doyensec / electronegativity

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.
Apache License 2.0
972 stars 66 forks source link

error: Unknown Electron release "25.2.x" #106

Open grafanauser opened 1 year ago

grafanauser commented 1 year ago

I use electron 25.2.0. I get this error message: "Unknown Electron release "25.2.x", please check manually for available security fixes."

Will there be an update for new electron versions or is this tool deprecated?

phosphore commented 1 year ago

Hello @grafanauser and thanks for reporting the issue. This was already reported in #104, the main issue being the lack of a stable & quick source for the vulnerability database. The solution right now would be re-writing the check to iterate all the releases (https://github.com/electron/electron/releases.atom) checking for the presence of "CVE", "Security", etc. in the body of the relase. This would be quite slow and not ideal so we'll need some support from the Electron team (#104).

Alternatively you can find a complete database of Electron vulnerabilities for all versions with descriptions and PoCs in ElectroNG if you need.