SASTGriper: Finding vulnerable Code via grep.

Before you start reading this I want to make sure the whole project is based upon this grep command.

grep -irnE  “regexp” ./pathtoFolder. I haven’t done anything new or I m not even bragging. I m starting and posting this for feedbacks and features which are going to be added in the upcoming versions. Feel free to give any suggestions, feedback.
I have only added a user interface where you can click a button which is mentioning your desired file and a visual studio code’s window will be opened and the cursor will directly point to that line number. You can add a breakpoint directly to the line number in visual studio code.
The example is shown here is mentioning Damn Vulnerable NodeJS Application
1. Let us hunt some SQL operations and functions.
Screenshot 2019-09-21 at 12.21.38 AM
After Clicking on Open In Visual Studio. The File will be opened and the cursor will be prompt on the desired line.
Screenshot 2019-09-21 at 12.21.58 AM
2. Searching for the dangerous eval function in the code.
Screenshot 2019-09-21 at 12.29.13 AM
When Open In Visual Studio Code is Clicked.
Screenshot 2019-09-21 at 12.29.29 AM
3 When Authentication related functions are searched.
Screenshot 2019-09-21 at 12.32.54 AM
You can search for multiple things at once by simply giving a regex.
Screenshot 2019-09-21 at 12.32.30 AM

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s