Python agent release notes

Inability to patch held references to older versions of modules prevents instrumentation of referenced, rather than directly invoked, methods, such as in Werkzeug version 0.16.0.

Added support for Assess rules:

Removed HTTP request methods as a dataflow source.

Added support for Assess configurations assess.enable_scan_response and assess.rules.disabled_rules.

Unable to instrument applications on OSX using locally built Python versions due to maxprot setting. (PYT-1025)

Hardcoded analysis rules were accidentally disabled. (PYT-1027)

When the agent was disabled, attempting to start without the Contrast service, resulted in application crash in Flask applications. (PYT-1012)

Instrument compile as part of the Unsafe Code Execution rule.

Decouple ServiceClient from SettingsState

Use normalized_response_headers in DTM instead of response_headers.

Refactored XSS postfilter logic for checking allowed content type.

Updated MongoDB update_methods to account for all arguments.

Replaced FlowMap Technology Analysis.

Verifed that SR handles empty observed route url.

Merge all rules apply_rule into one implementation.

Do not report handled exceptions in INFO/ERROR logs

Upgraded Python agent to use SR 2.11.x.

Fix and update regex used for protect XXE rule (PYT-94)

Fix error in DB write propagator. (PYT-971)

Agent fails to identify itself with new SR instance after the original SR instance goes down. (PYT-715)

List pip and pkg_resources as dependencies and/or include as external modules. (PYT-974)

Do not report observed route if signature is missing/empty. (PYT-970)

Added route coverage support for Django 3.0.

Added Falcon 2.0 support.

Improved accuracy of library file usage.

Improved propagation through regular expressions in Assess.

The team made significant internal cleanup to Request representation

Fixed a bug where regex propagation was throwing an exception under certain conditions.

Fixed a bug related to agent handling of very short JSON keys and values.

Updated protobuf dependency requirement in response to incompatibility issues with older versions.

Fixed an issue where the agent raised an internal exception for applications using certain features of pyasn1.

Fixed a bug where Django applications were unable to properly parse the Content-Type header if a charset was explicitly provided.

Improved error handling around stack trace construction.

Falcon 2.0 is supported and is in beta

Upgraded Contrast Service to 2.8.1

Added support for Django Rest Framework

Added copyright to all agent files

Removed the agent's external dependency on the wrapt package

Improved INFO level logging for easier tracking of applications with multiple processes

When running the agent with protobuf-3.6.1 sometimes the application crashed, which has now been resolved with a newer protobuf version.

Added initial support for Stored XSS rule in Assess for django framework.

Added Unvalidated Redirect support for Assess for pyramid and webob objects.

Made updates to reduce number of false positives from Reflected XSS rule in Assess.

Removed the agent’s external dependency on the six package.

When running the agent under Python 2.7 on Ubuntu 16.10 some instrumentation failed to apply, which has now been resolved.

When applications used str.format in certain edge cases, the agent lost dataflow propagation, which has now been resolved.