🔒 Security Diagnostics
Real-time vulnerability detection as you code. Automatic issue highlighting with quick fixes.
How It Works
The extension analyzes your Python, TypeScript, and JavaScript files in real-time, highlighting potential security issues with squiggles and offering quick fixes.
Detected Security Issues
| Pattern | Risk | Description |
|---|---|---|
os.system() | 🔴 High | Arbitrary command execution |
eval() | 🔴 High | Code injection risk |
exec() | 🔴 High | Dynamic code execution |
subprocess(shell=True) | 🟡 Medium | Shell injection risk |
pickle.load() | 🟡 Medium | Deserialization attacks |
| Hardcoded credentials | 🔴 High | Secret exposure |
| SQL concatenation | 🟡 Medium | SQL injection risk |
Example
import os
user_input = input("Enter command: ")
# ⚠️ Warning: os.system() can execute arbitrary commands
os.system(user_input) # 🔴 Yellow squiggle appears
# ✅ Safe alternative (offered as quick fix):
import subprocess
subprocess.run(["ls", "-la"], check=True)Quick Fixes
Click the lightbulb (💡) when hovering over a warning to see fixes:
- Replace
os.systemwithsubprocess.run - Add input validation
- Use parameterized queries (for SQL)
- Use environment variables (for secrets)