develop/actions/create-release-1.1.4 Bump actions/create-release from 1.0.1 to 1.1.4

Merge pull request #237 from Santandersecurityresearch/dependabot/git…

ce070da

…hub_actions/develop/actions/upload-release-asset-1.0.2 Bump actions/upload-release-asset from 1.0.1 to 1.0.2

Merge pull request #240 from Santandersecurityresearch/dependabot/git…

2a5bd83

…hub_actions/develop/github/codeql-action-2 Bump github/codeql-action from 1 to 2

Merge pull request #249 from Santandersecurityresearch/dependabot/git…

b060cd4

…hub_actions/develop/actions/setup-python-4 Bump actions/setup-python from 1 to 4

Merge pull request #270 from Santandersecurityresearch/dependabot/git…

8ce357b

…hub_actions/develop/actions/checkout-3.1.0 Bump actions/checkout from 2 to 3.1.0

Run Flake8 & Safety in isolated Tox environments

d7887f8

Deprecate support for older versions of Python

68ea937

* Remove Travis CI integration * Deprecate support for Python <3.8

Run Bandit using tox

9e522ad

Add timeout to request to get rules from URL

b63c258

Rename validation methods

840f228

Make ValidatorBase an abstract base class

0cdbc3a

Run unit tests using tox; Add coverage check to pipeline

ed21e35

Code cleanup & maintenance

873da6c

dependabot bot and others added 27 commits August 14, 2023 15:49

Set source directory for coverage

46b78db

Use kwargs for HTTP options when retrieving headers

a2e8327

Minor changes

1916a71

Reorganise load rules from file/URI

a1dfe84

CLI refactoring

38bc742

Move CLI into separate folder

00ea1bf

Configuration options for HTTP request (#335)

2950684

* Kwargs for HTTP call when init drheader instance * Change default HTTP method when retrieving headers to HEAD * Request kwargs input options for CLI * Integration tests for CLI * Update documentation for the CLI

Disable avoid & contain validations when enforced value validation

458b3c2

Improved error handling in the CLI

dd1c08b

Default behaviour to follow redirects

659110c

Include references to other README files

647f150

Update out of date info in the README

683ed80

Add shorthand options to the CLI

bcb1e87

Remove headers key from rules spec

e5fb83f

Move rules.yml to resources folder

69ef55c

Update manifest

afc2420

Bump major version to 2.0.0

9454cf3

Separate steps to bump version in pull request action into a separate…

8a6d1e9

… job (#342)

Bump version: 1.7.0 → 2.0.0

e8ddb0e

javixeneize approved these changes Oct 31, 2023

View reviewed changes

emilejq merged commit b5d7a41 into master Oct 31, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge from dev for release v2.0.0 #341

Merge from dev for release v2.0.0 #341

emilejq commented Oct 31, 2023

Merge from dev for release v2.0.0 #341

Merge from dev for release v2.0.0 #341

Conversation

emilejq commented Oct 31, 2023

New Features

CLI

Bug Fixes

Other