SafeC - C Code Vulnerability Analyzer

SafeC is a VS Code extension that helps identify security vulnerabilities in C code using AI-powered analysis. It integrates with a configurable vulnerability detection API to provide real-time security analysis of your C code.

✨ Features

• 🔍 Real-time vulnerability detection: Analyze C code for common security vulnerabilities
• 🎯 Context menu integration: Right-click on selected C code to analyze for vulnerabilities
• 📊 Detailed vulnerability reports: Get comprehensive explanations of identified security issues
• ⚙️ Configurable API settings: Configure the API endpoint, port, and model settings
• 📝 Support for both selected text and entire files: Analyze specific code sections or entire C files
• 💾 Export reports: Save analysis results as HTML, PDF, or text files
• 🔧 Easy configuration: First-time setup wizard and configuration management
• 🔌 Connection testing: Test API connectivity before analysis
• 🆔 Session management: Unique session IDs for each analysis request

🛠️ Requirements

• API Server: This extension requires a vulnerability detection API server
• Model: The default model c-vuln:latest should be available on your API server
• Network: The extension connects to your configured API endpoint (default: 54.88.60.35:11434)

Setting up the API Server

Make sure you have the vulnerability detection API server running. The extension expects the server to be available at:

POST http://your-api-host:port/api/generate

Default configuration:

• Host: 54.88.60.35
• Port: 11434
• Model: c-vuln:latest

🚀 How to Use

First Time Setup

1. Install the extension from the VS Code marketplace
2. Configure API settings - You'll be prompted on first use to set up your API connection
3. Test connection - Use the "SafeC: Test API Connection" command to verify connectivity

Analyzing Code

1. Open a C file in VS Code
2. Select the C code you want to analyze (optional - if no selection, entire file will be analyzed)
3. Right-click and select "SafeC: Analyze C Code Vulnerabilities" from the context menu
4. Wait for analysis - a progress indicator will show the analysis in progress
5. View results - the vulnerability report will open in a webview panel with interactive features

Commands Available

• SafeC: Analyze C Code Vulnerabilities - Analyze selected C code or entire file
• SafeC: Configure Settings - Open configuration dialog
• SafeC: Test API Connection - Test connectivity to your API server
• SafeC: Initial Setup - Run the first-time setup wizard

⚙️ Configuration

Extension Settings

This extension contributes the following settings:

• safec.apiHost: Hostname for the vulnerability analysis API (default: "54.88.60.35")
• safec.apiPort: Port for the vulnerability analysis API (default: 11434)
• safec.model: Model name for vulnerability analysis (default: "c-vuln:latest")
• safec.firstTimeSetup: Indicates if first-time setup is needed (default: true)

Configuration Methods

1. First-time wizard: Prompted automatically on first use
2. Command Palette: Use "SafeC: Configure Settings" command
3. VS Code Settings: Go to File → Preferences → Settings, search for "SafeC"
4. Settings UI: Use the configuration panel in the vulnerability analysis webview

🔍 Common Vulnerabilities Detected

The extension can help identify various C security vulnerabilities including:

• Buffer Overflows: Use of unsafe functions like gets(), strcpy(), sprintf()
• Format String Vulnerabilities: Improper use of printf() family functions
• Integer Overflows: Arithmetic operations that may overflow
• Use After Free: Memory management issues
• Null Pointer Dereferences: Accessing uninitialized or null pointers
• Race Conditions: Thread safety issues
• And many more...

Example Usage

Given the following vulnerable C code:

#include <stdio.h>
int main() {
    char buf[8];
    gets(buf);           // Buffer overflow vulnerability
    printf(buf);         // Format string vulnerability
    return 0;
}

The extension will identify and explain these vulnerabilities, suggesting safer alternatives.

Troubleshooting

Extension not working?

• Make sure the API server is running on the configured host and port
• Check that the model c-vuln-fixed:latest is available
• Verify network connectivity to the API endpoint

No context menu option?

• Make sure you're working with a .c file
• The option appears in the right-click context menu

Known Issues

• myExtension.enable: Enable/disable this extension.
• myExtension.thing: Set to blah to do something.

Known Issues

Calling out known issues can help limit users opening duplicate issues against your extension.

Release Notes

Users appreciate release notes as you update your extension.

1.0.0

Initial release of ...

1.0.1

Fixed issue #.

1.1.0

Added features X, Y, and Z.

Following extension guidelines

Ensure that you've read through the extensions guidelines and follow the best practices for creating your extension.

• Extension Guidelines

Working with Markdown

You can author your README using Visual Studio Code. Here are some useful editor keyboard shortcuts:

• Split the editor (Cmd+\ on macOS or Ctrl+\ on Windows and Linux).
• Toggle preview (Shift+Cmd+V on macOS or Shift+Ctrl+V on Windows and Linux).
• Press Ctrl+Space (Windows, Linux, macOS) to see a list of Markdown snippets.

For more information

• Visual Studio Code's Markdown Support
• Markdown Syntax Reference

Enjoy!