Update sobelow analyzer to use sobelow 0.10.2
Our sobelow analyzer uses hex to install the sobelow OSS software in its Dockerfile. We're currently using v0.8.0 of that tool, however there have been a number of versions which have come out since then. The current latest version is v0.10.2.
v0.10.2 changes
- Bug fixes
- Fix a format error in JSON output encoding
v0.10.1 changes
- Bug fixes
- Sobelow will use
.sobelow-skips
instead of.sobelow
in your root directory for--mark-skip-all
- Sobelow will use
v0.10.0 changes
- Enhancements
- Sobelow now uses
~/.sobelow/sobelow-vsn-check
for update checks - The
.sobelow
file in your project root is for--mark-skip-all
only
- Sobelow now uses
v0.9.3 changes
- Enhancements
- Improved checks for all aliased functions
- Bug Fixes
- JSON output for Raw findings is now properly normalized
- send_download correctly flags aliased function calls
- send_download now correctly flags piped functions
v0.9.2 changes
- Bug Fixes
- Fix error that resulted from redefining imported functions
v0.9.1 changes
- Bug Fixes
- Revert umbrella app recursion
v0.9.0 changes
- Enhancements
- Add --mark-skip-all and --clear-skip flags
- New CSRF via action reuse checks
- Sobelow can now be run in umbrella apps
- Bug Fixes
- Fix an error when printing some kinds of variables
Edited by Thomas Woodham