Electronegativity – Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications

0
5
Electronegativity - Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications

Electronegativity is a device to determine misconfigurations and safety anti-patterns in Electron-based purposes.
Software builders and safety auditors can use this device to detect and mitigate potential weaknesses and implementation bugs when creating purposes utilizing Electron. A superb understanding of Electron (in)safety continues to be required when utilizing Electronegativity, as a number of the potential points detected by the device require handbook investigation.


Installation
Major releases are pushed to NPM and could be merely put in utilizing:

$ npm set up @doyensec/electronegativity -g

Usage

$ electronegativity -h
Option Description
-V output the model quantity
-i, –input enter (listing, .js, .htm, .asar)
-o, –output save the outcomes to a file in csv or sarif format
-h, –help output utilization data

Using electronegativity to search for points in a listing containing an Electron app:

$ electronegativity -i /path/to/electron/app

Using electronegativity to search for points in an asar archive and saving the ends in a csv file:

$ electronegativity -i /path/to/asar/archive -o outcome.csv

Note: when you’re operating into the Fatal Error “JavaScript heap out of reminiscence”, you possibly can run node utilizing node --max-outdated-area-measurement=4096 electronegativity -i /path/to/asar/archive -o outcome.csv

Credits
Electronegativity was made potential because of the work of Claudio Merloni, Ibram Marzouk, Jaroslav Lobačevski and lots of different contributors.
This work has been sponsored by Doyensec LLC.

MoreTip.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.