CarGDev/CodeInjectionAssigment
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bc68ecff153f2135cb152ce6fd3287deef55f6c6
CodeInjectionAssigment/README.md
Carlos Gutierrez bc68ecff15 Fixing readme
2026-02-01 19:58:43 -05:00

4.2 KiB
Raw Blame History

Secure Software Development Code Injection and XSS practices

This project is with aiming to help developers understand and mitigate code injection and cross-site scripting (XSS) vulnerabilities in their applications. It provides best practices, examples, and tools to enhance the security of software development.

Project Structure

.
├── backend
│   └── src
│       ├── api
│       │   ├── controller
│       │   │   ├── controller.js
│       │   │   └── secureController.js
│       │   └── network
│       │       ├── network.js
│       │       └── secureNetwork.js
│       ├── config
│       │   └── config.js
│       ├── index.js
│       ├── query
│       │   ├── database.js
│       │   └── secureDatabase.js
│       └── routes
│           └── routes.js
├── frontend
│   ├── index.html
│   ├── src
│   │   ├── api
│   │   │   ├── auth.ts
│   │   │   └── playground.ts
│   │   ├── App.tsx
│   │   ├── assets
│   │   │   └── logo.png
│   │   ├── components
│   │   │   ├── atoms
│   │   │   │   ├── InputField.tsx
│   │   │   │   ├── PasswordField.tsx
│   │   │   │   └── SubmitButton.tsx
│   │   │   ├── molecules
│   │   │   │   ├── EvalPlayground.tsx
│   │   │   │   └── LoginFormFields.tsx
│   │   │   ├── organisms
│   │   │   │   └── LoginForm.tsx
│   │   │   └── pages
│   │   │       ├── CodePlayground.tsx
│   │   │       ├── Header.tsx
│   │   │       └── Login.tsx
│   │   ├── constants
│   │   │   └── app.ts
│   │   ├── interfaces
│   │   │   ├── auth.ts
│   │   │   └── playground.ts
│   │   ├── main.tsx
│   │   ├── styles
│   │   │   ├── App.module.scss
│   │   │   ├── Header.module.scss
│   │   │   └── Login.module.scss
└── └── └── vite-env.d.ts

Endpoints

The backend exposes the following endpoints:

Method Endpoint Description
GET / Home endpoint
POST /api/login SQL Injection vulnerable login endpoint
POST /api/secure/login Secure login endpoint preventing SQL Injection
POST /api/execute eval() vulnerable code execution endpoint
POST /api/secure/execute Secure code execution endpoint preventing code injection

Getting Started

Prerequisites

  • Node.js
  • npm or yarn
  • A database (PostgreSQL)

Installation

  1. Clone the repository:

    git clone https://github.com/CarGDev/CodeInjectionAssigment
 cd CodeInjectionAssigment

  2. Install backend dependencies:

    cd backend
npm install

  3. Install frontend dependencies:

    cd ../frontend
npm install

Running the Application

  1. Start the backend server:

    cd backend
npm run dev

  2. Start the frontend development server:

     cd ../frontend
 npm run dev

  3. Open your browser and navigate to http://localhost:5173 to access the application.

Security Practices

The project implements the following security practices to mitigate code injection and XSS vulnerabilities:

  • Parameterized Queries: All database queries use parameterized statements to prevent SQL injection attacks.
  • Input Validation and Sanitization: User inputs are validated and sanitized to ensure they do not contain malicious code.
  • Avoiding eval(): The playground feature is sanitized to prevent the execution of arbitrary code.
Reference in New Issue View Git Blame Copy Permalink