Workflow

Cfripper

Latest version: v1.16.0

Safety actively analyzes 685670 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 7 of 14

1.1.1

Not secure
Fixes
- Add a fix to the `PartialWildcardPrincipal` rule to be able to detect policies where whole account access is specified via just the account ID.
- For example, if the Principal was defined as `Principal: AWS: 123456789012` as opposed to `Principal: AWS: arn:aws:iam::123456789012:root`.
- These are identical: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html

1.1.0

Not secure
Improvements
- Add `S3ObjectVersioning` rule
- Update `pycfmodel` to `0.11.0`
- This includes model support for S3 Buckets. Rules against these resources have been updated (alongside tests).

1.0.9

Not secure
Improvements
- Update valid AWS Account IDs that might be included as principals on policies.
- This list now covers ELB Logs, CloudTrail Logs, Redshift Audit, and ElastiCache backups.
- `WildCardResourceRule` is now triggered by resources that only limit by service (ex: `arn:aws:s3:::*`)

1.0.8

Not secure
Improvements
- Add `S3LifecycleConfiguraton` rule

1.0.7

Not secure
Improvements
- Add `KMSKeyEnabledKeyRotation` rule
- Bump `pycfmodel` to `0.10.4`

1.0.6

Not secure
Improvements
- Add `S3BucketPublicReadAclRule` rule

Page 7 of 14

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.