LeapFix

LeapFix is a powerful VSCode extension designed to perform SAST methodology or static security analysis on your code. It scans the lines of code in your files for vulnerabilities, providing descriptions and links on "how to fix the vulnerabilities" found. This allows developers to identify and fix vulnerabilities while coding. The extension identifies different types of vulnerabilities across various frameworks and programming languages.

Plugin free

This plugin is completely free and does not require authentication, registration, create an account or generate credentials.

Supported language(s) and Frameworks(s)/Plataforms(s)

Player	Language	Framework(s)/Platforms(s)	File Extension(s)
	Dart	Flutter	.dart
	Golang	GoLang, Protobuf	.go
	JavaScript	Angular, NodeJS, React and VueJS	.js
	PHP	CakePHP, CodeIgniter, Kohana, Laravel, Smarty, Symfony,bWapp, etc	.php,.php3,.php5.php6,.phtml,.pthm,.tpl,.ctp
	Python	DJango, FastAPI, Flask, PyQt, Tkinter,Kivy, etc	.py
	Perl	Dancer2,Mojolicious,Catalyst,Plack, Mason,Moose,Dist::Zilla etc	.pl,pm,psgi,plx
	Ruby	Ruby on Rails	.rb
	TypeScript	Angular, React and VueJS	.ts
	ADVPL	TOTVS Framework AdvPL	.prw

How to use

Run a new scan from your IDE even before committing your code or project.

To make the plugin scan and search for vulnerabilities in your code, press:

Ctrl+Shift+P

Select the command:

Run SCAN

This command will scan the current file for vulnerabilities.

Se vulnerabilities are found, a tab will open pointing out the details of the vulnerabilities, along with a description and links on how to fix them.

Result

During code scans, vulnerabilities that appear will be highlighted in a tab:

Watch the video on how LeapFix works for different languages:

Vulnerability remediation detail

When we scan the lines of code and vulnerabilities we find examples of how to fix the vulnerabilities. For a better understanding of vulnerabilities, we offer an example of vulnerable code and an example of safe code to implement in your application. I see examples of how developers will view the breakdown and example of vulnerable and secure code:

1 - Remote Command Execution - GoLang

2 - Insecure Deserialization - Ruby

3 - Potential SQL Injection in SELECT - PHP

4 - XSS via Unsanitized Output - TypeScript (ReactJS)

5 - TLS 1.0: Insufficient Cryptographic Algorithm Strength - ADVPL

6 - XML External Entities (XXE) - Python

7 - Improper Certificate Validation - JavaScript

8 - Improper Use of Cookies - PHP

9 - Insecure Communication - Dart

10 - Potential SQL Injection in SELECT - ADVPL

The LeapFix

The word Leap means to jump and fix means to correction vulnerabilities. But the combination of Leap fix means a "quick fix". This is exactly the purpose of plugin: to provide developers with the opportunity to look for vulnerabilities while developing their code, without needing web platforms to make them aware of the vulnerabilities.

Contributing

The plugin was created by Fernando Mengali.

License

This project is licensed under the MIT License.