search

pumasecurity / puma-scan

Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.
https://www.pumascan.com
Mozilla Public License 2.0
443 stars 82 forks source link

VB code scan #42

Closed hemanthnalluri closed 6 years ago

hemanthnalluri commented 6 years ago

Hi,

can Puma will analyse the project which is written in Vb coding. i am using VS 2015

First i've written the code in C# then puma scanner is showing the vulnerability error

Severity Code Description Project File Line Suppression State Warning SEC0110 Unvalidated redirect location is passed to the Response.Redirect method. Sample1 C:\Users\KDDuser\Desktop\Sample1\Sample1\Account\Register.aspx.cs 28 Active Warning SEC0107 SQL Injection - ADO.NET method is passed a dynamic SQL statement. Sample1 C:\Users\KDDuser\Desktop\Sample1\Sample1\Register.aspx.cs 45 Active

i've written the code in VB it was not showing any vulnerability error

so can you please conform can puma scanner will analyse the Vb written code.

if yes please let me know steps to check why it is not scanning the Vb code.

Thanks, Hemanth.

ejohn20 commented 6 years ago

Right now, the rules do not support VB.NET. Only C# is supported. There is a possibility Roslyn is going to sync up both C# and VB.NET syntax types in a future release, but to my knowledge this is not available yet.

hemanthnalluri commented 6 years ago

ok noted thanks.