1.2.0

• Added SQL injection with Python formatting check SQL100
• Support for PyCharm 2020.1

v1.10.0

1.10.0

• Added SH100 to check for 17 potential shell injection commands
• Added SH101 to check for 16 potentially risky spawned process commands

1.1.1

• Add support for PyCharm 2020.1 EAP

1.1.0

• Added new hardcoded password check PW100
• Added new builtin exec check EX100
• Added new mako unescaped input check MK100
• Added new mako HTML escape quick fix
• Fixed minor bug in Flask debug mode check

1.0.15: Merge pull request #21 from tonybaloney/jinja_xss

• All fixes can now be run in batch mode
• Added Jinja2 unescaped Template Validator
• Added Jinja2 unconditional escape fixer

Available on Jetbrains marketplace

v1.0.14

• All checks are now local inspections, so within the Code Inspection tool, they will show as "Python Security"
• Users can now alter the severity of any particular check and mute for a given project, file or IDE

1.0.13: Merge pull request #14 from tonybaloney/fix_unsafe_cast

• Added Django CSRF Middleware Validator
• Added Django Clickjack Middleware Validator
• Added Django Middleware Fixer
• Fixed bug where function references would be unsafely cast to a PyReferenceExpression and cause a fault

v1.0.12

• Added Shell Escape Fixer, recommended by PR100
• Modified the shell injection validator to match subprocess.call, .run and .Popen
• Modified the shell injection validator to ignore string literals or lists of literals

See Documentation for guidance on installing.

1.0.11

v1.0.11

v1.0.10

• Improves PW100 to suggest secrets.compare_digest when Python version >= 3.7