Expand description
Code security analysis for LLM-generated code outputs.
Scans LLM response text for code blocks (Markdown fenced, indented, or inline) and analyses them for common security vulnerabilities:
- SQL Injection — string concatenation in SQL queries
- Command Injection —
os.system(),eval(),child_process.exec() - Path Traversal —
../in file operations without sanitisation - Hardcoded Credentials —
password = "...", AWS keys in code - Insecure Deserialization —
pickle.loads(),yaml.load()without SafeLoader - XSS Patterns —
innerHTML,document.write(),dangerouslySetInnerHTML - Insecure Crypto — MD5/SHA1 for passwords,
Math.random()for security
Structs§
- Code
Security Analyzer - Analyser that scans text for code blocks and checks them for security vulnerabilities.
Enums§
- Code
Language - Programming language detected in a code block.