search

prayas7102 / NodejsSecurify

NodejsSecurify is an advanced NPM package designed to enhance the security of Node.js applications using AI/ML models. It provides a comprehensive set of security features and analysis capabilities to identify potential vulnerabilities and enforce best practices in accordance with OWASP guidelines.
https://www.npmjs.com/package/node-js-securify
MIT License
5 stars 6 forks source link

Limitation of Naive Bayes Classifier in Pinpointing Vulnerabilities in JavaScript Files #9

Open prayas7102 opened 1 week ago

prayas7102 commented 1 week ago

While utilizing the Naive Bayes classifier to detect brute force attacks, validate inputs, identify insecure authentication, and analyze security headers, the model is unable to pinpoint the exact line of code in the test JavaScript file where the vulnerability exists. This is unlike cases such as detecting callback hell or unsafe regex, where specific vulnerable lines can be identified.

Ouptut in case of detecting brute force attacks, validate inputs, identify insecure authentication, and analyze security headers:

image

image

image

Desired Output (in case of detecting callback hell, unsafe regex):

image

image

Files to be referred/altered for this change:

  1. DetectBruteForceAttack.ts
  2. DetectInputValidation.ts
  3. InsecureAuthentication.ts
  4. AnalyzeSecurityHeaders.ts

Make sure the end user/developer (who downloads the NPM package) is able to smoothly run the NPM package after these changes.

Xzanam commented 6 days ago

Hi , I 'd like to work on this

prayas7102 commented 6 days ago

Hi , I 'd like to work on this

Sure go ahead, and also tell how you're going to achieve this. Before getting this issue assigned.