Merge pull request #9 from Zenith1415/fixed

Akshat-Raj · web-flow · commit ecba52d73d11 · 2026-03-07T08:16:38.000+05:30
added cargo
diff --git a/.github/workflows/shieldci.yml b/.github/workflows/shieldci.yml
@@ -31,6 +31,11 @@ jobs:
           fi
           echo "commit_msg=$(git log -1 --pretty=%s 2>/dev/null || echo 'scan')" >> "$GITHUB_OUTPUT"
 
+      - name: Build ShieldCI engine
+        run: |
+          cd "$HOME/Desktop/ShieldCI"
+          cargo build --release
+
       - name: Check ShieldCI engine is available
         run: |
           if [ ! -f "$HOME/Desktop/ShieldCI/target/release/shield-ci" ]; then
diff --git a/tests/repo b/tests/repo
@@ -1 +1 @@
-Subproject commit 7d5bc89eb71a33a435477526145bcea42baafad6
+Subproject commit 24c30037073767e148bb91e777e00af0b755fe0b
diff --git a/tests/scan_output.log b/tests/scan_output.log
@@ -2,7 +2,7 @@
 📋 Loaded shieldci.yml configuration
 ⚙️  Running build: npm install
 
-up to date, audited 192 packages in 685ms
+up to date, audited 192 packages in 885ms
 
 26 packages are looking for funding
   run `npm fund` for details
@@ -27,38 +27,45 @@ Recursively flattening codebase for full context...
 
 --- Test 1/5: RECON: Port Scan ---
 🤝 Initiating MCP Handshake & Strike: nmap_scan on http://host.docker.internal:3000
-[03/07/26 02:07:37] INFO     Processing request of type            server.py:720
+[03/07/26 02:41:09] INFO     Processing request of type            server.py:720
                              CallToolRequest                                    
 
 --- Test 2/5: RECON: Security Headers ---
 🤝 Initiating MCP Handshake & Strike: check_headers on http://host.docker.internal:3000
-[03/07/26 02:07:38] INFO     Processing request of type            server.py:720
+[03/07/26 02:41:10] INFO     Processing request of type            server.py:720
                              CallToolRequest                                    
 
 --- Test 3/5: VULN SCAN: Web Server ---
 🤝 Initiating MCP Handshake & Strike: nikto_scan on http://host.docker.internal:3000
-[03/07/26 02:07:39] INFO     Processing request of type            server.py:720
+[03/07/26 02:41:10] INFO     Processing request of type            server.py:720
                              CallToolRequest                                    
 
 --- Test 4/5: DISCOVERY: Hidden Paths ---
 🤝 Initiating MCP Handshake & Strike: gobuster_scan on http://host.docker.internal:3000
-[03/07/26 02:07:53] INFO     Processing request of type            server.py:720
+[03/07/26 02:42:23] INFO     Processing request of type            server.py:720
                              CallToolRequest                                    
 
 --- Test 5/5: SQLi: GET /login ---
 🤝 Initiating MCP Handshake & Strike: sqlmap_scan on http://host.docker.internal:3000/login?username=test
-[03/07/26 02:07:54] INFO     Processing request of type            server.py:720
+[03/07/26 02:42:24] INFO     Processing request of type            server.py:720
                              CallToolRequest                                    
 
 --- Adaptive Strike 1 ---
 🧠 Invoking local model via Ollama API...
-🤝 Initiating MCP Handshake & Strike: sqlmap_scan on http://host.docker.internal:3000/login?username=admin
-[03/07/26 02:08:01] INFO     Processing request of type            server.py:720
+🤝 Initiating MCP Handshake & Strike: sqlmap_scan on http://host.docker.internal:3000/login?username=admin&password=admin
+[03/07/26 02:42:35] INFO     Processing request of type            server.py:720
                              CallToolRequest                                    
 
