Migrate to client-side GitHub API with token auth, rename to SecurityLens

Author: DMontgomery40

README.md

@@ -1,131 +1,23 @@
-# Plugin Vulnerability Scanner
-
-A vulnerability scanner for plugin architectures, focusing on memory, filesystem, and plugin system vulnerabilities.
-A comprehensive security vulnerability scanner for dependency management across multiple programming languages and package ecosystems. This tool helps identify security vulnerabilities in your project's dependencies, regardless of the programming language or package manager used.
-
-https://dmontgomery40.github.io/plugin-vulnerability-scanner/
-
-<p align="center">
-  <a href="https://github.com/user-attachments/assets/c708b25e-ee33-45c8-baea-01e71a4061e8">
-    <img src="https://private-user-images.githubusercontent.com/130489651/390199844-c708b25e-ee33-45c8-baea-01e71a4061e8.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MzI2Njg5NDIsIm5iZiI6MTczMjY2ODY0MiwicGF0aCI6Ii8xMzA0ODk2NTEvMzkwMTk5ODQ0LWM3MDhiMjVlLWVlMzMtNDVjOC1iYWVhLTAxZTcxYTQwNjFlOC5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQxMTI3JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MTEyN1QwMDUwNDJaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT01NThlNzI2MTJhODFiYTk0ODQ1YmE1MGMyZmUwMDIyNjdhN2Q5NGU2NTBhZmYxNzk0ZjkzNTdjZTVlZmIwYzNlJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCJ9.vfCgiRbUTiLLhKYSaNco9YPuRR1ulskAxgMSvXm6Tjw" alt="Dashboard" width="45%"/>
-  </a>
-</p>
-
-
-
-
-## Features
-
-- Detects various types of security vulnerabilities:
-  - Memory-related vulnerabilities (buffer overflows, memory leaks)
-  - Filesystem vulnerabilities (path traversal, unsafe operations)
-  - Plugin system vulnerabilities (unsafe loading, eval usage)
-  - Event listener leaks
-  - Unhandled file operations
-
-### Multi-Language Support
-Analyzes dependencies and vulnerabilities across multiple package ecosystems:
-* JavaScript/Node.js (npm)
-* Python (pip, poetry)
-* Ruby (gem)
-* Java (Maven, Gradle)
-* PHP (Composer)
-* Go (go modules)
-* Rust (Cargo)
-### Vulnerability Detection
-* Dependency vulnerability scanning
-* Version compatibility checking
-* Known CVE detection
-* Outdated package identification
-* License compliance checking
-* Security advisory integration
-### Analysis Types
-* Deep dependency tree analysis
-* Transitive dependency checking
-* Supply chain vulnerability detection
-* Package integrity verification
-* Version constraint validation
-### Output Formats
-* JSON
-* Plain text
-* HTML reports
-* GitHub-flavored Markdown
-* CI/CD compatible formats
-
-## Installation
-
-```bash
-# Install globally via npm
-npm install -g plugin-vulnerability-scanner
-# Or run directly with npx
-npx plugin-vulnerability-scanner
-```
-
-## Features in Development
-* Real-time vulnerability monitoring
-* Custom rule creation
-* Plugin ecosystem for custom checks
-* Integration with additional package managers
-* Enhanced CI/CD pipeline integration
-* Custom policy enforcement
-* Automated fix suggestions
-* Impact analysis reports
-
-
-### GitHub Actions
-
-  ...
-```yaml
-- name: Security Scan
-  uses: plugin-vulnerability-scanner/action@v1
-  with:
-    path: '.'
-    fail-on: 'high'
-```
-### GitLab CI
-```yaml
-security_scan:
-  image: plugin-vulnerability-scanner
-  script:
-    - plugin-vulnerability-scanner scan ./ --ci
-```
-Recommendations:
-  bufferOverflow:
-  Replace Buffer.allocUnsafe() with Buffer.alloc()
-
-### Jenkins Pipeline
-  ...
-```groovy
-stage('Security Scan') {
-  steps {
-    sh 'plugin-vulnerability-scanner scan ./ --output json'
-  }
-}
-```
-
-## Contributing
-
-Contributions are welcome! Please feel free to submit a Pull Request.
-Contributions are welcome! Please feel free to submit a Pull Request. Here's how you can contribute:
-1. Fork the repository
-2. Create your feature branch (`git checkout -b feature/amazing-feature`)
-3. Commit your changes (`git commit -m 'Add some amazing feature'`)
-4. Push to the branch (`git push origin feature/amazing-feature`)
-5. Open a Pull Request
-
-### Development Setup
-```bash
-git clone https://github.com/yourusername/plugin-vulnerability-scanner.git
-cd plugin-vulnerability-scanner
-npm install
-npm run dev
-```
-
-## License
-
-MIT
-This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
-## Support
-* Documentation: [https://plugin-vulnerability-scanner.dev](https://plugin-vulnerability-scanner.dev)
-* Issues: [GitHub Issues](https://github.com/DMontgomery40/plugin-vulnerability-scanner/issues)
-* Discussions: [GitHub Discussions](https://github.com/DMontgomery40/plugin-vulnerability-scanner/discussions)
+# SecurityLens (or your chosen name)
+An open-source security analysis platform for education and vulnerability discovery.
+
+## Current Features
+- Static code analysis for common security vulnerabilities
+- Pattern-based vulnerability detection
+- Detailed explanations and recommendations
+
+## Roadmap
+### Phase 1 (Current)
+- [x] Basic vulnerability scanning
+- [ ] CVE database integration
+- [ ] Dependency vulnerability checking
+
+### Phase 2 (Future)
+- [ ] Binary analysis capabilities
+- [ ] Integration with reverse engineering tools
+- [ ] Interactive learning modules
+
+### Phase 3 (Long-term)
+- [ ] Collaborative analysis features
+- [ ] Integration with additional security tools
+- [ ] Advanced binary analysis

