Snipptor is an application for detecting vulnerable code snippets on the internet. We want to achieve awareness among the developers about the security level of random code snippets.
When a snippet is submmited, Snipptor will search for matching vulnerabilities by engine scan and pre defined rules. This way the user who scanned the snippet will be informed in real time which vulnerabilities exist in the snippet and decide if and how to use it safely.
Engine should implement specific api to be able to scan for Snipptor, currently the main engine is YARA scanner (https://c99.sh/hunting-0days-with-yara-rules Recommnded article to understand how YARA helps to classify snippets)
- Install the chrome extension: https://chrome.google.com/webstore/detail/snipptor/dfljpilhdmgblfkmlhobfmbngehdpjdl
- When you enter StackOverflow, the code snippets will be marked as one of: "Safe", "Vulnerable" + vulnerabilities, "Malicious" or "No vulnerabilities detected"
- Choose how to act considering the snippet classification
- PROFIT
Note that Snipptor only saves the snippet itself and the origin url, further information will not be saved!
This project is using JHipster (Java, JS, React, Postgre)