內容簡介
概要:Sajjetti – AI Audit 是針對 WordPress 外掛和主題的安全優先程式碼掃描工具。它進行 PHP、HTML、CSS 和 JS 檔案的靜態分析,以在風險成真之前檢測漏洞、效能問題和程式碼標準問題。
問題與答案:
1. Sajjetti - AI Audit 主要用途是什麼?
- 回答:用於掃描 WordPress 外掛和主題的程式碼,進行靜態分析以偵測漏洞、效能問題和程式碼標準問題。
2. 使用 Sajjetti - AI Audit 時,哪些隱私設計特點?
- 回答:
- 網站所有者需手動觸發掃描,沒有自動運行。
- 檔案進行靜態分析,不會執行。
- 遠端分析預設關閉,直到在設置中明確啟用「允許遠端分析」。
- 啟用時,選定的檔案內容透過 HTTPS 安全傳送至 Sajjetti API 進行分析。分析數據暫時存儲,當結果返回後會刪除。
3. Sajjetti - AI Audit 能幫助找到什麼問題?
- 回答:
- 安全問題:未經轉義的輸出、缺少非檢查和能力檢查、不安全的檔案操作、風險的 SQL 模式等常見漏洞。
- 效能問題:昂貴的迴圈、大型查詢、超大資產和拖慢頁面載入的效率低落的模式。
- 程式碼品質和相容性:過時的 API、特定版本的潛在問題和與 WordPress 編碼標準的衝突。
外掛標籤
開發者團隊
原文外掛簡介
Sajjetti – AI Audit is a security-first code scanner for WordPress plugins and themes.
It performs static analysis of PHP, HTML, CSS, and JS files to detect vulnerabilities,
performance issues, and coding standard problems before they become real risks.
Privacy by design
– Nothing runs automatically; all scans are triggered manually by the site owner.
– Files are analyzed statically — never executed.
– Remote analysis is disabled by default. No code leaves your site until you explicitly enable “Allow remote analysis” in Settings.
– When enabled, selected file contents are sent securely over HTTPS to the Sajjetti API. Analysis data is temporary and discarded after results are returned.
– Complies with WordPress.org privacy and consent guidelines.
What it helps you find
– Security: unescaped output, missing nonces and capability checks, unsafe file operations, risky SQL patterns, and other common vulnerabilities.
– Performance: expensive loops, heavy queries, oversized assets, and inefficient patterns that slow down page loads.
– Code quality and compatibility: deprecated APIs, version-specific pitfalls, and conflicts with WordPress coding standards.
Optional AI assistance
When remote analysis is enabled, the Sajjetti API provides AI-powered suggestions with context-specific recommendations.
Results are presented with file-by-file drill-down, risk levels, and actionable insights. Human review is always recommended before making changes.
Key Features
Detects vulnerabilities, warnings, and performance issues
Provides optional AI-assisted analysis with actionable suggestions
Offers file-by-file drill-down and detailed reports
Built with a security-first design, including VIP-compliant validation and sanitization
Security Considerations
All scans are user-initiated; nothing runs automatically.
File contents are analyzed statically (never executed).
REST endpoints require capability checks and nonces.
All external requests use HTTPS with nonce and referer validation.
Uninstall removes plugin data (options and tables) cleanly.
All user-facing strings are escaped and translatable.
Pricing and API Access
The plugin includes a small allowance of free scans.
Additional scans require an API key, available through a paid subscription.
Privacy
When you initiate a scan with remote analysis enabled, this plugin may transmit selected file contents (Base64-encoded PHP, HTML, CSS, and JS), limited file metadata (filename, relative path, size, cryptographic hash such as SHA-256), your site IP address and URL (for license validation), and your Sajjetti API username to the Sajjetti API for static analysis. No WordPress user account data, passwords, or database content is transmitted or stored. Temporary analysis data is deleted after results are returned. For details, see the included privacy.md file.
Remote analysis is disabled by default. Scans cannot start until the site owner explicitly enables Allow remote analysis in Settings.
External services
This plugin connects to the Sajjetti Hub API (https://sajjetti.ai) to validate license status,
manage usage limits, upload code snippets for analysis, and fetch audit results.
Data sent:
– License key and username when validating or checking usage.
– Website URL and IP address when validating usage.
– Selected PHP/JS/CSS source files when submitting for auditing.
Data returned:
– License type and remaining file quota.
– Audit results (security, performance, and code quality insights).
Legal & Privacy:
– Terms of Service: https://sajjetti.ai/terms-of-service/
– Privacy Policy: https://sajjetti.ai/privacy-policy/
