Closed chetan251088 closed 6 months ago
I'm sorry to hear you're experiencing issues. The message you're seeing suggests that a file within the openalgo-main.zip download has been flagged by your antivirus as potentially dangerous. This could be a false positive, which sometimes occurs with legitimate files that antivirus software mistakenly identifies as harmful. To address this concern:
Ensure your antivirus is up to date: Sometimes antivirus software can mistakenly flag files based on outdated definitions.
Verify the source: Double-check that you downloaded the openalgo-main.zip file from the official repository or a trusted source.
Scan the specific app.js file: If you have the option, try scanning just the app.js file to see if it is the source of the alert.
Review the code: If you're familiar with JavaScript, review the code in app.js to ensure there's nothing unexpected or suspicious within it.
Submit for analysis: Consider submitting the file to your antivirus vendor for a more detailed analysis. They can confirm if the detection is a false positive.
Add an exception: If you're certain the file is safe, you can add an exception in your antivirus software to prevent the file from being flagged. However, please do this with caution and make sure that the file is absolutely safe before proceeding.
If you continue to have concerns or need further assistance, please let us know.
I also implemented Basic Security Check on Python Files on any vulnerabilities, implemented rate limiting to avoid abuse of application, login rate limit. Here are the Bandit logs. Iam also doing some basic security check and vulnerability fix if any in the js code as well.
PS C:\Users\Dell\OneDrive\Documents\Python\MyBridge> bandit -r .\openalgo\
[main] INFO profile include tests: None
[main] INFO profile exclude tests: None
[main] INFO cli include tests: None
[main] INFO cli exclude tests: None
[main] INFO running on Python 3.11.7
Run started:2024-03-13 06:46:30.739275
Test results:
No issues identified.
Code scanned:
Total lines of code: 1198
Total lines skipped (#nosec): 0
Run metrics:
Total issues (by severity):
Undefined: 0
Low: 0
Medium: 0
High: 0
Total issues (by confidence):
Undefined: 0
Low: 0
Medium: 0
High: 0
Files skipped (0):
Thanks for the response. As an alternative i just forked and ran the code directly in Codespaces and was able to get it up but i dont have Angel account to try more.
Iam working on integrated top 10 brokers. expected timeline is another 1 month from here I think will be above to prepare from base structure to onboard top brokers like zerodha, upstox, 5 paisa , icicidirect and few more.
Done Vulnerability check using synk.io able to fix most of the major issues and minor fix on the entire GitHub project. But it never highlighted app.js so I think it is mostly a false positive from the antivirus
Thank you and i am interested to see dhan and kotak neo in the list
when you try to download as a zip file windows scan shows app.js file as threat take a look at it.