From f5e465c301bd40b51ecee5d3d9809c257b4c5cef Mon Sep 17 00:00:00 2001 From: swmuk <129036733+swmuk@users.noreply.github.com> Date: Fri, 23 Jun 2023 13:48:13 +0530 Subject: [PATCH 1/3] Created README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..afc7782 --- /dev/null +++ b/README.md @@ -0,0 +1,2 @@ +# NodeJS-playground +2018 - Vulnerable App for Demos From abf4f507236709704d426407f5224b3ce9792682 Mon Sep 17 00:00:00 2001 From: Swastik Mukherjee <129036733+swmuk@users.noreply.github.com> Date: Tue, 8 Aug 2023 14:22:14 +0530 Subject: [PATCH 2/3] Create njsscan.yml --- .github/workflows/njsscan.yml | 42 +++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/workflows/njsscan.yml diff --git a/.github/workflows/njsscan.yml b/.github/workflows/njsscan.yml new file mode 100644 index 0000000..bc5934c --- /dev/null +++ b/.github/workflows/njsscan.yml @@ -0,0 +1,42 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow integrates njsscan with GitHub's Code Scanning feature +# nodejsscan is a static security code scanner that finds insecure code patterns in your Node.js applications + +name: njsscan sarif + +on: + push: + branches: [ "master" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "master" ] + schedule: + - cron: '44 16 * * 1' + +permissions: + contents: read + +jobs: + njsscan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + runs-on: ubuntu-latest + name: njsscan code scanning + steps: + - name: Checkout the code + uses: actions/checkout@v3 + - name: nodejsscan scan + id: njsscan + uses: ajinabraham/njsscan-action@7237412fdd36af517e2745077cedbf9d6900d711 + with: + args: '. --sarif --output results.sarif || true' + - name: Upload njsscan report + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: results.sarif From 5a506d1c0e64bb344aaebc3745453f3fa1c2ac89 Mon Sep 17 00:00:00 2001 From: Swastik Mukherjee <129036733+swmuk@users.noreply.github.com> Date: Fri, 17 Nov 2023 13:27:16 +0530 Subject: [PATCH 3/3] test line added --- app.js | 1 + 1 file changed, 1 insertion(+) diff --git a/app.js b/app.js index b66ea5b..d1cbf32 100644 --- a/app.js +++ b/app.js @@ -1,4 +1,5 @@ //Subjected to SemGrep Scanning +// made no changes, yet to check the QG require("./db/db.js"); const mongoose = require("mongoose");