Skip to content

ThomasNWiik/Bachelor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

422 Commits
.github/workflows
.github/workflows
 
 
datasets
datasets
 
 
services
services
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
addalias.sh
addalias.sh
 
 
manage.sh
manage.sh
 
 
pull.sh
pull.sh
 
 

Repository files navigation

Security Seal

Security Seal is developed as part of our bachelor thesis at the University of Agder, and is a system for scanning user code in C, C++, C# and Python for vulnerabilities in the CWE top 25 list, leveraging a large language model (LLM). The system is developed using a microservice architecture with a Visual Studio Code extension for sending code to analysis and displaying a summary of the results, and a web application to display the report in its entirety. The back-end services include a token validator, a code verifier (to verify that the code sent is in the correct language), an LLM (currently the Phind 34b model), and a report generator (for creating and summarizing the output from the LLM). The services are orchestrated through Prefect.

Installing the Visual Studio Code extension

  1. Navigate to services/extension and download security-seal-0.0.1.vsix.

  2. Open extensions in Visual Studio Code, click the three dots (...) and then Install from VSIX... image

  3. Find the downloaded .vsix and press install.

How to use the extension

Signing up and signing in

  1. Make sure you are either at University of Agder Campus Grimstad utilizing eduroam or have eduVPN activated.

  2. Navigate to Security Seal Homepage, and sign up. You can also skip this step, and sign up through the extension. Note: The certificate of the web application is self-signed, and might produce warnings. You can safely navigate past this. If your browser does not allow you past this warning, both Firefox, Chrome and Edge has been shown to work.

  3. In Visual Studio Code, press Ctrl + Shift + P and find Authenticate with Security Seal. image

  4. Click Open in the popup to open the authentication page.

  5. The authentication page allows you to both register and log in. image When the process has been finished, you will receive a confirmation in the browser.

Scanning the code

  1. In Visual Studio Code, highlight the code you want to analyze, right click and select Analyze code with Security Seal. image

    Note: The file must be saved and have an extension reflecting a supported languages (.c, .cpp, .cs or .py).

Viewing the results

  1. When the code analysis has been completed, a summary of the findings is presented in the output. For each detected vulnerability, the CWE ID and name will be presented, along with the code associated with the vulnerability. image

  2. To view the full report, navigate to the Security Seal Homepage, and sign in. The report is presented on the landing page: image

  3. By clicking the Analyzed Code tab, you can view the entire code snippet that was sent for analysis with code highlighting.
    image

Disclaimer

There is no guarantee that the reported results are correct.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages