Adding the project for code injection and XSS vulnerability testing

This project is designed to help developers understand and mitigate code injection and XSS vulnerabilities. It includes a backend API and a frontend interface for testing various attack vectors in a controlled environment.
2026-02-01 19:57:08 -05:00
commit b374c3b93e
53 changed files with 9482 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,125 @@
+# Secure Software Development Code Injection and XSS practices
+
+This project is with aiming to help developers understand and mitigate code injection and cross-site scripting (XSS) vulnerabilities in their applications. It provides best practices, examples, and tools to enhance the security of software development.
+
+## Project Structure
+
+.
+├── backend
+│   └── src
+│       ├── api
+│       │   ├── controller
+│       │   │   ├── controller.js
+│       │   │   └── secureController.js
+│       │   └── network
+│       │       ├── network.js
+│       │       └── secureNetwork.js
+│       ├── config
+│       │   └── config.js
+│       ├── index.js
+│       ├── query
+│       │   ├── database.js
+│       │   └── secureDatabase.js
+│       └── routes
+│           └── routes.js
+├── frontend
+│   ├── index.html
+│   ├── src
+│   │   ├── api
+│   │   │   ├── auth.ts
+│   │   │   └── playground.ts
+│   │   ├── App.tsx
+│   │   ├── assets
+│   │   │   └── logo.png
+│   │   ├── components
+│   │   │   ├── atoms
+│   │   │   │   ├── InputField.tsx
+│   │   │   │   ├── PasswordField.tsx
+│   │   │   │   └── SubmitButton.tsx
+│   │   │   ├── molecules
+│   │   │   │   ├── EvalPlayground.tsx
+│   │   │   │   └── LoginFormFields.tsx
+│   │   │   ├── organisms
+│   │   │   │   └── LoginForm.tsx
+│   │   │   └── pages
+│   │   │       ├── CodePlayground.tsx
+│   │   │       ├── Header.tsx
+│   │   │       └── Login.tsx
+│   │   ├── constants
+│   │   │   └── app.ts
+│   │   ├── interfaces
+│   │   │   ├── auth.ts
+│   │   │   └── playground.ts
+│   │   ├── main.tsx
+│   │   ├── styles
+│   │   │   ├── App.module.scss
+│   │   │   ├── Header.module.scss
+│   │   │   └── Login.module.scss
+└── └── └── vite-env.d.ts
+
+## Endpoints
+
+The backend exposes the following endpoints:
+
+| Method | Endpoint                                      | Description                        |
+|--------|-----------------------------------------------|------------------------------------|
+| GET | / | Home endpoint                      |
+| POST | /api/login | SQL Injection vulnerable login endpoint |
+| POST | /api/secure/login | Secure login endpoint preventing SQL Injection |
+| POST | /api/execute | eval() vulnerable code execution endpoint |
+| POST | /api/secure/execute | Secure code execution endpoint preventing code injection |
+
+
+## Getting Started
+
+### Prerequisites
+
+- Node.js
+- npm or yarn
+- A database (PostgreSQL)
+
+### Installation
+
+1. Clone the repository:
+   ```bash
+   git clone https://github.com/CarGDev/CodeInjectionAssigment
+    cd CodeInjectionAssigment
+    ```
+
+2. Install backend dependencies:
+    ```bash
+    cd backend
+    npm install
+    ```
+
+3. Install frontend dependencies:
+    ```bash
+    cd ../frontend
+    npm install
+    ```
+
+### Running the Application
+
+1. Start the backend server:
+   ```bash
+   cd backend
+   npm run dev
+   ```
+
+2. Start the frontend development server:
+   ```bash
+    cd ../frontend
+    npm run dev
+    ```
+
+3. Open your browser and navigate to `http://localhost:5173` to access the application.
+
+
+## Security Practices
+
+The project implements the following security practices to mitigate code injection and XSS vulnerabilities:
+
+- **Parameterized Queries**: All database queries use parameterized statements to prevent SQL injection attacks.
+- **Input Validation and Sanitization**: User inputs are validated and sanitized to ensure they do not contain malicious code.
+- **Avoiding eval()**: The playground feature is sanitized to prevent the execution of arbitrary code.
+