Merge pull request #83 from lostsnow/feature/v1.1.4

lostsnow · web-flow · commit 1e59e4dd21d6 · 2021-12-18T17:05:35.000+08:00
bump version to v1.1.4
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,14 +2,20 @@
 
 ## Unreleased
 
+## [1.1.4](https://github.com/HXSecurity/DongTai-agent-python/releases/tag/v1.1.4) - 2021-12-18
+
 * FEATURES
   * Add [funchook](https://github.com/kubo/funchook) for Python C API functions/methods
   * Add `fstring` patch
   * Add `str/bytes/bytearray` `cformat(%)` patches
   * Add `str.__new__`, `bytes.__new__`, `bytearray.__init__` patches
   * Add `pickle.load`, `pickle.loads` hook rules for Insecure Deserialization detection
+  * Add some filtering rules for HTML escaping
+* BUGFIXES
+  * Fix `yaml.load` and `yaml.load_all` sink parameters check
 * CHANGES
   * Change `yaml.load`, `yaml.unsafe_load` strategy type to Insecure Deserialization
+  * For requests containing multiple sink methods, tracking is no longer stopped after the first sink method is detected
 * BUILD
   * Support for C extension build under Windows
   * Add build actions on Ubuntu/macOS/Windows
diff --git a/CHANGELOG_CN.md b/CHANGELOG_CN.md
@@ -2,14 +2,20 @@
 
 ## 尚未发布
 
+## [1.1.4](https://github.com/HXSecurity/DongTai-agent-python/releases/tag/v1.1.4) - 2021-12-18
+
 * 功能
   * 增加 [funchook](https://github.com/kubo/funchook) 用于 Python C API 相关的函数/方法
   * 增加 `fstring` 方法改写
   * 增加 `str/bytes/bytearray` `cformat(%)` 方法改写
   * 增加 `str.__new__`, `bytes.__new__`, `bytearray.__init__` 方法改写
   * 增加 `pickle.load`, `pickle.loads` 策略规则以检测不安全的反序列化漏洞
+  * 为 HTML 转义添加一些过滤规则
+* 修复
+  * 修复 `yaml.load` 以及 `yaml.load_all` 危险参数检查
 * 变更
   * 修改 `yaml.load`, `yaml.unsafe_load` 策略类型为不安全的反序列化
+  * 对于包含多个危险方法的请求, 在检测到第一个危险方法后不再停止跟踪
 * 构建
   * 支持 Windows 下 C 语言扩展构建
   * 添加 Ubuntu/MacOS/Windows 上的构建动作
diff --git a/README.ZH_CN.md b/README.ZH_CN.md
@@ -1,7 +1,7 @@
 ## DongTai-agent-python
 
-[![dongtai-project](https://img.shields.io/badge/DongTai-v1.1.3-blue)](https://github.com/HXSecurity/DongTai)
-[![dongtai--agent--python](https://img.shields.io/badge/DongTai--agent--python-v1.1.3-blue)](https://github.com/HXSecurity/DongTai-agent-python)
+[![dongtai-project](https://img.shields.io/badge/DongTai-v1.1.4-blue)](https://github.com/HXSecurity/DongTai)
+[![dongtai--agent--python](https://img.shields.io/badge/DongTai--agent--python-v1.1.4-blue)](https://github.com/HXSecurity/DongTai-agent-python)
 
 [![django-project](https://img.shields.io/badge/Supported%20versions%20of%20Django-3.0.x,3.1.x,3.2.x-blue)](https://www.djangoproject.com/)
 [![flask-project](https://img.shields.io/badge/Supported%20versions%20of%20Flask-1.0.x,1.1.x,1.2.x-blue)](https://palletsprojects.com/p/flask/)
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 ## DongTai-agent-python
 
-[![dongtai-project](https://img.shields.io/badge/DongTai-v1.1.3-blue)](https://github.com/HXSecurity/DongTai)
-[![dongtai--agent--python](https://img.shields.io/badge/DongTai--agent--python-v1.1.3-blue)](https://github.com/HXSecurity/DongTai-agent-python)
+[![dongtai-project](https://img.shields.io/badge/DongTai-v1.1.4-blue)](https://github.com/HXSecurity/DongTai)
+[![dongtai--agent--python](https://img.shields.io/badge/DongTai--agent--python-v1.1.4-blue)](https://github.com/HXSecurity/DongTai-agent-python)
 
 [![django-project](https://img.shields.io/badge/Supported%20versions%20of%20Django-3.0.x,3.1.x,3.2.x-blue)](https://www.djangoproject.com/)
 [![flask-project](https://img.shields.io/badge/Supported%20versions%20of%20Flask-1.0.x,1.1.x,1.2.x-blue)](https://palletsprojects.com/p/flask/)
diff --git a/dongtai_agent_python.egg-info/PKG-INFO b/dongtai_agent_python.egg-info/PKG-INFO
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dongtai-agent-python
-Version: 1.1.3
+Version: 1.1.4
 Summary: DongTai IAST Agent for Python
 Home-page: https://iast.huoxian.cn
 Author: songjinghao
@@ -23,8 +23,8 @@ License-File: LICENSE
 
 ## DongTai-agent-python
 
-[![dongtai-project](https://img.shields.io/badge/DongTai-v1.1.3-blue)](https://github.com/HXSecurity/DongTai)
-[![dongtai--agent--python](https://img.shields.io/badge/DongTai--agent--python-v1.1.3-blue)](https://github.com/HXSecurity/DongTai-agent-python)
+[![dongtai-project](https://img.shields.io/badge/DongTai-v1.1.4-blue)](https://github.com/HXSecurity/DongTai)
+[![dongtai--agent--python](https://img.shields.io/badge/DongTai--agent--python-v1.1.4-blue)](https://github.com/HXSecurity/DongTai-agent-python)
 
 [![django-project](https://img.shields.io/badge/Supported%20versions%20of%20Django-3.0.x,3.1.x,3.2.x-blue)](https://www.djangoproject.com/)
 [![flask-project](https://img.shields.io/badge/Supported%20versions%20of%20Flask-1.0.x,1.1.x,1.2.x-blue)](https://palletsprojects.com/p/flask/)
diff --git a/dongtai_agent_python/config.json b/dongtai_agent_python/config.json
@@ -33,15 +33,15 @@
     "allhook": {
       "enable": true
     },
-    "name": "DongTai 1.1.3",
+    "name": "DongTai 1.1.4",
     "mode": "normal"
   },
   "project": {
     "name": "Python Demo Project",
     "version": ""
   },
   "engine": {
-    "version": "v1.1.3",
+    "version": "v1.1.4",
     "name": "dongtai-agent-python"
   },
   "app": {
diff --git a/setup.cfg b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = dongtai_agent_python
-version = 1.1.3
+version = 1.1.4
 description = DongTai IAST Agent for Python
 long_description = file: README.md
 url = https://iast.huoxian.cn
