Matter AI | Code Reviewer Documentation

Security Analysis is only available on PRO plan.

This guide walks you through the security analysis features of Matter AI, which helps identify and fix security vulnerabilities in your code.

Static Code Analysis

Understand the security vulnerabilities in your code at multiple levels from SQL injection to XSS and more with Code-Suggestion fixes.

Some examples

Input Validation Issues

Lack of proper input sanitization leading to injection attacks

# Vulnerable: directly using user input in shell commands
os.system("analyze_code " + user_provided_filename)

Failure to validate file paths or file contents before processing

// Vulnerable: path traversal vulnerability
File docFile = new File(basePath + userProvidedPath);
FileInputStream fis = new FileInputStream(docFile);

Authentication and Authorization Flaws

Hardcoded credentials in documentation generation code

// Vulnerable: hardcoded credentials
const apiKey = "1a2b3c4d5e6f7g8h9i0j";
const apiSecret = "secret_token_should_not_be_here";

Insufficient access controls for documentation endpoints

# Vulnerable: missing permission checks
@app.route('/admin/update_docs', methods=['POST'])
def update_docs():
    update_documentation(request.form['content'])
    return redirect('/docs')

Documentation Content Security

Cross-site scripting (XSS) vulnerabilities when displaying user-contributed code examples

<!-- Vulnerable: unescaped user content -->
<div class="code-example">
  <%= user_submitted_code %>
</div>

Missing content security policies for rendered documentation

<!-- Vulnerable: missing CSP headers -->
<head>
  <title>Code Analysis Documentation</title>
  <script src="https://untrusted-cdn.example.com/script.js"></script>
</head>

Data Handling Issues

Leakage of sensitive information in error messages or logs

# Vulnerable: exposing detailed errors
try:
    process_code_analysis(file_path)
except Exception as e:
    return jsonify({"error": str(e), "stack": traceback.format_exc()})

Insecure storage of user preferences or documentation settings

// Vulnerable: storing sensitive data in localStorage
localStorage.setItem("auth_token", userAuthToken);
localStorage.setItem("api_key", userApiKey);

Integration Vulnerabilities

Insecure communication with code repositories or analysis backends

# Vulnerable: unverified TLS
import requests
requests.get('https://api.codeanalysis.com/results', 
             verify=False)

Path traversal vulnerabilities when importing external content

// Vulnerable: unsanitized user input in file operations
$template = $_GET['template'];
include("templates/" . $template . ".php");

Configuration Management

Insecure default settings that expose sensitive analysis results

# Vulnerable: overly permissive default configuration
security:
  public_results: true
  require_auth: false
  debug_mode: true

Insufficient protection of configuration files containing sensitive information

# Vulnerable: incorrect file permissions
chmod 777 /var/www/config/database.ini
chmod 777 /var/www/config/api_keys.json

Third-Party Dependencies

Use of outdated libraries with known vulnerabilities

{
  "dependencies": {
    "outdated-markdown-parser": "1.2.3",
    "vulnerable-code-highlighter": "0.9.1"
  }
}

Insufficient validation of plugin or extension integrity

// Vulnerable: loading extensions without verification
function loadExtension(extensionUrl) {
  const script = document.createElement('script');
  script.src = extensionUrl;
  document.head.appendChild(script);
}

Package Vulnerabilities Detection

Understand the package vulnerabilities in your Pull Requests and get fixes with recommendation versions.

Some examples

Third-Party Dependencies

Introduction

Getting Started

Features

Patterns

Integrations

Enterprise

Security Analysis

Static Code Analysis

Some examples

Package Vulnerabilities Detection

Some examples

Introduction

Getting Started

Features

Patterns

Integrations

Enterprise

​Static Code Analysis

​Some examples

​Package Vulnerabilities Detection

​Some examples

Static Code Analysis

Some examples

Package Vulnerabilities Detection

Some examples