04 Aug, 2023

SAST Prompts: Strengthening Code Security

SAST prompts is a new approach in static application security analysis that applies artificial intelligence to improve the detection of vulnerabilities and potential threats in source code. The approach relies on neural networks and machine learning to provide programmers with context-sensitive tips on how to address the vulnerabilities they discover.

When a SAST tool detects potential vulnerabilities or problems in the code, it can generate a SAST prompt, a special recommendation generated from pre-trained deep learning models. These models analyse the code’s context, syntax and structure, and look for similarities to previous vulnerability cases.

Each SAST prompt is a detailed instruction that explains to the programmer how to fix the discovered vulnerability or security problem. SAST prompts may include code examples, links to documentation, or recommendations on how to use secure programming practices.

Advantages of using SAST prompts:

  • SAST prompts not only identify typical vulnerabilities but also detect more intricate security problems that might be overlooked by other code analysis methods.

  • Thanks to intelligent analysis, SAST prompts can minimize the number of false positives, simplifying developers’ work and lowering the likelihood of missing actual vulnerabilities.

  • SAST prompts provide an educational effect, explaining why a particular piece of code is considered vulnerable, helping developers better understand the issue and avoid it in the future.

Example of using SAST prompts in a real-world project

Example Scenario:

Imagine that you are a developer working on a web application that allows users to search for products in an online store. The application accepts user input for the search query and then queries the database to retrieve relevant products.

Vulnerable Code:

Here’s a snippet of vulnerable code that doesn’t properly handle user input and is susceptible to “SQL injection”:

					import sqlite3

def search_products(search_query):
    connection = sqlite3.connect("database.db")
    cursor = connection.cursor()

    # Vulnerable SQL query without input validation
    query = "SELECT * FROM products WHERE name = '" + search_query + "'"

    results = cursor.fetchall()


    return results



In the above code, the search_products function takes the search_query input directly and concatenates it into the SQL query. This practice makes the application vulnerable to SQL injection. An attacker could exploit this vulnerability by inputting malicious SQL code in the search query, potentially gaining unauthorized access to the database or manipulating data.

Using SAST Prompts to Identify the Vulnerability

Let’s imagine that you have integrated a sophisticated SAST tool into your development environment, which includes intelligent prompts. As you run the SAST analysis on the code, the tool examines the codebase and identifies potential security weaknesses, including the SQL injection vulnerability.

The SAST tool generates an intelligent prompt to alert you about the issue and provides a detailed explanation of the problem. The prompt might read:

“Potential SQL Injection Vulnerability Detected: The ‘search_products’ function in your code is susceptible to SQL injection attacks. User input is directly concatenated into the SQL query without proper validation, making it possible for attackers to manipulate the query and potentially access or modify sensitive data. It is recommended to use parameterized queries or prepared statements to mitigate this risk.”

Rectifying the Vulnerability with SAST Prompt Recommendations

Upon receiving the SAST prompt, you can take the following steps to rectify the SQL injection vulnerability:

Parameterized Queries

Refactor the vulnerable SQL query using parameterized queries to properly separate the SQL code from user input. In Python’s sqlite3 library, you can achieve this as follows:

					def search_products(search_query):
    connection = sqlite3.connect("database.db")
    cursor = connection.cursor()

    # Using parameterized query
    query = "SELECT * FROM products WHERE name = ?"

    cursor.execute(query, (search_query,))
    results = cursor.fetchall()


    return results


Prepared Statements

If your application uses a database abstraction layer or an ORM (Object-Relational Mapping) framework, consider using prepared statements, which automatically handle parameterized queries for you.

The future of SAST prompts

With advances in technology and the further development of artificial intelligence, one can expect SAST prompts to become even more effective and widely applicable. Especially since they can be used in conjunction with other technologies such as SCA (Software Composition Analysis) and DAST (Dynamic Application Security Testing).

In addition to this, developers can start creating their own sets of SAST prompts, customized to the specific requirements and characteristics of their projects, leading to a more personalized and accurate vulnerability detection experience.

Application of SAST prompts in various industries

SAST prompts have a wide range of applications in different sectors of software development. They can be used in:

  • Web development

SAST prompts help to detect vulnerabilities in web applications such as SQL injection, XSS (cross-site scripting) and CSRF (cross-site request forgery) and provide recommendations on how to fix them.

  • Mobile development

For mobile applications, SAST prompts can identify storage security issues, insecure API queries and other platform-related vulnerabilities.

  • Embedded systems development

In embedded systems development and IoT (Internet of Things), SAST prompts can identify vulnerabilities that can lead to remote code execution or data leakage.

  • Finance

In finance, application security is critical. SAST prompts can help detect vulnerabilities that could lead to financial fraud or customer privacy breaches.

SAST Tools

• Bandit is a tool designed to find common security issues in Python code. To do this, Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files, it generates a report.

  • Install Bandit:

					pip install bandit


  • Run Bandit:

					bandit -r path/to/your/code

An example of how the tool works:

• Flawfinder, a simple program that examines C/C++ source code and reports possible security weaknesses (“flaws”) sorted by risk level.

  • Install flawfinder:

					pip install flawfinder


  • After installing it, at a command line just type:

					flawfinder directory_with_source_code

An example of how the tool works:

• RuboCop a Ruby code style checker (linter) and formatter based on the community-driven Ruby Style Guide.

  • RuboCop’s installation:

					gem install rubocop


  • Running rubocop with no arguments will check all Ruby source files in the current directory:



An example of how the tool works:

• Codegrepper is a very simple python script designed to grep a codebase searching for known vulnerabilities, or custom regex by choice. 

  • Codegrepper installation:

					git clone https://github.com/klezVirus/codegrepper


  • Go to the Codegrepper directory

					cd codegrepper


  • Using the Codegrepper:

					python codegrepper.py -d path/to/your/code


An example of how the tool works:

• Bearer CLI is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security and privacy risks.

  • Install the “apt-transport-https” package, which allows APT to handle HTTPS connections for secure package downloads:

					sudo apt-get install apt-transport-https



  • Add the “bearer” package repository to the list of software sources in the “/etc/apt/sources.list.d/fury.list” file. The repository is specified as a trusted source (“[trusted=yes]”):

					echo "deb [trusted=yes] https://apt.fury.io/bearer/ /" | sudo tee -a /etc/apt/sources.list.d/fury.list



  • Finally, install the “bearer” package from the added repository:

					sudo apt-get install bearer



  • Run the scan command on the project directory:

					bearer scan path/to/your/directory


An example of how the tool works:

• Njsscan is a static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep.

  • Install njsscan using pip:

					pip install njsscan



An example of how the tool works:

• Retire.js is a security tool used to detect vulnerable JavaScript libraries and frameworks in web applications. It scans the codebase for outdated and insecure versions of popular JavaScript dependencies that might have known security vulnerabilities.

  • Install “Retire.js” globally on your system using npm (Node Package Manager):

					npm install -g retire



  • Run the “Retire.js” security scanner:

					retire path/to/your/directory


An example of how the tool works:


SAST prompts are a promising tool for improving application security and code quality. They allow developers to fix vulnerabilities quickly and accurately, which affects the security of the software product as a whole. Despite the challenges to be overcome, SAST prompts continue to evolve and become more and more effective due to advances in technology and artificial intelligence. In the future, we can expect this innovative approach to software security to spread and improve.

Other Services

Ready to secure?

Let's get in touch