DEV Community: SIBI M S The latest articles on DEV Community by SIBI M S (@sibims). https://dev.to/sibims https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1425372%2F1f0d6d49-0316-49ad-8889-f43d85bbe334.png DEV Community: SIBI M S https://dev.to/sibims en One Byte Explainer: OOPs SIBI M S Fri, 14 Jun 2024 06:04:55 +0000 https://dev.to/sibims/one-byte-explainer-oops-1kco https://dev.to/sibims/one-byte-explainer-oops-1kco <h3> Explainer </h3> <p>Let’s take a resume. A resume is a template(Class). A resume owned by a person(Name:John) is called John’s Resume(Object). Your role in your experience is Encapsulation. Skills extracted from your experience is inheritance.</p> devchallenge cschallenge computerscience beginners SecureCode. SIBI M S Mon, 15 Apr 2024 07:40:01 +0000 https://dev.to/sibims/securecode-43o1 https://dev.to/sibims/securecode-43o1 <p><em>This is a submission for the <a href="https://dev.to/devteam/join-us-for-the-cloudflare-ai-challenge-3000-in-prizes-5f99">Cloudflare AI Challenge</a>.</em></p> <h2> What We Built </h2> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcmhpda53j1qclaabstvm.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcmhpda53j1qclaabstvm.png" alt="SecureCode." width="600" height="327"></a></p> <p>SecureCode. is an application designed to help code security by pinpointing vulnerabilities. With the help of Cloudflare AI Model, Our app detects various parameters crucial for securing your codebase:</p> <p><strong>Vulnerability Type:</strong> Indicate the type of vulnerability detected in the code snippet (e.g., SQL injection, cross-site scripting, buffer overflow).</p> <p><strong>Severity Level:</strong> Assign a severity level to each detected vulnerability (e.g., critical, high, medium, low) to prioritize remediation efforts.</p> <p><strong>Location:</strong> Highlight the specific location within the code where the vulnerability was detected (e.g., line number, function name, file name) to facilitate debugging and fixing.</p> <p><strong>Explanation:</strong> Provide a brief explanation or description of the detected vulnerability, including how it could potentially be exploited and its impact on security.</p> <p><strong>Recommendations:</strong> Offer recommendations or suggested fixes to address the detected vulnerabilities, such as code changes or security best practices to follow.</p> <p><strong>Overall Security Percentage:</strong> Return the overall security percentage of the given code.</p> <h2> Demo </h2> <div class="crayons-card c-embed text-styles text-styles--secondary"> <a href="https://secure-code-mocha.vercel.app/" rel="noopener noreferrer"> secure-code-mocha.vercel.app </a> </div> <h2> My Code </h2> <div class="ltag-github-readme-tag"> <div class="readme-overview"> <h2> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--A9-wwsHG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev.to/assets/github-logo-5a155e1f9a670af7944dd5e12375bc76ed542ea80224905ecaf878b9157cdefc.svg" alt="GitHub logo"> <a href="https://github.com/mohandotdev" rel="noopener noreferrer"> mohandotdev </a> / <a href="https://github.com/mohandotdev/secure-code" rel="noopener noreferrer"> secure-code </a> </h2> <h3> </h3> </div> <div class="ltag-github-body"> <div id="readme" class="md"> <div class="markdown-heading"> <h1 class="heading-element">SecureCode.</h1> </div> <p>SecureCode. is an application designed to help code security by pinpointing vulnerabilities.</p> <p>With the help of Cloudflare AI Model, Our app detects various parameters crucial for securing your codebase:</p> <p><strong>Vulnerability Type:</strong> Indicate the type of vulnerability detected in the code snippet (e.g., SQL injection, cross-site scripting, buffer overflow).</p> <p><strong>Severity Level:</strong> Assign a severity level to each detected vulnerability (e.g., critical, high, medium, low) to prioritize remediation efforts.</p> <p><strong>Location:</strong> Highlight the specific location within the code where the vulnerability was detected (e.g., line number, function name, file name) to facilitate debugging and fixing.</p> <p><strong>Explanation:</strong> Provide a brief explanation or description of the detected vulnerability, including how it could potentially be exploited and its impact on security.</p> <p><strong>Recommendations:</strong> Offer recommendations or suggested fixes to address the detected vulnerabilities, such as code changes or security best practices to follow.</p> <p><strong>Overall Security Percentage:</strong> Return the overall security percentage of the given code.</p> <div class="markdown-heading"> <h2 class="heading-element">Tech</h2>…</div> </div> </div> <div class="gh-btn-container"><a class="gh-btn" href="https://github.com/mohandotdev/secure-code" rel="noopener noreferrer">View on GitHub</a></div> </div> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F25wdgd6qjq0u55s5r2ox.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F25wdgd6qjq0u55s5r2ox.png" alt="SecureCode." width="800" height="407"></a></p> <h2> Journey </h2> <p>Initially we had a conversation on what to do for this challenge. We found ourselves pondering the prevalent issue of code security. Realizing the gap between coding and the secure practices, we saw an opportunity to bridge this divide. What if there existed a tool that not only identified vulnerabilities within our code but also served as an educational resource? A solution that not only pinpointed weaknesses but also imparted valuable insights on fortification against potential threats.