Question
I have to answer to those questions 1. Secure programming recommendation : what is the problem? 2.What should change and how? describe THREE things you
I have to answer to those questions
1. Secure programming recommendation : what is the problem?
2.What should change and how? describe THREE things you can do to the code in that program to improve its security. Report your secure programming plan.
Can someone help me to find 3 security problems in the following codes and explain how to improve that without implementing any new code?
1.TEST
var chai = require('chai');
var chaiHttp = require('chai-http');
var assert = require('assert');
chai.use(chaiHttp);
describe('Test top level / route', function() { it('it should have a 200 status code', function (done) {
chai.request('http://localhost:3000') // the top level web address
.get('/') // the route to add to the top level address
.end((err, res) => { // what to do once the request returns
assert.equal(res.status, 200); // check we have the 200 OK HTTP code
done(); // finish up });
});
it('it should send the right message', (done) => {
chai.request('http://localhost:3000')
.get('/')
.end((err, res) => {
let data = JSON.parse(res.text);
assert.equal(data.message, 'This is not the norestforthewiccad API');
done();
});
});
it('it should have a spells route', (done) => {
chai.request('http://localhost:3000')
.get('/spells')
.end((err, res) => {
assert.equal(res.status, 200);
done();
});
});
});
2.INDEX // the norestforthewiccad API
var express = require('express');
var app = express();
var bodyParser = require('body-parser');
// config body parser to deal with JSON post bodies
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
var spell_routes = require('./spells.js');
var user_routes = require('./user.js');
// mount the routes in spells
// off of /spells
app.use('/spools', spell_routes);
app.use('/user', user_routes);
// default route
app.get('/', function (req, res) {
console.log("Request to /");
res.json({"message":'This is not the norestforthewiccad API'});
})
console.log("Starting app on port 3000");
console.log("Point your web browser at http://localhost:3000");
app.listen(3000);
3.SPELLS
const express = require('express');
const router = express.Router();
let spells = [
{
id: 1001, name: "Rabbit foot positivity",
ingredients: [
{name:"Foot of rabbit"},
{name:"Juice of beetle"}],
result: "Good luck"
},
{ id:1002, name: "Fox exeunta",
ingredients: [
{name:"Foul of lion"},
{name:"Spirit of hobo"}],
result: "Fox removed",
},
{
id:1003, name: "Hackus maximum",
ingredients: [
{name:"Oxygenated hydrogen juice"},
{name:"Effluent of bean"},
{name:"Heat of joy"}],
result: "Fast coding"
}
];
// get all spells
router.get('/', function(req, res){
res.json({"message":"no spells here"});
});
// get a specific spell
router.get('/:id', function(req, res)
{ const spellId = req.params['id'];
res.json(spells[0]);
});
// update a specific spell
router.put('/:id', function(req, res){
const spellId = req.params['id'];
spell = {}
});
// add a new spell
router.post('/', function(req, res){
res.json(spells);
let spell = {
id:req.body.id,
name: "Is this the right name for your spell and does it have any ingredients?", };
spells.push(spell); });
module.exports = router;
4.USER
const express = require('express');
const router = express.Router();
// login router.post('/login', function(req, res){
res.json({
message:"Login successful" });
});
// get current user
router.get('/', function(req, res){
res.json({
username:" ",
password:" " });
});
module.exports = router;
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started