Skip to content
| Marketplace
Sign in
Visual Studio Code>Other>sec-proj1New to Visual Studio Code? Get it now.
sec-proj1

sec-proj1

owsug

| (0) | Free
A project for the Convergence Security Project 1 course
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
Copied to clipboard
More Info

sec-proj1 README

A project for the Convergence Security Project 1 course


Overview

This project is a static analysis tool for Java and JavaScript, focused on detecting web application vulnerabilities such as XSS, and SQL Injection(SQLi). It uses the tree-sitter parser for fast and accurate AST parsing and includes taint tracking, sanitizer detection, and sink analysis.


Features

  • Taint analysis for tracking untrusted input (user input, HTTP params, etc.)
  • Sanitizer detection: recognizes and respects standard sanitization functions
  • Sink analysis: detects dangerous flows to sensitive APIs (sinks) such as innerHTML, res.send, SQL queries, etc.
  • Support for both Java and JavaScript (can be extended for other languages)
  • Function-level summary and propagation for inter-procedural taint
  • Inspired by Semgrep community rules

Project Structure

src/
  js/
    detectors/
      taintAnalyzer.ts        # Tracks tainted data flows (JS)
      sanitizer.ts            # Detects sanitizer functions (JS)
      sinkDetector.ts         # Detects dangerous sink usage (JS)
    jsAnalyzer.ts             # Main entry for JS analysis

  java/
    detectors/
      taintAnalyzer.ts        # Tracks tainted data flows (Java)
      sanitizer.ts            # Detects sanitizer functions (Java)
      sinkDetector.ts         # Detects dangerous sink usage (Java)
    javaAnalyzer.ts           # Main entry for Java analysis

  common/
    astUtils.ts               # AST traversal, snippet extraction, etc.
    functionCollector.ts      # Collects function definitions for summaries
    functionSummary.ts        # Analyzes which params flow to sinks

  types/
    tree-sitter.d.ts          # Custom TypeScript types for tree-sitter(for compatibility)
  
  extension.ts                # (If VSCode extension) main integration

TypeScript Compatibility Note

This project uses a custom types/tree-sitter.d.ts file to avoid TypeScript import/type errors for tree-sitter.
You can remove this file if upstream types become available.


Detection Rules (Example)

  • XSS:

    • Assignment to innerHTML, outerHTML
    • document.write, res.send, element.insertAdjacentHTML
    • jQuery .html(), React dangerouslySetInnerHTML
    • Angular/JS/Java frameworks (ElementRef.nativeElement, $sce.trustAsHtml etc.)
  • SQLi:

    • Direct/indirect user input to db.query, executeQuery, ORM queries (createQueryBuilder.where(), etc.)
    • Tainted template strings, concatenations
  • Custom Rule Examples:

    • @Query annotation in Java with string concatenation
    • Function summaries: propagation of taint through parameters

How It Works

  1. Parse source code using tree-sitter (JS or Java grammar)
  2. Collect taint sources and propagate taint through dataflow
  3. Skip propagation for known sanitizer functions
  4. Check dangerous sinks: if tainted input reaches a sink (without sanitization), report a finding

Getting Started

npm install
npm run compile

Dev Mode

  • Press F5 in VSCode to run Extension Development Host
  • Use Ctrl+S to auto-scan file

  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2025 Microsoft