PT Application Inspector for Visual Studio (Preview)

The PT Application Inspector extension finds vulnerabilities and undocumented features in application source code. It helps developers detect security flaws at the early stages of development.

The extension currently supports the following languages: C#, Go, Java, JavaScript, Kotlin, PHP, Python, Ruby, SQL, Solidity, TypeScript, Scala, C/C++, Objective-C, and Swift.

Note: This is an Alpha (Preview) release. It currently supports local scanning and vulnerability visualization. Advanced features like issue triaging and server integration will be available in future updates.

Features

• Static Analysis: Scan your solution directly within Visual Studio.
• Vulnerability Detection: Identifies potential security risks in your code.
• Dependency Analysis: Checks configuration files and third-party components.

Getting Started

1. Enabling the Extension

The extension works on a per-solution basis.

1. Open your Solution or Project in Visual Studio.
2. The extension will detect that it hasn't been enabled for this solution yet and will show a notification prompt: "Enable PT Application Inspector?".
3. Click Enable.
4. The extension will initialize and create a hidden .ai folder in your solution root. This folder stores the local database, logs, and configuration.

2. Installing the Analyzer

The extension requires the PT Application Inspector Code Analyzer to function. There are two ways to install it:

Automatic Installation

If you have internet access, this is the recommended way.

1. Look for a notification bar in the PT Application Inspector extensions window (or a toast notification) saying the analyzer is missing or outdated.
2. Click Download Analyzer.
3. Wait for the progress bar to finish.

Tip: If you missed the notification, you can trigger the download manually via the menu: Extensions -> PT Application Inspector -> Download Analyzer.

Manual Installation (Offline)

Use this method if your machine is in a closed network or has restricted internet access.

1. Download the Analyzer: Download the archive using a machine with internet access:

   • Windows: Download Analyzer (.zip)

2. Prepare the Directory: Open File Explorer on your target machine and navigate to:

   %LOCALAPPDATA%\Application Inspector Analyzer
   

   (Typically: C:\Users\<YourUserName>\AppData\Local\Application Inspector Analyzer). If the folder does not exist, create it.

3. Extract Files: Unpack the contents of the archive directly into this folder.

   Important: Ensure AI.PluginsBackend.exe is located directly at %LOCALAPPDATA%\Application Inspector Analyzer\AI.PluginsBackend.exe, not inside a subfolder.

4. Restart: Restart Visual Studio. The extension will verify the files and become ready for scanning.

3. Scanning a Project

Once the extension is enabled and the analyzer is ready, the PT Application Inspector tool window will open automatically.

1. Configure Scan Settings (Optional): Click the Scan Settings button in the tool window. A configuration file named .aiproj.json will automatically created in your solution root with default settings. You can open this file to tune scan parameters before starting.

2. Start Scan: Click the Start Scan (Play icon) button in the tool window.

3. Monitor Progress: The scan progress will be displayed in the status bar.

Note: The first scan may take longer as the analyzer initializes the database of vulnerable components.

4. Analyzing Results

When the scan is complete, detected vulnerabilities are listed in the standard Visual Studio Error List window.

1. Navigation: Double-click a vulnerability in the Error List to jump to the specific line of code. The vulnerable code segment will be underlined/highlighted in the editor.

2. Vulnerability Details: Click over the highlighted code (or click the error marker) to open the interactive detail view.

3. Explore Tabs: The detail view provides in-depth information organized by tabs:

   • Information: General description and severity of the vulnerability.
   • Data Flow: An interactive trace showing the path of the attack (Entry Point → Data Changes → Exit Point). Clicking on any step in this list navigates to the corresponding line of code.
   • Exploit: An automatically generated example of an HTTP request to test the vulnerability.
   • Additional Conditions: Specific prerequisites required to reproduce the vulnerability.

Requirements

• IDE: Microsoft Visual Studio 2022 (or later).
• OS: Windows 10 or Windows 11 (64-bit).
• RAM: Minimum 8 GB.
• Disk Space: 5 GB of free space.

Privacy Statement

By default, the PT Application Inspector extension collects anonymous usage data to help us improve the product. We do not share this information with third parties, and we do not collect your source code or IP addresses.