JetBrains’ Qodana code quality platform, which provides visualizations of code inspections and errors, has added taint analysis. The new feature defends programs against malicious inputs from external users, the company said.
Currently available in an early preview stage for PHP developers, taint analysis includes an inspection that scans code and highlights a taint and potential vulnerability. Developers can open the problem in JetBrains’ PhpStorm IDE for PHP to immediately address it. The IDE presents a dataflow graph of the taint flow, alerting developers to problematic areas. JetBrains promises taint analysis support for other languages in the near future.
Working with JetBrains IDEs but not requiring one, Qodana supports languages including Python, JavaScript, Go, Java, Kotlin, and PHP, as well as Microsoft’s .NET platform. All but Java and Kotlin are in an early access stage at the moment.
Qodana automates code quality checks and performs tasks such as spotting duplicates, possible bugs, formatting issues, and checks for adherence to other rules of the user’s choice. The same code inspections and profiles leveraged in JetBrains’ IDEs are used in Qodana. Developers can try Qodana locally or in the cloud. The platform can integrate with CI pipelines to enable early detection of defects.