Nodejsscan - A Static Safety Code Scanner For Node.Js Applications - Hi friends mederc, In the article that you read this time with the title Nodejsscan - A Static Safety Code Scanner For Node.Js Applications, We have prepared this article well for you to read and retrieve information from it. hopefully fill the posts Article Code Analysis, Article Code Review, Article Command Line, Article JavaScript, Article Linux, Article Mac, Article Node, Article Node Security, Article Node.js, Article NodeJS, Article NodeJsScan, Article Scanner, Article Security Scanner, Article Static Analysis, we write this you can understand. Alright, happy reading.

Title : Nodejsscan - A Static Safety Code Scanner For Node.Js Applications
link : Nodejsscan - A Static Safety Code Scanner For Node.Js Applications

Nodejsscan - A Static Safety Code Scanner For Node.Js Applications

Static safety code scanner (SAST) for Node.js applications.

Configure & Run NodeJsScan
Install Postgres as well as configure SQLALCHEMY_DATABASE_URI inwards core/settings.py

pip3 install -r requirements.txt python3 migrate.py # Run 1 time to practise database entries required python3 app.py # Testing Environment gunicorn -b 0.0.0.0:9090 app:app # Production Environment

This volition run NodeJsScan on http://0.0.0.0:9090
If you lot take away to debug, gear upwardly DEBUG = True inwards core/settings.py

NodeJsScan CLI
The command line interface (CLI) allows you lot to integrate NodeJsScan amongst DevSecOps CI/CD pipelines. The results are inwards JSON format. When you lot usage CLI the results are never stored amongst NodeJsScan backend.

virtualenv venv -p python3 source venv/bin/activate (venv)pip install nodejsscan (venv)$ nodejsscan usage: nodejsscan [-h] [-f FILE [FILE ...]] [-d DIRECTORY [DIRECTORY ...]]                   [-o OUTPUT] [-v]  optional arguments:   -h, --help            present this assist message as well as leave of absence   -f FILE [FILE ...], --file FILE [FILE ...]                         Node.js file(s) to scan   -d DIRECTORY [DIRECTORY ...], --directory DIRECTORY [DIRECTORY ...]                         Node.js source code directory/directories to scan   -o OUTPUT, --output OUTPUT                         Output file to salvage JSON study   -v, --version         Show nodejsscan version

Python API

import core.scanner every bit njsscan res_dir = njsscan.scan_dirs(['/Code/Node.Js-Security-Course']) res_file = njsscan.scan_file(['/Code/Node.Js-Security-Course/deserialization.js']) print(res_file)  [{'title': 'Deserialization Remote Code Injection', 'description': "User controlled information inwards 'unserialize()' or 'deserialize()' component subdivision tin effect inwards Object Injection or Remote Code Injection.", 'tag': 'rci', 'line': 11, 'lines': 'app.use(cookieParser())\n\napp.get(\'/\', function(req, res) {\n            if (req.cookies.profile) {\n                var str = novel Buffer(req.cookies.profile, \'base64\').toString();\n                var obj = serialize.unserialize(str);\n                if (obj.username) {\n                    res.send("Hello " + escape(obj.username));\n                }\n            } else {', 'filename': 'deserialization.js', 'path': '/Users/ajin/Code/Node.Js-Security-Course/deserialization.js', 'sha2': '06f3f0ff3deed27aeb95955a17abc7722895d3538c14648af97789d8777cee50'}] 

Docker

docker construct -t nodejsscan . docker run -it -p 9090:9090 nodejsscan

DockerHub

docker push clit opensecurity/nodejsscan docker run -it -p 9090:9090 opensecurity/nodejsscan:latest

NodeJsScan Web UI

Static Analysis

Download NodeJsScan

Thus the article Nodejsscan - A Static Safety Code Scanner For Node.Js Applications

That's all the article Nodejsscan - A Static Safety Code Scanner For Node.Js Applications this time, hopefully can benefit you all. okay, see you in another article posting.

You are now reading the article Nodejsscan - A Static Safety Code Scanner For Node.Js Applications with the link address https://mederc.blogspot.com/2019/09/nodejsscan-static-safety-code-scanner.html

Share this post