Code Scanner
The Code Scanner checks agent-generated code for common security vulnerabilities before it's written to disk or executed.
Usage
scanner.py
from veska import CodeScanner
scanner = CodeScanner()
code = """
password = "admin123"
query = f"SELECT * FROM users WHERE id = {user_input}"
eval(user_data)
"""
result = scanner.scan(code, language="python")
if result.has_warnings:
for warning in result.warnings:
print(f"[{warning['severity']}] Line {warning.get('line', '?')}: {warning['message']}")Built-in patterns
| Pattern | Detects |
|---|---|
hardcoded_password | Passwords and secrets in source code |
sql_injection | String interpolation in SQL queries |
eval_usage | Use of eval() or exec() on untrusted input |
hardcoded_api_key | API keys embedded in code |
http_insecure | HTTP URLs where HTTPS should be used |
debug_enabled | Debug mode left enabled in production |
Custom patterns
custom.py
scanner = CodeScanner(extra_patterns=[
{
"name": "console_log",
"pattern": r"console\.log\(",
"message": "Remove console.log before production",
"severity": "warning",
},
{
"name": "todo_comment",
"pattern": r"# TODO",
"message": "Unresolved TODO found",
"severity": "info",
},
])ScanResult
python
result = scanner.scan(code)
result.has_warnings # True if any issues found
result.warnings # List of warning dicts
# Each warning:
# {
# "severity": "high",
# "message": "Hardcoded password detected",
# "line": 3,
# }