CarGDev/CodeInjectionAssigment
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b374c3b93e95241cef09caf28ab2eb7d0d9104d1
CodeInjectionAssigment/README.md
Carlos Gutierrez b374c3b93e Adding the project for code injection and XSS vulnerability testing 
This project is designed to help developers understand and mitigate code injection and XSS vulnerabilities. It includes a backend API and a frontend interface for testing various attack vectors in a controlled environment.
2026-02-01 19:57:08 -05:00

126 lines
4.2 KiB
Markdown
Raw Blame History

# Secure Software Development Code Injection and XSS practices
This project is with aiming to help developers understand and mitigate code injection and cross-site scripting (XSS) vulnerabilities in their applications. It provides best practices, examples, and tools to enhance the security of software development.
## Project Structure
.
├── backend
│   └── src
│   ├── api
│   │   ├── controller
│   │   │   ├── controller.js
│   │   │   └── secureController.js
│   │   └── network
│   │   ├── network.js
│   │   └── secureNetwork.js
│   ├── config
│   │   └── config.js
│   ├── index.js
│   ├── query
│   │   ├── database.js
│   │   └── secureDatabase.js
│   └── routes
│   └── routes.js
├── frontend
│   ├── index.html
│   ├── src
│   │   ├── api
│   │   │   ├── auth.ts
│   │   │   └── playground.ts
│   │   ├── App.tsx
│   │   ├── assets
│   │   │   └── logo.png
│   │   ├── components
│   │   │   ├── atoms
│   │   │   │   ├── InputField.tsx
│   │   │   │   ├── PasswordField.tsx
│   │   │   │   └── SubmitButton.tsx
│   │   │   ├── molecules
│   │   │   │   ├── EvalPlayground.tsx
│   │   │   │   └── LoginFormFields.tsx
│   │   │   ├── organisms
│   │   │   │   └── LoginForm.tsx
│   │   │   └── pages
│   │   │   ├── CodePlayground.tsx
│   │   │   ├── Header.tsx
│   │   │   └── Login.tsx
│   │   ├── constants
│   │   │   └── app.ts
│   │   ├── interfaces
│   │   │   ├── auth.ts
│   │   │   └── playground.ts
│   │   ├── main.tsx
│   │   ├── styles
│   │   │   ├── App.module.scss
│   │   │   ├── Header.module.scss
│   │   │   └── Login.module.scss
└── └── └── vite-env.d.ts
## Endpoints
The backend exposes the following endpoints:
| Method | Endpoint | Description |
|--------|-----------------------------------------------|------------------------------------|
| GET | / | Home endpoint |
| POST | /api/login | SQL Injection vulnerable login endpoint |
| POST | /api/secure/login | Secure login endpoint preventing SQL Injection |
| POST | /api/execute | eval() vulnerable code execution endpoint |
| POST | /api/secure/execute | Secure code execution endpoint preventing code injection |
## Getting Started
### Prerequisites
- Node.js
- npm or yarn
- A database (PostgreSQL)
### Installation
1. Clone the repository:
```bash
git clone https://github.com/CarGDev/CodeInjectionAssigment
cd CodeInjectionAssigment
```
2. Install backend dependencies:
```bash
cd backend
npm install
```
3. Install frontend dependencies:
```bash
cd ../frontend
npm install
```
### Running the Application
1. Start the backend server:
```bash
cd backend
npm run dev
```
2. Start the frontend development server:
```bash
cd ../frontend
npm run dev
```
3. Open your browser and navigate to `http://localhost:5173` to access the application.
## Security Practices
The project implements the following security practices to mitigate code injection and XSS vulnerabilities:
- **Parameterized Queries**: All database queries use parameterized statements to prevent SQL injection attacks.
- **Input Validation and Sanitization**: User inputs are validated and sanitized to ensure they do not contain malicious code.
- **Avoiding eval()**: The playground feature is sanitized to prevent the execution of arbitrary code.
Reference in New Issue View Git Blame Copy Permalink