Vulnerability Scanner
Quick Start
Scan a codebase for common vulnerabilities:
bash
# For JavaScript/TypeScript npx eslint --plugin security . # For Python bandit -r . -f json # For general patterns grep -rn "eval\|exec\|system\|shell" --include="*.py" --include="*.js"
Instructions
Step 1: Identify Project Type
Detect the technology stack:
- •Check for
package.json(Node.js) - •Check for
requirements.txtorpyproject.toml(Python) - •Check for
go.mod(Go) - •Check for
Cargo.toml(Rust)
Step 2: Run Static Analysis
JavaScript/TypeScript:
bash
npx eslint --plugin security --ext .js,.ts,.jsx,.tsx .
Python:
bash
pip install bandit bandit -r . -f json -o bandit-report.json
Go:
bash
go install golang.org/x/vuln/cmd/govulncheck@latest govulncheck ./...
Step 3: Check for Common Patterns
Scan for dangerous patterns:
| Pattern | Risk | Languages |
|---|---|---|
eval() | Code injection | JS, Python |
exec() | Command injection | Python |
shell=True | Command injection | Python |
dangerouslySetInnerHTML | XSS | React |
| SQL string concatenation | SQL injection | All |
pickle.loads() | Deserialization | Python |
Step 4: Categorize Findings
Assign severity based on:
- •Critical: Remote code execution, authentication bypass
- •High: SQL injection, XSS, SSRF
- •Medium: Information disclosure, CSRF
- •Low: Missing headers, verbose errors
Step 5: Generate Report
Format findings:
code
## Security Scan Results ### Critical (0) [None found] ### High (2) 1. **SQL Injection** - src/db/queries.js:45 - Pattern: String concatenation in SQL query - Fix: Use parameterized queries 2. **XSS Vulnerability** - src/components/Comment.jsx:23 - Pattern: dangerouslySetInnerHTML with user input - Fix: Sanitize input with DOMPurify
Common Vulnerability Patterns
Injection Flaws
javascript
// BAD: SQL Injection
const query = `SELECT * FROM users WHERE id = ${userId}`;
// GOOD: Parameterized query
const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [userId]);
Cross-Site Scripting (XSS)
javascript
// BAD: Direct HTML insertion element.innerHTML = userInput; // GOOD: Text content or sanitization element.textContent = userInput; // or element.innerHTML = DOMPurify.sanitize(userInput);
Advanced
For detailed information, see:
- •CVE Patterns - Common vulnerability patterns by type
- •Remediation Guide - Fix strategies for each vulnerability type
- •Tools Reference - Security scanning tools by language