CarGDev/CodeInjectionAssigment
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adding the project for code injection and XSS vulnerability testing

Browse Source 
This project is designed to help developers understand and mitigate code injection and XSS vulnerabilities. It includes a backend API and a frontend interface for testing various attack vectors in a controlled environment.
This commit is contained in:
Carlos
2026-02-01 19:57:08 -05:00
commit b374c3b93e
53 changed files with 9482 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
frontend/scripts/check-format.ts Normal file
View File

@@ -0,0 +1,23 @@
import { exec } from 'child_process';
import { promisify } from 'util';
import ora from 'ora';
const execPromise = promisify(exec);
async function run() {
const spinner = ora('Checking code formatting...').start();
try {
const { stdout } = await execPromise(
'npm run pretty-quick --check . --config .prettierrc'
);
spinner.succeed('Code formatting check passed.');
console.log(stdout);
} catch (error: any) {
spinner.fail('Code formatting check failed.');
console.error(error.message);
process.exit(1);
}
}
run();

156
frontend/scripts/commit-msg-linter.ts Normal file
View File

@@ -0,0 +1,156 @@
import { exec, execSync } from 'child_process';
import { promises as fs } from 'fs';
import chalk from 'chalk';
import ora from 'ora';
const commitTypes: Record<string, string> = {
feat: '✨',
fix: '🐛',
docs: '📚',
style: '🎨',
refactor: '🔨',
test: '✅',
chore: '🛠️',
perf: '⚡',
ci: '🔧',
build: '📦',
revert: '⏪',
};
const defaultEmoji = '🔖';
async function run(): Promise<void> {
const spinner = ora('Running custom commit message check...').start();
try {
console.log(chalk.blue('Running custom commit message check...'));
console.log();
const commitMsgFile = process.argv[2];
if (!commitMsgFile) {
spinner.fail('Error: Commit message file path not provided.');
console.error(chalk.red('Error: Commit message file path not provided.'));
process.exit(1);
}
const commitMsg = (await fs.readFile(commitMsgFile, 'utf8')).trim();
// Check for duplicate commit messages in the last 100 commits
const duplicateCommitMsg = execSync(`git log -n 100 --pretty=format:%s`)
.toString()
.split('\n');
// Extract emojis from commitTypes
const emojis = Object.values(commitTypes);
// Function to remove an emoji from the start of the string
const removeEmoji = (message: string): string => {
for (const emoji of emojis) {
if (message.startsWith(emoji)) {
return message.slice(emoji.length).trim();
}
}
if (message.startsWith(defaultEmoji)) {
return message.slice(defaultEmoji.length).trim();
}
return message;
};
const cleanMessages = duplicateCommitMsg.map(removeEmoji);
if (cleanMessages.includes(commitMsg)) {
spinner.fail(chalk.bold.red('Duplicate Commit Detected'));
console.log();
console.error(
chalk.white.bgRed.bold(' ERROR: ') +
chalk.redBright(' A duplicate commit message has been detected.')
);
console.log();
console.log(
chalk.yellowBright('TIP: ') +
chalk.white(' Please use a unique commit message to keep the history clean.')
);
console.log();
process.exit(1);
}
spinner.succeed('Message is not duplicated');
console.log(chalk.green('Message is not duplicated'));
console.log();
} catch (err) {
spinner.fail('Error running custom commit message check.');
console.error(chalk.red('Error:', err));
process.exit(1);
}
const spinner2 = ora('Running commitlint...').start();
try {
console.log(chalk.blue('Running commitlint...'));
console.log();
const commitMsgFile = process.argv[2];
if (!commitMsgFile) {
spinner2.fail('Error: Commit message file path not provided.');
console.error(chalk.red('Error: Commit message file path not provided.'));
process.exit(1);
}
const commitMsg = (await fs.readFile(commitMsgFile, 'utf8')).trim();
// Run commitlint
exec(
`npx commitlint --edit ${commitMsgFile}`,
async (error, stdout, stderr) => {
if (error) {
spinner2.fail('Commitlint check failed.');
console.error(chalk.red(stdout || stderr));
console.error(chalk.red('Commitlint check failed.'));
console.log();
console.error(
chalk.yellow('Hint: Commit message should follow the Conventional Commits standard.')
);
console.error(chalk.yellow('See: https://www.conventionalcommits.org/en/v1.0.0/'));
console.error(chalk.yellow('Examples:'));
console.error(chalk.yellow(' feat: add a new feature'));
console.error(chalk.yellow(' fix: fix a bug'));
console.error(chalk.yellow(' docs: update documentation'));
process.exit(1);
} else {
spinner2.succeed('Commitlint check passed.');
console.log(chalk.green('Commitlint check passed.'));
console.log(chalk.green(stdout));
// Add emoji to the commit message
const commitRegex = /^(feat|fix|docs|style|refactor|test|chore|perf|ci|build|revert)(\(.+\))?:\s.+/;
const match = commitMsg.match(commitRegex);
if (match) {
const commitType = match[1];
const emoji = commitTypes[commitType] || defaultEmoji;
const newCommitMsg = `${emoji} ${commitMsg}`;
await fs.writeFile(commitMsgFile, newCommitMsg + '\n', 'utf8');
console.log(chalk.green('Commit message updated with emoji:'), newCommitMsg);
} else {
const newCommitMsg = `${defaultEmoji} ${commitMsg}`;
await fs.writeFile(commitMsgFile, newCommitMsg + '\n', 'utf8');
console.log(
chalk.yellow('Commit message did not match expected format, added default emoji:'),
newCommitMsg
);
}
process.exit(0);
}
}
);
} catch (err) {
spinner2.fail('Error running commitlint.');
console.error(chalk.red('Error:', err));
process.exit(1);
}
}
run();

