vulnerability-scanner

# Vulnerability Scanner

## Quick Start

Scan a codebase for common vulnerabilities:

```bash
# For JavaScript/TypeScript
npx eslint --plugin security .

# For Python
bandit -r . -f json

# For general patterns
grep -rn "eval\|exec\|system\|shell" --include="*.py" --include="*.js"
```

## Instructions

### Step 1: Identify Project Type

Detect the technology stack:
- Check for `package.json` (Node.js)
- Check for `requirements.txt` or `pyproject.toml` (Python)
- Check for `go.mod` (Go)
- Check for `Cargo.toml` (Rust)

### Step 2: Run Static Analysis

**JavaScript/TypeScript:**
```bash
npx eslint --plugin security --ext .js,.ts,.jsx,.tsx .
```

**Python:**
```bash
pip install bandit
bandit -r . -f json -o bandit-report.json
```

**Go:**
```bash
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...
```

### Step 3: Check for Common Patterns

Scan for dangerous patterns:

| Pattern | Risk | Languages |
|---------|------|-----------|
| `eval()` | Code injection | JS, Python |
| `exec()` | Command injection | Python |
| `shell=True` | Command injection | Python |
| `dangerouslySetInnerHTML` | XSS | React |
| SQL string concatenation | SQL injection | All |
| `pickle.loads()` | Deserialization | Python |

### Step 4: Categorize Findings

Assign severity based on:
- **Critical**: Remote code execution, authentication bypass
- **High**: SQL injection, XSS, SSRF
- **Medium**: Information disclosure, CSRF
- **Low**: Missing headers, verbose errors

### Step 5: Generate Report

Format findings:
```
## Security Scan Results

### Critical (0)
[None found]

### High (2)
1. **SQL Injection** - src/db/queries.js:45
   - Pattern: String concatenation in SQL query
   - Fix: Use parameterized queries

2. **XSS Vulnerability** - src/components/Comment.jsx:23
   - Pattern: dangerouslySetInnerHTML with user input
   - Fix: Sanitize input with DOMPurify
```

## Common Vulnerability Patterns

### Injection Flaws

```javascript
// BAD: SQL Injection
const query = `SELECT * F