Security Analysis is only available on PRO plan.
This guide walks you through the security analysis features of MatterAI, which helps identify and fix security vulnerabilities in your code.

Static Code Analysis

Understand the security vulnerabilities in your code at multiple levels from SQL injection to XSS and more with Code-Suggestion fixes.
MatterAI Static Code Analysis

Some examples

  • Lack of proper input sanitization leading to injection attacks
# Vulnerable: directly using user input in shell commands
os.system("analyze_code " + user_provided_filename)
  • Failure to validate file paths or file contents before processing
// Vulnerable: path traversal vulnerability
File docFile = new File(basePath + userProvidedPath);
FileInputStream fis = new FileInputStream(docFile);
  • Hardcoded credentials in documentation generation code
// Vulnerable: hardcoded credentials
const apiKey = "1a2b3c4d5e6f7g8h9i0j";
const apiSecret = "secret_token_should_not_be_here";
  • Insufficient access controls for documentation endpoints
# Vulnerable: missing permission checks
@app.route('/admin/update_docs', methods=['POST'])
def update_docs():
    update_documentation(request.form['content'])
    return redirect('/docs')
  • Cross-site scripting (XSS) vulnerabilities when displaying user-contributed code examples
<!-- Vulnerable: unescaped user content -->
<div class="code-example">
  <%= user_submitted_code %>
</div>
  • Missing content security policies for rendered documentation
<!-- Vulnerable: missing CSP headers -->
<head>
  <title>Code Analysis Documentation</title>
  <script src="https://untrusted-cdn.example.com/script.js"></script>
</head>
  • Leakage of sensitive information in error messages or logs
# Vulnerable: exposing detailed errors
try:
    process_code_analysis(file_path)
except Exception as e:
    return jsonify({"error": str(e), "stack": traceback.format_exc()})
  • Insecure storage of user preferences or documentation settings
// Vulnerable: storing sensitive data in localStorage
localStorage.setItem("auth_token", userAuthToken);
localStorage.setItem("api_key", userApiKey);
  • Insecure communication with code repositories or analysis backends
# Vulnerable: unverified TLS
import requests
requests.get('https://api.codeanalysis.com/results', 
             verify=False)
  • Path traversal vulnerabilities when importing external content
// Vulnerable: unsanitized user input in file operations
$template = $_GET['template'];
include("templates/" . $template . ".php");
  • Insecure default settings that expose sensitive analysis results
# Vulnerable: overly permissive default configuration
security:
  public_results: true
  require_auth: false
  debug_mode: true
  • Insufficient protection of configuration files containing sensitive information
# Vulnerable: incorrect file permissions
chmod 777 /var/www/config/database.ini
chmod 777 /var/www/config/api_keys.json
  • Use of outdated libraries with known vulnerabilities
{
  "dependencies": {
    "outdated-markdown-parser": "1.2.3",
    "vulnerable-code-highlighter": "0.9.1"
  }
}
  • Insufficient validation of plugin or extension integrity
// Vulnerable: loading extensions without verification
function loadExtension(extensionUrl) {
  const script = document.createElement('script');
  script.src = extensionUrl;
  document.head.appendChild(script);
}

Package Vulnerabilities Detection

Understand the package vulnerabilities in your Pull Requests and get fixes with recommendation versions.
MatterAI Package Vulnerabilities

Some examples

  • Use of outdated libraries with known vulnerabilities
{
  "dependencies": {
    "outdated-markdown-parser": "1.2.3",
    "vulnerable-code-highlighter": "0.9.1"
  }
}