42
frontend/scripts/lint-check.ts Normal file
View File

@@ -0,0 +1,42 @@
import { exec } from 'child_process';
import chalk from 'chalk';
import ora from 'ora';
async function runCommand(command: string, description: string): Promise<void> {
const spinner = ora(`Running ${description}...`).start();
return new Promise((resolve, reject) => {
exec(command, (error, stdout, stderr) => {
if (error) {
spinner.fail(`${description} failed.`);
console.error(chalk.red(`${description} failed.`));
console.error(chalk.red(stderr));
reject(new Error(stderr));
} else {
spinner.succeed(`${description} passed.`);
console.log(chalk.green(`${description} passed.`));
console.log(stdout);
resolve();
}
});
});
}
async function runLint(): Promise<void> {
try {
await runCommand('npm run lint:prettier', 'Prettier check');
console.log(chalk.green('All checks passed.'));
process.exit(0);
} catch (err) {
console.error(chalk.red('Lint checks failed.'));
console.error(chalk.red('Please fix the issues above and try again.'));
console.error(
chalk.yellow(
`Hint: You can run ${chalk.cyan('npm run prettier')} to automatically format your code.`
)
);
process.exit(1);
}
}
runLint();

47
frontend/scripts/prettier-commit.ts Normal file
View File

@@ -0,0 +1,47 @@
import { execSync } from 'child_process';
import ora from 'ora';
async function run(): Promise<void> {
const spinner = ora('Running Prettier...').start();
try {
// Run Prettier
execSync('npm run prettier', { stdio: 'inherit' });
spinner.succeed('Prettier has formatted the files.');
// Check for changes
spinner.start('Checking for changes...');
const changes = execSync('git status --porcelain', { encoding: 'utf-8' });
if (changes) {
spinner.succeed('Changes detected.');
// Read the latest commit message to ensure uniqueness
const latestCommitMessage = execSync(`git log -n 100 --pretty=format:%s`)
.toString()
.split('\n');
// Generate a unique commit message
let commitMessage = 'style: format with prettier';
if (latestCommitMessage.includes(commitMessage)) {
commitMessage = `style: format with prettier ${Date.now()}`;
}
// Add and commit changes
spinner.start('Adding changes to Git...');
execSync('git add .', { stdio: 'inherit' });
spinner.succeed('Changes added to Git.');
spinner.start('Committing changes...');
execSync(`git commit -m "${commitMessage}"`, { stdio: 'inherit' });
spinner.succeed('Changes committed.');
} else {
spinner.info('No changes detected by Prettier.');
}
} catch (error) {
spinner.fail('An error occurred while running Prettier.');
console.error(error);
process.exit(1);
}
}
run();