diff --git a/HISTORY.md b/HISTORY.md
index f4baf290..8b67ced0 100644
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -1,5 +1,12 @@
# Release History
+## 1.0.13
+
+* Added [Django CSRF Middleware Validator](doc/checks/DJG200.md)
+* Added [Django Clickjack Middleware Validator](doc/checks/DJG201.md)
+* Added Django Middleware Fixer
+* Fixed bug where function references would be unsafely cast to a PyReferenceExpression and cause a fault
+
## 1.0.12
* Added [Shell Escape Fixer](doc/fixes/shellescapefixer.md), recommended by [PR100](doc/checks/PR100.md)
diff --git a/build.gradle b/build.gradle
index 82b6d90e..1c12e2e2 100644
--- a/build.gradle
+++ b/build.gradle
@@ -6,7 +6,7 @@ plugins {
}
group 'org.tonybaloney.security'
-version '1.0.12'
+version '1.0.13'
repositories {
mavenCentral()
@@ -33,10 +33,12 @@ intellij {
patchPluginXml {
changeNotes """
-
1.0.12
+ 1.0.13
- - Added a quick-fix for escaping shell input
- - More scenarios for shell injection detection
+ - Added Django CSRF Middleware Validator
+ - Added Django Clickjack Middleware Validator
+ - Added Django Middleware Fixer
+ - Fixed bug where function references would be unsafely cast to a PyReferenceExpression and cause a fault
"""
}
diff --git a/src/main/java/security/helpers/QualifiedNames.kt b/src/main/java/security/helpers/QualifiedNames.kt
index 1acc20e6..d7cd08d5 100644
--- a/src/main/java/security/helpers/QualifiedNames.kt
+++ b/src/main/java/security/helpers/QualifiedNames.kt
@@ -11,7 +11,8 @@ object QualifiedNames {
val markedCallees = callExpression.multiResolveCallee(resolveContext)
if (markedCallees.isEmpty()) {
val firstChild = callExpression.firstChild ?: return null
- val qualifiedName = (firstChild as PyReferenceExpression).asQualifiedName() ?: return null;
+ if (firstChild !is PyReferenceExpression) return null
+ val qualifiedName = (firstChild).asQualifiedName() ?: return null;
return qualifiedName.toString()
}
else
diff --git a/src/test/java/security/helpers/QualifiedNamesTest.kt b/src/test/java/security/helpers/QualifiedNamesTest.kt
index 85fa782e..97de2884 100644
--- a/src/test/java/security/helpers/QualifiedNamesTest.kt
+++ b/src/test/java/security/helpers/QualifiedNamesTest.kt
@@ -48,6 +48,15 @@ class QualifiedNamesTest: SecurityTestTask() {
assertEquals(getQualifiedName(code), "math.floor")
}
+ @Test
+ fun `test double brackets reference no arguments`(){
+ var code = """
+ import math
+ math.floor()()
+ """.trimIndent()
+ assertEquals(getQualifiedName(code), "math.floor")
+ }
+
private fun getQualifiedName(code: String): String?{
var name: String? = null
ApplicationManager.getApplication().runReadAction {