Developer Guide

Before You Host

Ensure you have the following environment variables configured on your host:

PORT=3000
MONGODB_URI=your_mongo_uri
GOOGLE_CLIENT_ID=your_id
GOOGLE_CLIENT_SECRET=your_secret
COOKIE_KEY=some_random_string

API Keys

You need to generate Google OAuth credentials for the login system from the Google Cloud Console. For the database, create a free MongoDB Atlas cluster and acquire the URI.

Scanner Phases

The scanner parses code iteratively in phases. Check the phases/ directory to modify or add vulnerability detection rules.

  • Phase 1: AST Parsing
  • Phase 2: Injection Detection
  • Phase 3: Auth bypasses
  • Phase 4: Logic flaws

Deployment

The application is pre-configured for Render.com.

  1. Connect your GitHub repo to Render
  2. Select 'Web Service'
  3. Build command: npm install
  4. Start command: npm start

Rate Limits

By default, rate limiting is set in server.js using express-rate-limit. Modify the windowMs or max variables if you need more generous limits.