netlify.toml

@@ -8,4 +8,10 @@
   status = 200
 
 [functions]
-  node_bundler = "esbuild"
+  node_bundler = "esbuild"
+  included_files = ["src/lib/**"]
+  external_node_modules = ["@octokit/rest"]
+  
+[functions.scan-repository]
+  timeout = 30 # Increase timeout to 30 seconds
+  memory = 1024 # Increase memory to 1GB

src/components/ScannerUI.jsx

@@ -7,6 +7,8 @@ import { scanRepository } from '../lib/apiClient';
 import { Alert, AlertDescription } from './ui/alert';
 import VulnerabilityScanner from '../lib/scanner';
 import ScanResults from './ScanResults';
+import { authManager } from '../lib/githubAuth';
+import { AlertDialog, AlertDialogContent, AlertDialogHeader } from './ui/alert-dialog';
 
 const ScannerUI = () => {
   const [scanning, setScanning] = useState(false);
@@ -17,6 +19,8 @@ const ScannerUI = () => {
   const [progress, setProgress] = useState({ current: 0, total: 0 });
   const [scanResults, setScanResults] = useState(null);
   const [usedCache, setUsedCache] = useState(false);
+  const [githubToken, setGithubToken] = useState(localStorage.getItem('gh_token') || '');
+  const [showTokenDialog, setShowTokenDialog] = useState(false);
 
   const handleFileUpload = async (event) => {
     const files = Array.from(event.target.files);
@@ -62,6 +66,11 @@ const ScannerUI = () => {
   const handleUrlScan = useCallback(async () => {
     if (!urlInput) return;
 
+    if (!authManager.hasToken()) {
+      setShowTokenDialog(true);
+      return;
+    }
+    
     setScanning(true);
     setError(null);
     setScanResults(null);
@@ -101,6 +110,25 @@ const ScannerUI = () => {
     }
   }, [urlInput]);
 
