CarGDev/CodeInjectionAssigment
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2 Commits 1 Branch 0 Tags
master
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Secure Software Development Code Injection and XSS practices

This project is with aiming to help developers understand and mitigate code injection and cross-site scripting (XSS) vulnerabilities in their applications. It provides best practices, examples, and tools to enhance the security of software development.

Project Structure

.
├── backend
│   └── src
│       ├── api
│       │   ├── controller
│       │   │   ├── controller.js
│       │   │   └── secureController.js
│       │   └── network
│       │       ├── network.js
│       │       └── secureNetwork.js
│       ├── config
│       │   └── config.js
│       ├── index.js
│       ├── query
│       │   ├── database.js
│       │   └── secureDatabase.js
│       └── routes
│           └── routes.js
├── frontend
│   ├── index.html
│   ├── src
│   │   ├── api
│   │   │   ├── auth.ts
│   │   │   └── playground.ts
│   │   ├── App.tsx
│   │   ├── assets
│   │   │   └── logo.png
│   │   ├── components
│   │   │   ├── atoms
│   │   │   │   ├── InputField.tsx
│   │   │   │   ├── PasswordField.tsx
│   │   │   │   └── SubmitButton.tsx
│   │   │   ├── molecules
│   │   │   │   ├── EvalPlayground.tsx
│   │   │   │   └── LoginFormFields.tsx
│   │   │   ├── organisms
│   │   │   │   └── LoginForm.tsx
│   │   │   └── pages
│   │   │       ├── CodePlayground.tsx
│   │   │       ├── Header.tsx
│   │   │       └── Login.tsx
│   │   ├── constants
│   │   │   └── app.ts
│   │   ├── interfaces
│   │   │   ├── auth.ts
│   │   │   └── playground.ts
│   │   ├── main.tsx
│   │   ├── styles
│   │   │   ├── App.module.scss
│   │   │   ├── Header.module.scss
│   │   │   └── Login.module.scss
└── └── └── vite-env.d.ts

Endpoints

The backend exposes the following endpoints:

Method Endpoint Description
GET / Home endpoint
POST /api/login SQL Injection vulnerable login endpoint
POST /api/secure/login Secure login endpoint preventing SQL Injection
POST /api/execute eval() vulnerable code execution endpoint
POST /api/secure/execute Secure code execution endpoint preventing code injection

Getting Started

Prerequisites

  • Node.js
  • npm or yarn
  • A database (PostgreSQL)

Installation

  1. Clone the repository:

    git clone https://github.com/CarGDev/CodeInjectionAssigment
 cd CodeInjectionAssigment

  2. Install backend dependencies:

    cd backend
npm install

  3. Install frontend dependencies:

    cd ../frontend
npm install

Running the Application

  1. Start the backend server:

    cd backend
npm run dev

  2. Start the frontend development server:

     cd ../frontend
 npm run dev

  3. Open your browser and navigate to http://localhost:5173 to access the application.

Security Practices

The project implements the following security practices to mitigate code injection and XSS vulnerabilities:

  • Parameterized Queries: All database queries use parameterized statements to prevent SQL injection attacks.
  • Input Validation and Sanitization: User inputs are validated and sanitized to ensure they do not contain malicious code.
  • Avoiding eval(): The playground feature is sanitized to prevent the execution of arbitrary code.
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme MIT 626 KiB
Languages
TypeScript 63.9%
JavaScript 28.5%
SCSS 6.5%
HTML 1.1%