Workflow

Cfripper

Latest version: v1.17.0

Safety actively analyzes 723177 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 12 of 14

0.16.0

Not secure
Improvements
- Add new `RuleConfig`, allows to overwrite the default behaviour of the rule changing rule mode and risk value.
- Add new `Filter`, allows setting custom rule configuration to matching coincidences.
- New RuleModes supported: `RuleMode.DISABLED` and `RuleMode.WHITELISTED`.
Breaking changes
- Class variables `Rule.RULE_MODE` and `Rule.RISK_VALUE` should be changed to use properties `rule_mode` and `risk_value`. These properties take in consideration the custom config that might be applied.
- If rule mode is `DISABLED` or `WHITELISTED`; methods `add_failure_to_result` and `add_warning_to_result` will have no effect.
- `add_failure_to_result` and `add_warning_to_result` accepts a new optional parameter named `context`. This variable is going to be evaluated by filters defined in the custom config.

0.15.1

Improvements
- `SecurityGroupOpenToWorldRule` and `SecurityGroupIngressOpenToWorldRule` are now more accurately scoped to block
potentially public CIDR ranges. It it utilising the latest `pycfmodel` release (0.7.0).

0.15.0

Not secure
Improvements
- Generate DEFAULT_RULES and BASE_CLASSES using code instead of hardcoding
Fixed
- Whitelist did not work if it didn't have the `Rule` prefix
Breaking changes
- Sufix `KMSKeyWildcardPrincipal` and `SecurityGroupIngressOpenToWorld` with `Rule`
- Sufix whitelist constant `FullWildcardPrincipal` and `PartialWildcardPrincipal` with `Rule`

0.14.2

Not secure
Improvements
- Update dependencies

0.14.1

Not secure
Improvements
- Rule processor now accepts an extras parameter that will be forwarded to the rules
- Main gets extra information from the event and forwards it to the rule formatter

0.14.0

Not secure
Breaking changes
- Completely changed base `Rule` abstract class signature and adapted rule classes to match it:
- Init now only takes a `Config`
- `invoke` method now accepts an optional extra Dict
- `invoke` method returns a `Result` instead of `None`
- `add_failure` has been renamed to `add_failure_to_result`. It now takes a result instead of a reason
(that now it's inferred)
- `add_warning` has been renamed to `add_warning_to_result`. It now has the same signature than `add_failure_to_result`
Improvements
- Rule Invoke extras parameter has been added to allow changing the rule behaviour depending on state besides the cfmodel itself:
- Stack naming rules
- Stack tags
- User restrictions
- ...

Page 12 of 14

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.