Electronegativity is a tool to identify misconfigurations and security anti-patt...
source link: https://www.tuicool.com/articles/hit/FZzyeuY
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Electronegativityis a tool to identify misconfigurations and security anti-patterns in Electron -based applications.
It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper.
Software developers and security auditors can use this tool to detect and mitigate potential weaknesses and implementation bugs when developing applications using Electron. A good understanding of Electron (in)security is still required when using Electronegativity, as some of the potential issues detected by the tool require manual investigation.
Major releases are pushed to NPM and can be simply installed using:
$ npm install @doyensec/electronegativity -g
$ electronegativity -hOption Description -V output the version number -i, --input input (directory, .js, .htm, .asar) -o, --output save the results to a file in csv or sarif format -h, --help output usage information
Using electronegativity to look for issues in a directory containing an Electron app:
$ electronegativity -i /path/to/electron/app
Using electronegativity to look for issues in an
archive and saving the results in a csv file:
$ electronegativity -i /path/to/asar/archive -o result.csv
node --max-old-space-size=4096 electronegativity -i /path/to/asar/archive -o result.csv
If you're thinking about contributing to this project, please take a look at our CONTRIBUTING.md .
This work has been sponsored by Doyensec LLC .
Aggregate valuable and interesting links.
Joyk means Joy of geeK