🔒 SecureLy - Secure Coding Extension for C and Java
SecureLy is a Visual Studio Code extension designed to help developers write more secure C and Java code by detecting vulnerabilities in real-time based on CERT Secure Coding Standards.
🚀 Features
✅ Detects common C and Java vulnerabilities using regex and static analysis
✅ Uses clang and clang-format for code parsing and formatting (C/C++)
✅ Highlights code issues with detailed diagnostic messages
✅ Real-time scanning on demand from the command palette
✅ Supports format string detection, SQL/XML injection, resource leaks, and more
📌 Vulnerabilities Detected
🧪 C/C++ Checks
FIO30-C: Format string vulnerabilities (printf, sprintf, etc.)
FIO34-C: Improper use of char to store I/O results (fgetc, getchar, etc.)
DCL30-C: Misuse of global/static variables
SQL Injection: Unsanitized SQL queries
☕ Java Checks
IDS00-J: String concatenation in SQL queries (use PreparedStatement)
IDS06-J: Format string misuse
IDS16-J: XML Injection risks
FIO14-J: Resource leaks (missing .close() calls)
FIO08-J: Unsafe stream reading logic
🧑💻 Usage
🟢 Run Secure Scan
Open a C or Java source file in VS Code.
Open the command palette (Ctrl+Shift+P).
Type and run SecureLy: Scan Code.
Found vulnerabilities will appear in the Problems panel.
🛠 Requirements
For C scanning:
LLVM/Clang must be installed and accessible via command line.
Make sure clang and clang-format are available in your PATH.
📦 Installation
To install manually:
Run the following in your extension project folder: