All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Support
usedforsecurity=False
parameter to hashlib constructors (#39)
- Support for Python 3.10
- Support for Flake8 4 (#36)
- Support for Python 2.7 (#3)
- Support for Python 3.9 (#32)
- False positive for
DUO107
whenxml.etree.ElementTree.{Element,SubElement}
used (#28) - False positive for
DUO116
whenshell=False
used (#31)
- Support for Python 3.5
- False positive for
DUO138
when expressions aren't backtrackable (#14)
- Cache namespace results and minimize kwarg checks by grouping similar rules - ~500% speed up (#18)
- Only run linters that are selected - speed up depends on number of linters seleted (#19)
- The
--print-dlint-linters
flag on Windows (#17)
- Crash in
DUO138
when malformed regular expression (#15)
DUO137
: lint for insecure itsdangerous kwarg usage (#36)DUO138
: lint for regular expression catastrophic backtracking in re module (#41)
- False positive for
DUO137
when kwarg missing (#39)
- False negative with arbitrary depth from import alias in bad module attribute (#32)
- False negative with arbitrary depth from import wildcard in bad module attribute (#33)
- False positive with
input
as variable name (#31)
DUO116
: rule forsubprocess.run
(#24)- The
--print-dlint-linters
command-line flag to print all Dlint linters (#26) DUO136
: lint for insecure xmlsec usage (#27)
- Visitor strategy to minimize node visits - ~25% speed up (#28)
- False negative with nested imports in bad module attribute (#30)
dlint.linters.helpers.bad_kwarg_use
: use ofattribute_name
in favor of fully specifiedmodule_path
(#19)dlint.tree
: use ofkwarg_attribute
in favor ofkwarg_module_path
(#21)dlint.linters.helpers.bad_name_attribute_use
: use of attribute list in favor of fully specified module path (#20)
- Support for Python 3.8 (#12)
DUO134
: lint for insecure cryptography usage (#6)DUO135
: lint for insecure defusedxml usage (#5)
dlint.linters.helpers.bad_kwarg_use
: use ofattribute_name
in favor of fully specifiedmodule_path
(#19)dlint.tree
: use ofkwarg_attribute
in favor ofkwarg_module_path
(#21)dlint.linters.helpers.bad_name_attribute_use
: use of attribute list in favor of fully specified module path (#20)
- False negative when deep imports are not fully specified in bad module attribute (#1)
- False negative - consider
async
functions in bad name attribute (7bd249e) - False negative in various import scenarios when using
attribute_name
in bad kwarg (#19) - False negative in various import scenarios when using
kwarg_attribute
in bad kwarg (#21) - False negative in various import scenarios when using attribute list in bad name attribute (#20)
DUO133
: lint for pycrypto usage (#7)
- False positive when bad builtin is overwritten by import (#16)
- False negative when bad module attribute uses import alias (#2)
- False positive when bad module attribute not imported (#14)
- Support for Python 3.5 and 3.7 (#9)
DUO131
: lint for disabling urllib3 warningsDUO132
: lint for disabling urllib3 HTTPS certification verification
FormatStringLinter
, previouslyDUO104
, as it was a disabled expirement (#15)
- Initial public release of Dlint