# Secure Software Development Code Injection and XSS practices

This project is with aiming to help developers understand and mitigate code injection and cross-site scripting (XSS) vulnerabilities in their applications. It provides best practices, examples, and tools to enhance the security of software development.

## Project Structure

```
.
├── backend
│   └── src
│       ├── api
│       │   ├── controller
│       │   │   ├── controller.js
│       │   │   └── secureController.js
│       │   └── network
│       │       ├── network.js
│       │       └── secureNetwork.js
│       ├── config
│       │   └── config.js
│       ├── index.js
│       ├── query
│       │   ├── database.js
│       │   └── secureDatabase.js
│       └── routes
│           └── routes.js
├── frontend
│   ├── index.html
│   ├── src
│   │   ├── api
│   │   │   ├── auth.ts
│   │   │   └── playground.ts
│   │   ├── App.tsx
│   │   ├── assets
│   │   │   └── logo.png
│   │   ├── components
│   │   │   ├── atoms
│   │   │   │   ├── InputField.tsx
│   │   │   │   ├── PasswordField.tsx
│   │   │   │   └── SubmitButton.tsx
│   │   │   ├── molecules
│   │   │   │   ├── EvalPlayground.tsx
│   │   │   │   └── LoginFormFields.tsx
│   │   │   ├── organisms
│   │   │   │   └── LoginForm.tsx
│   │   │   └── pages
│   │   │       ├── CodePlayground.tsx
│   │   │       ├── Header.tsx
│   │   │       └── Login.tsx
│   │   ├── constants
│   │   │   └── app.ts
│   │   ├── interfaces
│   │   │   ├── auth.ts
│   │   │   └── playground.ts
│   │   ├── main.tsx
│   │   ├── styles
│   │   │   ├── App.module.scss
│   │   │   ├── Header.module.scss
│   │   │   └── Login.module.scss
└── └── └── vite-env.d.ts
```

## Endpoints

The backend exposes the following endpoints:

| Method | Endpoint                                      | Description                        |
|--------|-----------------------------------------------|------------------------------------|
| GET | / | Home endpoint                      |
| POST | /api/login | SQL Injection vulnerable login endpoint |
| POST | /api/secure/login | Secure login endpoint preventing SQL Injection |
| POST | /api/execute | eval() vulnerable code execution endpoint |
| POST | /api/secure/execute | Secure code execution endpoint preventing code injection |


## Getting Started

### Prerequisites

- Node.js
- npm or yarn
- A database (PostgreSQL)

### Installation

1. Clone the repository:
   ```bash
   git clone https://github.com/CarGDev/CodeInjectionAssigment
    cd CodeInjectionAssigment
    ```

2. Install backend dependencies:
    ```bash
    cd backend
    npm install
    ```

3. Install frontend dependencies:
    ```bash
    cd ../frontend
    npm install
    ```

### Running the Application

1. Start the backend server:
   ```bash
   cd backend
   npm run dev
   ```

2. Start the frontend development server:
   ```bash
    cd ../frontend
    npm run dev
    ```

3. Open your browser and navigate to `http://localhost:5173` to access the application.


## Security Practices

The project implements the following security practices to mitigate code injection and XSS vulnerabilities:

- **Parameterized Queries**: All database queries use parameterized statements to prevent SQL injection attacks.
- **Input Validation and Sanitization**: User inputs are validated and sanitized to ensure they do not contain malicious code.
- **Avoiding eval()**: The playground feature is sanitized to prevent the execution of arbitrary code.