Skip to content
Snippets Groups Projects
Select Git revision
3 results
Name Last commit Last update
controllers/vulnerabilityCheck
middleware
routes/v1
.gitignore
.gitlab-ci.yml
.prettierrc
README.md
app.ts
package-lock.json
package.json
tsconfig.json
README.md

Knack Vulnerability Check Server

This server application is designed to search your Knack application for exposed API keys. It helps identify potential vulnerabilities by checking for exposed API keys in your application's configuration.

Installation

  1. You need Node.js installed on your machine. If you don't have it installed, you can download it from the official Node.js website.

  2. Clone this repository to your local machine.

    git clone <repository_link>

  3. Install the dependencies.

    npm install

Usage

There are three scripts that you can run:

  1. To start the server, use the following command:

    npm run start

  2. To start the server in development mode, use the following command:

    npm run dev

  3. To compile TypeScript to JavaScript, use the following command:

    npm run build

Remember that for the 'start' script to run, you need to first compile the TypeScript files into JavaScript using the 'build' script.

Vulnerability Check API

Endpoint

GET /api/v1/vulnerability-check

This endpoint performs a vulnerability check on a Knack application to detect exposed API keys.

Parameters

  • knack_application_id (string, optional): Must be a valid Knack application ID.
  • url (string, optional): Must be a valid URL of the live Knack application.

Note: Either knack_application_id or url must be provided, but not both.

Responses

200 OK

Returned when a potential vulnerability is detected.

Example Response Body:

{
  "msg": "Potential Vulnerability Detected: API Key ending in c7d53ebc76f0 found on line 10",
  "vulnerabilitiesFound": true
}
400 Bad Request

Returned when there is an issue with the input parameters.

Example Response Body (Invalid knack_application_id):

{
  "errors": [
    {
      "type": "field",
      "value": "1234",
      "msg": "knack_application_id must be a valid MongoDB ObjectId",
      "path": "knack_application_id",
      "location": "query"
    }
  ]
}

Example Response Body (Missing Parameter):

{
  "error": "A knack_application_id or url is required"
}

Project Structure

The project has a modular structure that separates different concerns into different directories:

  • controllers: Contains controller files responsible for defining application logic.
  • middleware: Holds middleware functions that have access to the request and response objects.
  • routes: Responsible for defining the application's routes.
    • v1: Contains all the routes for version 1 of your API.

Certainly! Here's how you can add an MIT License and contribution guidelines to the README:

Contribution Guidelines

We warmly welcome contributions to the Knack Vulnerability Check Server project. Whether you're fixing bugs, improving the documentation, or adding new features, your help is appreciated.

How to Contribute

  1. Fork the Repository: Start by forking the repository to your own Gitlab account.

  2. Clone the Repository: Clone the forked repository to your local machine.

  3. Create a New Branch: For each new feature or fix, create a separate branch in your local repository.

  4. Make Your Changes: Implement your changes, adhering to the existing code style and best practices.

  5. Document Your Changes: Update the README or documentation with any necessary changes.

  6. Submit a Merge Request: Push your changes to your fork and submit a merge request to the main repository. In your pull request, describe your changes and link any relevant issues.

  7. Code Review: Maintainers will review your pull request and suggest any changes if necessary.

  8. Merge: Once your pull request is approved, a maintainer will merge it into the main repository.

Reporting Issues

If you find a bug or have a suggestion for improving the application, please open an issue through the Gitlab issue tracker. Include as much detail as possible in your report, such as steps to reproduce the issue, the expected outcome, and the actual outcome.

License

This project is licensed under the MIT License.

MIT License

MIT License

Copyright (c) 2023 Ksense Technology Group

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.