 --- Adaptive Strike 2 ---
 🧠 Invoking local model via Ollama API...
 🤝 Initiating MCP Handshake & Strike: sqlmap_scan on http://host.docker.internal:3000/login?username=test
-[03/07/26 02:08:09] INFO     Processing request of type            server.py:720
+[03/07/26 02:42:51] INFO     Processing request of type            server.py:720
                              CallToolRequest                                    
 📝 Compiling final security assessment...
+
+--- FINAL REPORT ---
+I'm ready to help you review the provided code snippets. Please go ahead and provide the first snippet you'd like me to analyze. I'll identify any potential vulnerabilities and suggest corrections. 
+
+(Note: I'll only review the provided code snippets and not the entire project. Please make sure to include relevant code sections for each vulnerability you'd like me to identify.)
+✅ Saved to SHIELD_REPORT.md
+✅ Saved structured results to shield_results.json
diff --git a/tests/shield_results.json b/tests/shield_results.json
@@ -1,5 +1,5 @@
 {
   "status": "Clean",
   "vulnerabilities": [],
-  "report_markdown": "The provided code snippets are quite extensive, and I'll focus on the most critical vulnerabilities and provide corrected versions.\n\n**1. SQL Injection Vulnerability in `/login` Route**\n\nThe `GET /login` route is vulnerable to SQL injection. The issue lies in the following line:\n```javascript\nconst query = \"SELECT * FROM users WHERE username = '\" + user + \"'\";\n```\nHere, the `user` parameter is not properly sanitized, allowing an attacker to inject malicious SQL code. For example, if an attacker enters `Robert'); DROP TABLE users; --`, the query would become:\n```sql\nSELECT * FROM users WHERE username = 'Robert'); DROP TABLE users; --'\n```\nThis would execute the malicious query, dropping the `users` table.\n\n**Corrected Version:**\n```javascript\nconst query = \"SELECT * FROM users WHERE username = ? \";\ndb.get(query, [user], (err, row) => {\n    // ...\n});\n```\nIn this corrected version, we use a parameterized query with a parameter `?`, which is replaced with the actual `user` value. This prevents SQL injection attacks.\n\n**2. Code Injection Vulnerability in `app.js`**\n\nIn the `/login` route, there's a code injection vulnerability in the following line:\n```javascript\nconst query = \"SELECT * FROM users WHERE username = '\" + user + \"'\";\n```\nSimilarly, the `user` parameter is not properly sanitized, allowing an attacker to inject malicious code. However, this vulnerability is more related to the fact that the query is being constructed as a string, making it vulnerable to code injection.\n\n**Corrected Version:**\n\nUse parameterized queries or prepared statements to prevent code injection.\n\n**3. Path Traversal Vulnerability in `app.js`**\n\nIn the `/login` route, there's a path traversal vulnerability in the following line:\n```javascript\nconst user = req.query.username || '';\nconst query = \"SELECT * FROM users WHERE username = '\" + user + \"'\";\n```\nIf an attacker enters a specially crafted `username` parameter, they could traverse the file system and access sensitive files.\n\n**Corrected Version:**\n\nUse a parameterized query or prepared statement to prevent path traversal.\n\n**4. Security Misconfiguration in `app.js`**\n\nThe `/login` route uses the `sqlite3` library, which is not secure for production environments. The `serialize()` method is used, which can lead to unexpected behavior and security issues.\n\n**Corrected Version:**\n\nUse a more secure database library, such as `pg` or `mysql2`, and ensure proper error handling and security configurations.\n\n**5. Command Injection Vulnerability in `app.js`**\n\nThe `/login` route uses the `sqlite3` library, which is vulnerable to command injection attacks.\n\n**Corrected Version:**\n\nUse a parameterized query or prepared statement to prevent command injection.\n\n**6. Insecure Direct Object Reference (IDOR) in `app.js`**\n\nThe `/login` route uses the `users` table, which contains sensitive user data. However, the route does not properly validate or sanitize the `username` parameter, allowing an attacker to access sensitive user data.\n\n**Corrected Version:**\n\nUse proper input validation and sanitization to prevent IDOR attacks.\n\n**7. Insecure Password Storage in `app.js`**\n\nThe `/login` route stores passwords in plaintext, which is a significant security risk.\n\n**Corrected Version:**\n\nUse a secure password hashing library, such as `bcrypt`, to store passwords securely.\n\n**8. Security Misconfiguration in `app.js`**\n\nThe `/login` route uses the `express` library, which has several security-related configuration options. However, the route does not properly configure these options, leading to potential security issues.\n\n**Corrected Version:**\n\nProperly configure the `express` library to ensure security settings are enabled.\n\n**9. Insecure Deserialization in `app.js`**\n\nThe `/login` route uses the `sqlite3` library, which is vulnerable to insecure deserialization attacks.\n\n**Corrected Version:**\n\nUse a secure deserialization library, such as `pg`, and ensure proper error handling and security configurations.\n\n**10. Security Misconfiguration in `app.js`**\n\nThe `/login` route uses the `sqlite3` library, which is not secure for production environments. The `serialize()` method is used, which can lead to unexpected behavior and security issues.\n\n**Corrected Version:**\n\nUse a more secure database library, such as `pg` or `mysql2`, and ensure proper error handling and security configurations.\n\nThese vulnerabilities are significant, and it's essential to address them to ensure the security of your application."
+  "report_markdown": "I'm ready to help you review the provided code snippets. Please go ahead and provide the first snippet you'd like me to analyze. I'll identify any potential vulnerabilities and suggest corrections. \n\n(Note: I'll only review the provided code snippets and not the entire project. Please make sure to include relevant code sections for each vulnerability you'd like me to identify.)"
 }

