• author: IppSec

Customizing Parrot OS with Ansible: Installing Visual Studio Code and Plugins

In this second video of our customizing Parrot OS with Ansible series, we will be focusing on installing and customizing the integrated development environment (IDE), mainly Visual Studio Code. We will also be installing a few plugins, including the GitHub and Sneak plugins.

Before we begin, please note that this video is sponsored by Sneak, a security platform that scans your code dependencies and containers to find vulnerabilities and fix them in real time. If you're new to Sneak, please visit sneak.co/ipsec to support this video.

Why Use Visual Studio Code?

While some developers may prefer using Codium, it's worth noting that it's a fork of Visual Studio Code that removes all telemetry. While this may be appealing to some, it also means that you won't be able to use certain extensions, such as GitHub Co-pilot, without giving telemetry to Microsoft. Despite this, we believe that the benefits of using Visual Studio Code, such as access to a wider variety of extensions, outweigh the disadvantage of telemetry.

Installing Visual Studio Code and Plugins with Ansible

Instead of going to the Microsoft website, we will be using Ansible to install Visual Studio Code. First, we'll need to install the Visual Studio Code role from Ansible Galaxy. To do this, we can use the following command:

ansible-galaxy install -r requirements.yaml

Make sure to create a requirements.yaml file with the following contents:

- src: geerlingguy.visual-studio-code

To use this role in our playbook, we can simply add the following lines:

- name: Install Visual Studio Code
  hosts: all
    - geerlingguy.visual-studio-code
      - username: "{{ ansible_user_id }}"
          - Github.github-vscode-theme
          - ms-python.python
          - ms-azuretools.vscode-docker
          - shd101wyy.markdown-preview-enhanced

These lines will install Visual Studio Code and several plugins, including the GitHub plugin, the Python plugin, the Docker plugin, and the Markdown Preview Enhanced plugin. Please note that we are installing these plugins using their names on the Visual Studio Code Marketplace.

Using GitHub Co-pilot and Sneak

Once you have installed Visual Studio Code, you can install the GitHub Co-pilot extension from the Visual Studio Code Marketplace. Simply search for "GitHub Co-pilot" and click "Install". You will need to sign in to your GitHub account to use this extension.

If you haven't already, please visit sneak.co/ipsec to support this video and install the Sneak plugin. Sneak is a powerful tool that scans your code for vulnerabilities and provides real-time security fixes. To install the Sneak plugin, simply search for "Sneak" in the Visual Studio Code Marketplace and click "Install". You will need to sign in to your Sneak account to use this extension.

Using Copilot and Sneak for Faster, More Secure Coding

When it comes to coding, finding solutions to everyday problems can often be time-consuming. However, with the help of tools like Copilot and Sneak, developers can speed things up and boost security at the same time. Let's take a closer look at how these tools can help improve coding productivity.

Using Copilot for Faster Problem-Solving

Copilot is an AI-powered tool that can help simplify the coding process. It works by analyzing your code and providing suggestions for how to complete specific tasks.

One of the benefits of Copilot is that it can help you find solutions to common problems without having to rely on resources like Stack Overflow. For example, if you want to print "hello world," Copilot will make a recommendation for how to do it.

In addition to addressing simple tasks, Copilot can also help with more complex projects. For example, if you want to make a web request to Google.com, you can import requests and use Copilot to write the code for you. It can even show you how to use cookies in your code.

Another advantage of Copilot is that it can be used within an IDE like Visual Studio code. This makes it easier for developers to debug and step through code as needed.

Improving Security with Sneak

Sneak is a tool that can help ensure that your code is secure. It works by scanning your code for vulnerabilities and offering recommendations for addressing them.

To start, you can download source code from a machine you want to scan. Then, you can install the Sneak extension for Visual Studio code. This allows you to scan your code directly within your IDE.

Sneak scans your code for vulnerabilities by analyzing the packages listed in your project's composer file. If it finds any vulnerabilities, it will provide details on the issue and offer suggestions for addressing it.

For example, if you have unsanitized input from an HTTP request body, Sneak will highlight the issue and show you where it's generating the file. It will also offer examples of other projects that have addressed similar vulnerabilities.

Secure Your Code with Sneak and Copilot

If you're an aspiring developer or just someone who wants to improve your coding skills, you need to know how to secure your code. By using Sneak and Copilot, you can easily identify vulnerabilities in your code and make the necessary fixes to ensure that your application is secure.

Identifying Vulnerabilities

When using Sneak and Copilot, one of the main goals is to identify vulnerabilities in your code and fix them. One way to do this is by checking how your application grabs data from the PHP session. It's essential to call the remove special characters function to prevent exploitation.

To identify the function that needs fixing, follow these steps:

  1. Click on Regenerate user VPN to see the references.
  2. Regenerate user VPN is called from API V1 user VPN generate.
  3. Admin VPN is called from API V1 admin VPN generate.

When an admin generates a VPN, there is no sanitization in place, and we call user VPN and go straight to exec. As a result, two vulnerabilities are created. However, by including sanitization before calling regenerate user and shell exec, the vulnerability can be entirely fixed.

Cleaning Up Your Code

You can use Sneak and Copilot to clean up your code by identifying unreachable code. The main idea is to remove the exit lines because a return line exists just before it. Doing this will result in cleaner code.

  1. Identify the unreachable code.
  2. Remove the exit lines.
  3. Save and rerun your file.

By following these steps, you'll have significantly less unreachable code, resulting in cleaner code.

Adding Features

Sneak and Copilot can also help you add features to your code. For example, you can create a new route to delete a user VPN. Here's how to do it:

  1. Create a delete admin VPN function and pass it the router.
  2. Make sure the user is logged in and is an admin.
  3. Retrieve the username and encode it in JSON.
  4. Unlink the file if it exists.

Though you may need to debug the code, Copilot provides you with the necessary functions to get you started.

In this article, we have covered how to install visual studio code and several plugins using ansible, as well as how to install the github co-pilot and sneak plugins. we hope that you find this article helpful in customizing your parrot os build with ansible. please stay tuned for the next video in our series!
When used together, copilot and sneak can help developers write better, more secure code more quickly. copilot provides suggestions for how to solve coding problems, while sneak helps ensure that your code is free of vulnerabilities. by utilizing these tools, developers can work more efficiently and with greater confidence in their code's security.

By using Sneak and Copilot, you can significantly improve the security of your code. We covered how to identify vulnerabilities, clean up your code, and add new features with the help of Copilot. Remember to use Sneak before starting your projects to ensure that you have a secure application from the get-go.

Previous Post

Customizing Your Hack the Box Paired Edition with Ansible: Part 3

Next Post

How to Install and Use Parrot Hack the Box Edition

About The auther

New Posts

Popular Post