🔒 SecureLy - Secure Coding Extension for C and Java

SecureLy is a Visual Studio Code extension designed to help developers write more secure C and Java code by detecting vulnerabilities in real-time based on CERT Secure Coding Standards.

🚀 Features

• ✅ Detects common C and Java vulnerabilities using regex and static analysis
• ✅ Uses clang and clang-format for code parsing and formatting (C/C++)
• ✅ Highlights code issues with detailed diagnostic messages
• ✅ Real-time scanning on demand from the command palette
• ✅ Supports format string detection, SQL/XML injection, resource leaks, and more

📌 Vulnerabilities Detected

🧪 C/C++ Checks

• FIO30-C: Format string vulnerabilities (printf, sprintf, etc.)
• FIO34-C: Improper use of char to store I/O results (fgetc, getchar, etc.)
• DCL30-C: Misuse of global/static variables
• SQL Injection: Unsanitized SQL queries

☕ Java Checks

• IDS00-J: String concatenation in SQL queries (use PreparedStatement)
• IDS06-J: Format string misuse
• IDS16-J: XML Injection risks
• FIO14-J: Resource leaks (missing .close() calls)
• FIO08-J: Unsafe stream reading logic

🧑‍💻 Usage

🟢 Run Secure Scan

1. Open a C or Java source file in VS Code.
2. Open the command palette (Ctrl+Shift+P).
3. Type and run SecureLy: Scan Code.
4. Found vulnerabilities will appear in the Problems panel.

🛠 Requirements

• For C scanning:
  • LLVM/Clang must be installed and accessible via command line.
  • Make sure clang and clang-format are available in your PATH.

📦 Installation

To install manually:

1. Run the following in your extension project folder:

   vsce package