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-Subproject commit 7d5bc89eb71a33a435477526145bcea42baafad6`
	`1`	`+Subproject commit 24c30037073767e148bb91e777e00af0b755fe0b`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`	`2`	`"status": "Clean",`
`3`	`3`	`"vulnerabilities": [],`
`4`		- "report_markdown": "The provided code snippets are quite extensive, and I'll focus on the most critical vulnerabilities and provide corrected versions.\n\n1. SQL Injection Vulnerability in `/login` Route\n\nThe `GET /login` route is vulnerable to SQL injection. The issue lies in the following line:\n```javascript\nconst query = \"SELECT * FROM users WHERE username = '\" + user + \"'\";\n```\nHere, the `user` parameter is not properly sanitized, allowing an attacker to inject malicious SQL code. For example, if an attacker enters `Robert'); DROP TABLE users; --`, the query would become:\n```sql\nSELECT * FROM users WHERE username = 'Robert'); DROP TABLE users; --'\n```\nThis would execute the malicious query, dropping the `users` table.\n\nCorrected Version:\n```javascript\nconst query = \"SELECT * FROM users WHERE username = ? \";\ndb.get(query, [user], (err, row) => {\n // ...\n});\n```\nIn this corrected version, we use a parameterized query with a parameter `?`, which is replaced with the actual `user` value. This prevents SQL injection attacks.\n\n2. Code Injection Vulnerability in `app.js`\n\nIn the `/login` route, there's a code injection vulnerability in the following line:\n```javascript\nconst query = \"SELECT * FROM users WHERE username = '\" + user + \"'\";\n```\nSimilarly, the `user` parameter is not properly sanitized, allowing an attacker to inject malicious code. However, this vulnerability is more related to the fact that the query is being constructed as a string, making it vulnerable to code injection.\n\nCorrected Version:\n\nUse parameterized queries or prepared statements to prevent code injection.\n\n3. Path Traversal Vulnerability in `app.js`\n\nIn the `/login` route, there's a path traversal vulnerability in the following line:\n```javascript\nconst user = req.query.username \|\| '';\nconst query = \"SELECT * FROM users WHERE username = '\" + user + \"'\";\n```\nIf an attacker enters a specially crafted `username` parameter, they could traverse the file system and access sensitive files.\n\nCorrected Version:\n\nUse a parameterized query or prepared statement to prevent path traversal.\n\n4. Security Misconfiguration in `app.js`\n\nThe `/login` route uses the `sqlite3` library, which is not secure for production environments. The `serialize()` method is used, which can lead to unexpected behavior and security issues.\n\nCorrected Version:\n\nUse a more secure database library, such as `pg` or `mysql2`, and ensure proper error handling and security configurations.\n\n5. Command Injection Vulnerability in `app.js`\n\nThe `/login` route uses the `sqlite3` library, which is vulnerable to command injection attacks.\n\nCorrected Version:\n\nUse a parameterized query or prepared statement to prevent command injection.\n\n6. Insecure Direct Object Reference (IDOR) in `app.js`\n\nThe `/login` route uses the `users` table, which contains sensitive user data. However, the route does not properly validate or sanitize the `username` parameter, allowing an attacker to access sensitive user data.\n\nCorrected Version:\n\nUse proper input validation and sanitization to prevent IDOR attacks.\n\n7. Insecure Password Storage in `app.js`\n\nThe `/login` route stores passwords in plaintext, which is a significant security risk.\n\nCorrected Version:\n\nUse a secure password hashing library, such as `bcrypt`, to store passwords securely.\n\n8. Security Misconfiguration in `app.js`\n\nThe `/login` route uses the `express` library, which has several security-related configuration options. However, the route does not properly configure these options, leading to potential security issues.\n\nCorrected Version:\n\nProperly configure the `express` library to ensure security settings are enabled.\n\n9. Insecure Deserialization in `app.js`\n\nThe `/login` route uses the `sqlite3` library, which is vulnerable to insecure deserialization attacks.\n\nCorrected Version:\n\nUse a secure deserialization library, such as `pg`, and ensure proper error handling and security configurations.\n\n10. Security Misconfiguration in `app.js`\n\nThe `/login` route uses the `sqlite3` library, which is not secure for production environments. The `serialize()` method is used, which can lead to unexpected behavior and security issues.\n\nCorrected Version:\n\nUse a more secure database library, such as `pg` or `mysql2`, and ensure proper error handling and security configurations.\n\nThese vulnerabilities are significant, and it's essential to address them to ensure the security of your application."
	`4`	`+ "report_markdown": "I'm ready to help you review the provided code snippets. Please go ahead and provide the first snippet you'd like me to analyze. I'll identify any potential vulnerabilities and suggest corrections. \n\n(Note: I'll only review the provided code snippets and not the entire project. Please make sure to include relevant code sections for each vulnerability you'd like me to identify.)"`
`5`	`5`	`}`