search

marketcalls / openalgo

Open Source Algo Trading Platform for Everyone
https://docs.openalgo.in
GNU Affero General Public License v3.0
116 stars 48 forks source link

download issue #2

Closed chetan251088 closed 6 months ago

chetan251088 commented 6 months ago

when you try to download as a zip file windows scan shows app.js file as threat take a look at it. image

marketcalls commented 6 months ago

I'm sorry to hear you're experiencing issues. The message you're seeing suggests that a file within the openalgo-main.zip download has been flagged by your antivirus as potentially dangerous. This could be a false positive, which sometimes occurs with legitimate files that antivirus software mistakenly identifies as harmful. To address this concern:

Ensure your antivirus is up to date: Sometimes antivirus software can mistakenly flag files based on outdated definitions.

Verify the source: Double-check that you downloaded the openalgo-main.zip file from the official repository or a trusted source.

Scan the specific app.js file: If you have the option, try scanning just the app.js file to see if it is the source of the alert.

Review the code: If you're familiar with JavaScript, review the code in app.js to ensure there's nothing unexpected or suspicious within it.

Submit for analysis: Consider submitting the file to your antivirus vendor for a more detailed analysis. They can confirm if the detection is a false positive.

Add an exception: If you're certain the file is safe, you can add an exception in your antivirus software to prevent the file from being flagged. However, please do this with caution and make sure that the file is absolutely safe before proceeding.

If you continue to have concerns or need further assistance, please let us know.

marketcalls commented 6 months ago

I also implemented Basic Security Check on Python Files on any vulnerabilities, implemented rate limiting to avoid abuse of application, login rate limit. Here are the Bandit logs. Iam also doing some basic security check and vulnerability fix if any in the js code as well.

image

PS C:\Users\Dell\OneDrive\Documents\Python\MyBridge> bandit -r .\openalgo\
[main]  INFO    profile include tests: None
[main]  INFO    profile exclude tests: None
[main]  INFO    cli include tests: None
[main]  INFO    cli exclude tests: None
[main]  INFO    running on Python 3.11.7
Run started:2024-03-13 06:46:30.739275

Test results:
        No issues identified.

Code scanned:
        Total lines of code: 1198
        Total lines skipped (#nosec): 0

Run metrics:
        Total issues (by severity):
                Undefined: 0
                Low: 0
                Medium: 0
                High: 0
        Total issues (by confidence):
                Undefined: 0
                Low: 0
                Medium: 0
                High: 0
Files skipped (0):
chetan251088 commented 6 months ago

Thanks for the response. As an alternative i just forked and ran the code directly in Codespaces and was able to get it up but i dont have Angel account to try more.

marketcalls commented 6 months ago

Iam working on integrated top 10 brokers. expected timeline is another 1 month from here I think will be above to prepare from base structure to onboard top brokers like zerodha, upstox, 5 paisa , icicidirect and few more.

marketcalls commented 6 months ago

Done Vulnerability check using synk.io able to fix most of the major issues and minor fix on the entire GitHub project. But it never highlighted app.js so I think it is mostly a false positive from the antivirus

image

chetan251088 commented 6 months ago

Thank you and i am interested to see dhan and kotak neo in the list