Hi all,
We have just released an update for CORE GRASP (version 3). In this
version, we enhanced mark propagation by implementing marks inside pcre
module and provided a first step into cross-site scripting prevention,
which will be the focus of our next release. We also fixed some bugs. We
appreciate the contributions that were made so far.
CHANGELOG
* Secmark propagation for all regular expressions in pcre module,
including new regression tests.
* New 'S' placeholder for zend_parse_parameters(), which includes
the strings' secmark as a result. This may be useful for module
developers wishing to propagate secmarks through their code.
* Secmark propagation for htmlentities() & htmlspecialchars(). This
is a requirement for XSS prevention.
* Bugfix in two mysql regression tests, which involved hardcoded
paths to the logfile.
* Bugfix in smart_str_appendl, involving FULL+FULL or NONE+NONE
appends being allocated as mixed.
All documents have been updated and can be downloaded from:
http://grasp.coresecurity.com/index.php?m=doc
CORE GRASP distributions can be downloaded from:
http://grasp.coresecurity.com/index.php?m=dld
Again, we invite you to contribute with proposals, discussions and comments.
Feel free to write in this mailing list and share your thoughts.
Regards,
The CORE GRASP team.
http://grasp.coresecurity.com