Skip to content

Visual Studio Code extension project for detecting security smells in python 3 source code.

License

Notifications You must be signed in to change notification settings

miranalmehrab/Smell-Spotter

Repository files navigation

Smell Spotter

This is an Visual Studio Code extension for detecting insecure coding practices in python code. These insecure coding practices are also known as security smells. These smells can leave room for exploitation of software system ands lead to security breaches. To help the practioners, this tool has been developed to locate these smells in code.

Investigated Smells

Bad File Permission
Command Injections
Cross-site scripting
Constructing SQL upon Input
Debug Set to True in Deployment
Exec Statement
Empty Password
Hard-coded Secrets
Hard-coded IP Address Binding
Hard-coded tmp Directory
Insecure Data Deserialization
Insecure Dynamic Code Execution
Ignore Except Block
Insecure YAML operation
No Certificate Validation
No Integrity Check
Use of HTTP without TLS
Use of assert Statement

Detection Modes

Quick Scan: press ctrl+shift+p and execute quick scan command
Custom Scan: press ctrl+shift+p and execute custom scan command
Complete Scan: press ctrl+shift+p and execute complete scan command

Getting Started

These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.

Prerequisites

The following things need to be installed for the software -

nodejs
npm
python 3.8

Installing

Follow the steps to get a development env running

pull the repository
cd ~/*/repository
npm install

Debugging

To run the extension for debug press F5

Extension options in dev environment

Select one of the provided detection scans and hit Enter

Extension Running in dev environment

Now you can test different scan modes.

Built With

  • Yeoman - The web scaffolding tool
  • NPM - Dependency Management

Authors

License

This project is licensed under the GPLv3 - see the LICENSE file for details

About

Visual Studio Code extension project for detecting security smells in python 3 source code.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published