Skip to main content

IDE Extension

Fluid Attacks has a powerful extension for the Visual Studio Code (VScode) editor. With this extension, you can see reported vulnerabilities in the platform by pointing you to the specific file and line of code where the vulnerability was reported and redirect you to criteria documentation. Remember that depending on the files you have as analysis input, these are the ones that will reflect this information.

To get started with the extension, we'll guide you through a series of steps to initiate its usage.

Download extension

To download the extension, navigate to the extensions section and search for Fluid Attacks in the search bar.

Find extension

Configure the editor with Fluid Attacks platform

After Extension Download: Configuring Fluid Attacks platform with your Editor, go to configuration => settings.

settings

In the search bar, type the name of the Fluid Attacks extension. Once you've done that, enter your platform API token. After entering the token, close and reopen your editor to apply the changes and updates.

Platform api token

Once you have the extension and the configuration set up, open VS Code in the project where vulnerability analysis is active, you should see the extension symbol. You'll also notice the files with red dots, indicating that they contain vulnerabilities.

extension activation

Functions

You can utilize the various functionalities of the extension in two different ways, both of which perform the same actions. One approach is by clicking on the Fluid Attacks icon, and the other is detecting files with vulnerabilities marked by red dots. Within the tool, you'll have access to the following functions:

  • Pointing out the file and the line of code with vulnerability.

  • Redirecting that vulnerability to Fluid Attacks platform.

  • Applying the Temporarily accepted treatment.

  • Going to criteria.

  • Request reattack.

Functionalities through the Fluid Attacks icon

File and code line pointing

Upon clicking the Fluid Attacks extension icon, you will be presented with a comprehensive list of vulnerability types detected in your code.

click on the icon

Clicking on any selected vulnerability type will list all the files containing vulnerabilities corresponding to that type.

selecting a vuln type

Selecting any of the files will show you the line of code where the vulnerability is present, underlining it with a red line below.

Showing the vuln

Temporarily accepted treatment

If you look at where the files are listed on the right side, you will notice two icons, one of which is a calendar. By clicking on this icon, you can apply the "Accept Vulnerability Temporary" treatment to that vulnerability.

Apply treatment

Upon applying, you will receive a success message confirming the application of this treatment in your vulnerability. Additionally, you can refresh the view and observe that the underlined vulnerability color changes from red to yellow, indicating that the temporary treatment has been applied.

Request reattack

You can also request a reattack for a vulnerability by clicking on the shield icon.

Request a reattack

You will receive a success message for using this action upon applying it. Additionally, you can refresh the view and observe that the underlined vulnerability color changes from red to blue, indicating that the reattack was successfully requested.

Get Custom Fix

You can request a personalized guide to resolve the vulnerability by clicking on the wrench icon. This guide is AI-generated to assist with the specific issue you are facing. Get Custom Fix

The guide is generated when a minimal fragment of the sensitive code is transmitted via a secure API. Consistent with the applicable usage policies, you can be confident that this data will be handled with the utmost care. Your information will not be used, stored, or shared, ensuring the continued confidentiality and integrity of your code.

Note that the initial generation for each vulnerability may take some time. However, to enhance efficiency, this response is cached for future reference. Should the vulnerable commit change, a new guide will be generated. The process leverages the code version stored by Fluid Attacks, not the locally stored code. If there’s any modification in the code, ensure to upload it to the repository and synchronize it from the vulnerability management platform.

Go to criteria and finding

You can navigate to the criteria or directly to the finding on the platform by right-clicking on the vulnerability typology title.

Criteria and finding

There, you will see these two options. Clicking on "Go to Criteria" will take you to our documentation, and clicking "Go to Finding" will redirect you to our platform.

Finding description

To access the vulnerability description, right-click on the vulnerability and choose the option "See finding description."

See description

Clicking on this will bring up a tab on the right side, showing you the finding description, Attack Vector, Threat, Severity score, and Average remediation time per vulnerability.

Description info

Another way to access this functionality is by going to the vulnerability title and right-clicking on it.

Second way

There, you will see the description of it.

Refresh button

If you want to verify that the changes you've made have been applied, you can click on the refresh button.

Refresh action

There you can see that the vulnerabilities to which a reattack or temporary treatment has been applied will change the color of their highlighting. A blue line indicates a reattack was requested, while a yellow line indicates a temporary treatment was applied.

Functionalities through the files

File and code line

To visualize the vulnerabilities reported in Fluid Attacks platform from the editor, you have to open the project in which it is active in the vulnerability analysis. You can detect the files since they have red dots or open them directly by file line by clicking on the X symbol.

visualize vulnerabilities

You will see a list of vulnerabilities where you will be redirected to the file and the vulnerable line of code.

line vulnerabilities

Redirection to Fluid Attacks platform

Once you have the line of code where the vulnerability is reported, put the cursor of your mouse over it, and you will get a pop-up window where it will give you the definition and the redirection link.

redirection platform

Clicking on the link will open Fluid Attacks' platform where this reported vulnerability is located.

Apply Temporarily accepted treatment

You can apply the Accept Vulnerability Temporary treatment by right-clicking on the line of code.

Accepted treatment

There you put the justification and the date of the treatment application.

Go to criteria

Clicking on criteria will take you to the documentation.

Go criteria

Request a reattack

You can also request a reattack by clicking on this one, where you will put the justification.

reattack

See Finding description

Clicking on this option will open a window on the right side, displaying information about the finding such as: description, Attack Vector, Threat, Severity score, and Average remediation time per vulnerability.

Description