SnitchLint is a Visual Studio Code extension designed to help developers identify potential SQL Injection vulnerabilities in their JavaScript and TypeScript code. It analyzes your code for user-controlled input flowing into SQL query-executing functions, helping you prevent common security flaws.
Features
AST-based Analysis: Utilizes TypeScript's Abstract Syntax Tree (AST) to understand code structure.
Taint Tracking: Identifies user-controlled data sources (e.g., req.body, req.query, process.env).
Taint Propagation: Tracks tainted data through variable assignments, concatenations, and template literals.
git clone [https://github.com/your_username/snitchlint.git](https://github.com/your_username/snitchlint.git)
cd snitchlint
Install dependencies:
npm install
Open in VS Code:
code .
Run the Extension: Press F5 to open a new VS Code Extension Development Host window. Your linter will be active in this new window.
Usage
Open any JavaScript (.js) or TypeScript (.ts) file in the Extension Development Host window.
SnitchLint will automatically analyze the code.
Look for squiggly underlines indicating potential issues. Detailed warnings will appear in the Problems panel (View > Problems or Ctrl+Shift+M/Cmd+Shift+M).
Example:
// Example: src/test/vulnerable.ts
const userId = req.body.id; // Tainted source
const query = `SELECT * FROM users WHERE id = '${userId}'`;
db.query(query); // <-- SnitchLint highlights this as a potential SQL Injection