search

prayas7102 / NodejsSecurify

NodejsSecurify is an advanced npm package designed to enhance the security of Node.js applications. It provides a comprehensive set of security features and analysis capabilities to identify potential vulnerabilities and enforce best practices in accordance with OWASP guidelines.
https://www.npmjs.com/package/node-js-securify
MIT License
2 stars 3 forks source link

Organizing Vulnerability Detection Datasets into CSV Format for Improved Analysis #8

Open prayas7102 opened 4 days ago

prayas7102 commented 4 days ago

The vulnerability checks (to detect brute force attacks, validate inputs, identify insecure authentication, and analyze security headers) use a Naive Bayes Classifier, and the datasets for classification are stored in separate files. Each dataset consists of an array where 'code' contains a sample code snippet, and 'label' indicates whether the code is vulnerable (1) or not (0).

const dataset: DatasetSample[] = [
{
        'code': `const authLimiter = rateLimit({
            windowMs: 15 * 60 * 1000, // 15 minutes
            max: 5, // Limit each IP to 5 requests per windowMs
            message: 'Too many login attempts from this IP, please try again later.'
          });`,
        'label': 0
},
{
        'code': `app.get('/search', (req, res) => {
          const searchQuery = req.query.query;
          const sqlQuery = "SELECT * FROM products WHERE name LIKE %{searchQuery}";
          db.query(sqlQuery, (err, result) => {
            if (err) {
              res.status(500).send('Error executing the query');
            } else {
              res.json(result);
            }
          });
        });
        `,
        'label': 1,
}
]

To enhance navigation and analysis, we want to store these datasets in a CSV file format. This would allow for easier handling and organization of the data.

Files may be referred/altered for this change:

  1. DetectBruteForceAttack.ts
  2. DetectInputValidation.ts
  3. InsecureAuthentication.ts
  4. AnalyzeSecurityHeaders.ts

Make sure the end user/developer (who downloads the NPM package) is able to smoothly run the NPM package after these changes.

shashi-sah2003 commented 2 days ago

Hey @prayas7102 can you assign me this issue? thanks

prayas7102 commented 2 days ago

Hey @prayas7102 can you assign me this issue? thanks

Sure, go ahead !

prayas7102 commented 2 days ago

Hey @prayas7102 can you assign me this issue? thanks

Sure, go ahead !

Hey @shashi-sah2003 can you please look into this issue first: #7 ? It would be a good practice if we look into this issue after completing #7.

prayas7102 commented 1 day ago

Hey @shashi-sah2003 can you please look into this issue first: #7 ? It would be a good practice if we look into this issue after completing #7.

Hey @shashi-sah2003, someone else is looking into #7 issue, feel free to go with this issue. Good Luck !

shashi-sah2003 commented 8 hours ago

Hey @prayas7102 I have created a PR for this issue please review this at https://github.com/prayas7102/NodejsSecurify/pull/14