+  const handleTokenSubmit = (token) => {
+    if (!token) return;
+
+    if (!authManager.isValidTokenFormat(token)) {
+      setError('Invalid token format. Please ensure you\'ve copied the entire token.');
+      return;
+    }
+
+    try {
+      authManager.setToken(token);
+      setShowTokenDialog(false);
+      if (urlInput) {
+        handleUrlScan();
+      }
+    } catch (error) {
+      setError(error.message);
+    }
+  };
+
   return (
     <div className="p-8 bg-gray-100 min-h-screen">
       {/* Main Input Section */}
@@ -219,7 +247,67 @@ const ScannerUI = () => {
             scanning={scanning}
           />
         )}
+
+        {!githubToken && (
+          <div className="bg-white p-6 rounded-lg shadow-sm mb-4">
+            <h2 className="text-lg font-semibold text-gray-700 mb-4">GitHub Access Token</h2>
+            <p className="text-sm text-gray-600 mb-4">
+              To scan repositories, you'll need a GitHub personal access token. 
+              This stays in your browser and is never sent to any server.
+            </p>
+            <input 
+              type="password"
+              placeholder="GitHub token"
+              onChange={(e) => handleTokenSubmit(e.target.value)}
+              className="w-full px-4 py-2 border rounded"
+            />
+            <a 
+              href="https://github.com/settings/tokens/new" 
+              target="_blank"
+              className="text-sm text-blue-600 hover:underline mt-2 inline-block"
+            >
+              Generate a token
+            </a>
+          </div>
+        )}
       </div>
+
+      {/* Token Dialog */}
+      <AlertDialog open={showTokenDialog} onClose={() => setShowTokenDialog(false)}>
+        <AlertDialogContent>
+          <AlertDialogHeader>
+            <h2 className="text-lg font-semibold">GitHub Token Required</h2>
+          </AlertDialogHeader>
+          <div className="space-y-4">
+            <div className="bg-blue-50 border border-blue-200 rounded p-3 text-sm">
+              <strong>🔒 Security Note:</strong> Your token is stored only in your browser's local storage. 
+              It never leaves your device and is not sent to any external servers.
+            </div>
+            <p className="text-sm text-gray-600">
+              To scan GitHub repositories, you'll need a Personal Access Token. Here's how to get one:
+            </p>
+            <ol className="list-decimal list-inside space-y-2 text-sm">
+              <li>Go to <a 
+                href="https://github.com/settings/tokens/new" 
+                target="_blank" 
+                rel="noopener noreferrer"
+                className="text-blue-600 hover:underline"
+              >
+                GitHub Token Settings
+              </a></li>
+              <li>Select either "Classic" or "Fine-grained" token</li>
+              <li>Enable "repo" access permissions</li>
+              <li>Generate and copy the token</li>
+            </ol>
+            <input
+              type="password"
+              placeholder="Paste your GitHub token here"
+              className="w-full px-4 py-2 border rounded"
+              onChange={(e) => handleTokenSubmit(e.target.value)}
+            />
+          </div>
+        </AlertDialogContent>
+      </AlertDialog>
     </div>
   );
 };

src/lib/apiClient.js

@@ -17,30 +17,28 @@ export async function scanRepository(url) {
         });
 
         if (!response.ok) {
-            const contentType = response.headers.get('content-type');
-            if (contentType && contentType.includes('text/html')) {
+            console.error('Scan failed with status:', response.status);
+            const text = await response.text();
+            console.error('Response body:', text);
+            
+            try {
+                const errorData = JSON.parse(text);
+                throw new ApiError(errorData.error || 'Scan failed', response.status);
+            } catch (e) {
                 throw new ApiError(
-                    'Server error: The scanning service is not available. Please ensure Netlify functions are properly configured.',
-                    503
+                    `Server error (${response.status}): ${text.slice(0, 100)}...`,
+                    response.status
                 );
             }
-
-            const data = await response.json();
-            throw new ApiError(data.error || 'Scan failed', response.status);
         }
 
         const data = await response.json();
         return data;
     } catch (error) {
+        console.error('Scan error details:', error);
         if (error instanceof ApiError) {
             throw error;
         }
-        if (error.name === 'SyntaxError') {
-            throw new ApiError(
-                'Server error: Invalid response from scanning service. Please check Netlify function logs.',
-                500
-            );
-        }
         throw new ApiError('Scan failed: ' + error.message, 500);
     }
 }

src/lib/githubAuth.js

@@ -0,0 +1,48 @@
+export class GitHubAuthManager {
+  constructor() {
+    this.tokenKey = 'security_lens_gh_token';
+    this.token = this.loadToken();
+  }
+
+  loadToken() {
+    try {
+      return localStorage.getItem(this.tokenKey);
+    } catch (error) {
+      console.warn('Unable to access localStorage:', error);
+      return null;
+    }
+  }
+
+  setToken(token) {
+    try {
+      if (token) {
+        localStorage.setItem(this.tokenKey, token);
+      } else {
+        localStorage.removeItem(this.tokenKey);
+      }
+      this.token = token;
+    } catch (error) {
+      console.error('Failed to save token:', error);
+      throw new Error('Unable to save GitHub token. Please check your browser settings.');
+    }
+  }
+
+  hasToken() {
+    return !!this.token;
+  }
+
+  getToken() {
+    return this.token;
+  }
+
+  clearToken() {
+    this.setToken(null);
+  }
+
+  // Validate token format (basic check)
+  isValidTokenFormat(token) {
+    return /^(ghp_[a-zA-Z0-9]{36}|github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59})$/.test(token);
+  }
+}
+
+export const authManager = new GitHubAuthManager();