Workflow

Cfripper

Latest version: v1.17.0

Safety actively analyzes 723963 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 13 of 14

0.13.0

Not secure
Fixed
- Regular expressions had an unescaped '.' before 'amazonaws.com', so it might match more hosts than expected.
Changed
- `CloudFormationAuthenticationRule` now in `MONITOR` mode and new test added
- `IAMRoleWildcardActionOnPolicyRule` combines three previous unused rules in `IAMManagedPolicyWildcardActionRule`, `IAMRoleWildcardActionOnPermissionsPolicyRule`, and `IAMRoleWildcardActionOnTrustPolicyRule`
- `IAMRoleWildcardActionOnPolicyRule` now in `DEBUG` mode
- `S3BucketPolicyWildcardActionRule` has now been changed to be an instantiation of the new generic rule `GenericWildcardPolicyRule`. It is set in `DEBUG` mode
- `S3BucketPolicyWildcardActionRule` has had updated regex filter to make it more aligned with both further rules to do with wildcards in actions, and the existing `SQSQueuePolicyWildcardActionRule`
- `SQSQueuePolicyWildcardActionRule` has now been changed to be an instantiation of the new generic rule `GenericWildcardPolicyRule`. It is set in `DEBUG` mode
- `SecurityGroupMissingEgressRule` now in `DEBUG` mode and a new test added
- `SNSTopicPolicyWildcardActionRule` has beed added. It is an instantiation of the new generic rule `GenericWildcardPolicyRule`. It is set in `DEBUG` mode
Breaking changes
- The following rules are no longer available:
- `IAMRoleWildcardActionOnPermissionsPolicyRule`
- `IAMRoleWildcardActionOnTrustPolicyRule`
- `IAMManagedPolicyWildcardActionRule`
- The following rules have been moved:
- `S3BucketPolicyWildcardActionRule`
- `SQSQueuePolicyWildcardActionRule`

0.12.2

Improvements
- Documentation updated to show the risk of rules and possible fixes where available,
as well as a large set of updates to the content. The macros for parsing the documentation
have also been updated.

0.12.1

Not secure
Fixes
- Fix for `CrossAccountCheckingRule` was adding errors when the principal was sts when it shouldn't.
Added
- `get_account_id_from_sts_arn` and `get_aws_service_from_arn` in utils.

0.12.0

Not secure
Added
- Adds CLI to package
- `KMSKeyCrossAccountTrustRule`
Changed
- `GenericWildcardPrincipalRule`, `PartialWildcardPrincipalRule`, `FullWildcardPrincipalRule` no longer check for
wildcards in KMSKey principals.
- Improved granularity of most rules

0.11.3

Not secure
Improvements
- `S3CrossAccountTrustRule` now accepts resource level exceptions
- New documentation!
Breaking changes
- `cfripper.rules.s3_bucked_policy` renamed to `cfripper.rules.s3_bucket_policy` (typo)

0.11.2

Not secure
Fixes
- Fix `get_template` when AWS doesn't return a dict.

Page 13 of 14

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.