EagleHunt.AI Code Security - VS Code Extension
Introduction
EagleHunt.AI Code Security is a Visual Studio Code extension designed to help developers identify and fix security vulnerabilities in their code. By integrating with the EagleHunt.AI security analysis backend, this extension provides real-time security feedback directly within your code editor.
Features
- Real-Time Security Analysis: Automatically scan your code for security vulnerabilities and receive detailed suggestions on how to fix them.
- Inline Security Comments: Security issues are annotated directly in your code as comments, making it easy to identify and resolve them.
- Multi-Language Support: Works with a variety of programming languages, including JavaScript, TypeScript, Python, Java, C++, C#, Go, and more.
- Convenient Shortcuts: Trigger security scans using customizable keyboard shortcuts or via the Command Palette.
- CodeLens Integration: Access the security scan command through CodeLens links placed strategically in your code files.
Installation
To install the EagleHunt.AI Code Security extension:
- Open Visual Studio Code.
- Navigate to the Extensions view by clicking on the Extensions icon in the Activity Bar or by pressing
Ctrl+Shift+X (Cmd+Shift+X on macOS).
- Search for "EagleHunt.AI Code Security".
- Click Install on the extension.
Alternatively, you can install the extension directly from the VS Code Marketplace.
Usage
Setting Up Your License Key
A valid license key is required to use the EagleHunt.AI Code Security extension.
- Obtain a License Key:
- Visit EagleHunt.AI to purchase a license key.
- The license key will be sent to your email shortly after payment.
- Enter License Key in VS Code:
- Open VS Code Settings (
Ctrl+, or Cmd+, on macOS).
- Search for "EagleHunt.AI".
- Enter your license key in the
EagleHunt-AI: License Key field.
Running a Security Check
You can run a security check using any of the following methods:
Using Keyboard Shortcut
- Windows/Linux: Press
Ctrl + Alt + S.
- macOS: Press
Ctrl + Cmd + S.
Using CodeLens Links
- Open a code file.
- Click on the "EagleHunt.AI Security Check" CodeLens link at the top, middle, or bottom of the file.
Note: CodeLens links appear if the file has more than 40 lines.
Using the Command Palette
- Open the Command Palette (
Ctrl+Shift+P or Cmd+Shift+P on macOS).
- Type "EagleHunt.AI: Check Security" and select the command.
Viewing Results
After running a security check:
- Security Summary: A header comment is inserted at the top of your file, summarizing the total number of issues found.
- Detailed Issues: Each issue includes comments detailing the vulnerability, severity, description, and recommended fixes.
- Overall Feedback: An overall feedback summary is added at the end of the comments.
Example Output
// EagleHunt.AI Security:
//
// Total Issues: 2
//
// Issue: SQL Injection Vulnerability
// Severity: High
// Description: The code constructs a SQL query using unvalidated user input.
// Recommendation: Use parameterized queries or prepared statements to prevent SQL injection.
//
// Issue: Insecure Random Number Generator
// Severity: Medium
// Description: Using Math.random() for security-critical randomness is insecure.
// Recommendation: Use a cryptographically secure random number generator.
//
// Overall Feedback:
// Your code contains critical security vulnerabilities that should be addressed immediately.
Configuration
The extension offers configurable settings:
- License Key (
eaglehunt-ai.licenseKey): Your personal license key for accessing the EagleHunt.AI service.
- Payment Link (
eaglehunt-ai.paymentLink): A link to purchase a license key if you don't have one.
Access these settings via Settings > Extensions > EagleHunt.AI.
Supported Languages
The extension supports multiple programming languages:
- JavaScript
- TypeScript
- Python
- Java
- C++
- C
- C#
- Go
- Shell Scripts
- Ruby
- Perl
- HTML/XML
If your language isn't listed, the extension defaults to using C-style comments.
Limitations
- Monthly Call Limit: The service allows up to 750 requests per month. Exceeding this limit will result in a notification and temporary suspension of service.
- License Validation: The license key is validated with each request. Invalid or expired keys will prevent the extension from functioning.
Privacy Notice
When you run a security check:
- Data Sent: The content of the current file and its name are sent to the EagleHunt.AI backend server (
https://eaglehunt-server.fly.dev) for analysis.
- Data Use: The data is used solely for providing security analysis and suggestions.
Please ensure you are comfortable with this data exchange, especially when working with sensitive or proprietary code.
Troubleshooting
- No Valid License Key Found:
- Ensure you've entered a valid license key in the settings.
- If you don't have a key, purchase one from EagleHunt.AI.
- Exceeded Monthly Call Limit:
- Wait until the next month resets your limit.
- Contact support if you believe this is an error.
- Unexpected Errors:
- Check your internet connection.
- Review error messages displayed in VS Code.
- Consult the Output panel in VS Code for detailed logs.
Support
If you need assistance or have questions:
Thank you for using EagleHunt.AI Code Security. Together, we can build more secure software!
