Releases: secdec/attack-surface-detector-cli
v1.3.8
This release updates the ASTAM HAM endpoint detection dependency to 1.3.8.
Compared to the previous v1.3.5 release, this includes an update to Spring MVC parsing (1.3.6) and a fix for empty file paths when parsing Struts projects on UNIX-based hosts (1.3.8).
This release also fixes a bug where the -help flag always required that a source code path be specified. Now the -help flag can be used on its own.
1.3.5
This release updates the ASTAM HAM endpoint detection dependency to 1.3.5.
1.3.4
This release updates the ASTAM HAM endpoint detection dependency to 1.3.4 and adds relevancy comparison checks to the validation process for generated endpoints.
1.3.3
This release updates the ASTAM HAM endpoint detection dependency to 1.3.3.
1.3.2
1.3.1
This release corrects an error in the -help output for some commands and includes some changes to prevent source code information leaks in JSON output.
The -json flag now outputs endpoints without embedding source code information by default. Combining the -json flag with -include-source includes source code information with the generated JSON. This consists of: function start line number, source code file path (relative to project root.)
1.3.0
This release updates the ASTAM HAM endpoint detection dependency to 1.3.0, includes a -help flag, and changes the -json and -simple-json flags to -full-json and -json, respectively.
Plugins consuming JSON output from this tool should only accept simple-format JSON (-simple-json in previous versions, -json in the current version.) Full-format JSON can expose information regarding the source code structure of the web application.