Static-Code-Analysis-Helper

Description

It detects functions that are likely to cause attack methodologies in many web programming languages ​​and frameworks in your project folder.

Helps you perform static code analysis.

Note : Many of the functions described here may not cause vulnerabilities.

ScreenShot

Programming Languages

• Go
• Python
• Ruby
• PHP
• JavaScript
• Java
• Rust
• Perl
• Ruby on Rails
• Swift
• Golang
• Scala
• Kotlin
• Julia
• Dart
• ASP.NET Core

Types of attacks related to results

SQLi, XSS, XXE, CSRF, SSTI, SSRF, IDOR, CORS, XSHM, LFI, DoS, DDoS, RFI, Weak Encryption / Insecure Cryptographic Storage, Path Traversel, Session Attacks,Open Redirect, Insecure File Permissions, XPath Injection, File Uploads, Memory Corruption / Buffer Overflow, Security Misconfiguration, Reflected File Download, CSV Injection, Command Injection, WebSocket Vulnerabilities, Race Condition, Cache Poisoning, Code Injection, Malicious File Deserialization, JWT Vulnerabilities, Broken Access Control, Content Spoofing, Authentication Vulnerabilities, Cookie Vulnerabilities, Business Logic Vulnerabilities.

TODO

• ******** Private Repository
• ******** Private Repository
• Scan Multiple Programming Language with MultiThread
• Feature to download from Github, Gitlab or Bitbucket to the repository periodically.

NOTE : Please See; USAGE_POLICY.md LICENSE

Installation

From Git

git clone https://github.com/OsmanKandemir/static-code-analysis-helper.git
cd static-code-analysis-helper
python3 scanner.py -f "/Users/Test/ProjectFolder" -o result.txt

From Source Code

git clone https://github.com/OsmanKandemir/static-code-analysis-helper.git
cd static-code-analysis-helper
python -m build
python setup.py install

From Pypi

The application is available on PyPI. To install with pip:

pip install staticcodeanalysishelper

Function Usage

from StaticCodeAnalysisHelper import FileScan

# Specific Programming Language Scan

FileScan.AdvancedFileScanning("/Desktop/My-Project","java","result.txt")

# Full Scan

FileScan.AdvancedFileScanning("/Desktop/My-Project",None,"result.txt")

From Dockerfile

docker build -t staticcodeanalysishelper .
docker run -v <YOUR-PROJECT-PATH-FOLDER>:/static-code-analysis-helper/Project staticcodeanalysishelper -f /static-code-analysis-helper/Project -p <YOUR-PROGRAMMING-LANGUAGE>

From DockerHub

docker pull osmankandemir/staticcodeanalysishelper:v1.0.0
docker run -v <YOUR-PROJECT-PATH-FOLDER>:/static-code-analysis-helper/Project osmankandemir/staticcodeanalysishelper:v1.0.0 -f /static-code-analysis-helper/Project -p <YOUR-PROGRAMMING-LANGUAGE>

Usage

-f FOLDER [FOLDER], --folder Folder [FOLDER] Project Folder Path. --folder
-p PROGRAMMING [PROGRAMMING], --programming python [PROGRAMMING] Select Programming Language. --programming
-o OUTPUT [FILENAME] --output [FILENAME] Save output. --output

Programming Language List : java, asp.net, python, dart, ruby, go, php, rust, javascript, perl, scala, golang, kotlin, julia

Please, scan the only project files for the correct result.

Development and Contribution

To continue developing the application StaticCodeAnalysisHelper/LanguagesFunctions.py you can add new functions to the file according to the following syntaxes.

{"function": "function()","description": "description"}
{"function": "function[]","description": "description"}
{"function": "function","description": "description"}

See; CONTRIBUTING.md

License

Copyright (c) 2025 Osman Kandemir
Licensed under the GPL-3.0 License.

Donations

If you like Static-Code-Analysis-Helper and would like to show support, you can use Buy A Coffee or Github Sponsors feature for the developer using the button below.

Or

Sponsor me : https://github.com/sponsors/OsmanKandemir 😊

Your support will be much appreciated😊