</p> <p>We tried to draft the parameters that are essentially helpful for the user for the given code. Then come up with some parameters that will be helpful for the developer. Those are Vulnerability Type, Severity Level, Location, Explanation, Recommendations, and Overall Security Score.</p> <p>Then we played with the various prompts in the <a href="https://playground.ai.cloudflare.com/" rel="noopener noreferrer">Cloudflare's AI model playground</a> and we have chosen the <code>llama-2-7b-chat-fp16</code> model because of its better results.</p> <p>Then we crafted a minimalistic design in Figma. Once we got the blueprint of how it should look like, we started working on building the applcaiiton. </p> <p>Coming to the backend, we have deployed the AI model in the Cloudflare Workers. Which we have used to genrate the result in the frontend. The following is the code for the deplyed AI worker.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">"</span><span class="s2">fetch</span><span class="dl">"</span><span class="p">,</span> <span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">event</span><span class="p">.</span><span class="nf">respondWith</span><span class="p">(</span><span class="nf">handleRequest</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">request</span><span class="p">));</span> <span class="p">});</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">handleRequest</span><span class="p">(</span><span class="nx">request</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">request</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">codeSnippet</span> <span class="o">=</span> <span class="nx">body</span><span class="p">.</span><span class="nx">code</span><span class="p">;</span> <span class="c1">// Safety Check: Ensure codeSnippet exists and is a string</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">codeSnippet</span> <span class="o">||</span> <span class="k">typeof</span> <span class="nx">codeSnippet</span> <span class="o">!==</span> <span class="dl">"</span><span class="s2">string</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">responseData</span> <span class="o">=</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">400</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Invalid code snippet provided</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">};</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">responseData</span><span class="p">),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">content-type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Origin</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">*</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">messages</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">role</span><span class="p">:</span> <span class="dl">"</span><span class="s2">system</span><span class="dl">"</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="dl">'</span><span class="s1">You are a helpful assistant tasked with analyzing code snippets for vulnerabilities. </span><span class="se">\n\n</span><span class="s1">Return Output in the following example JSON format:</span><span class="se">\n</span><span class="s1">``` json</span><span class="se">\n</span><span class="s1">{</span><span class="se">\n</span><span class="s1">"Vulnerability Type": "&lt;Vulnerability Type&gt;",</span><span class="se">\n</span><span class="s1">"Severity Level": "&lt;Level&gt;",</span><span class="se">\n</span><span class="s1">"Location": "&lt;Line Number&gt;",</span><span class="se">\n</span><span class="s1">"Explanation": "&lt;Explanation about the vulnerability&gt;",</span><span class="se">\n</span><span class="s1">"Recommendations": "&lt;Offer recommendations or suggested fixes&gt;",</span><span class="se">\n</span><span class="s1">"Overall Security Score": "&lt;Percentage&gt;"</span><span class="se">\n</span><span class="s1">}</span><span class="se">\n</span><span class="s1"> ```</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="na">role</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user</span><span class="dl">"</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="nx">codeSnippet</span> <span class="p">},</span> <span class="p">],</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span> <span class="dl">"</span><span class="s2">https://api.cloudflare.com/client/v4/accounts/account_ID/ai/run/@cf/meta/llama-2-7b-chat-fp16</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer Account_Token`</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Origin</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">*</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">payload</span><span class="p">,</span> <span class="p">}</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">aiResult</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">stringifiedJson</span> <span class="o">=</span> <span class="nx">aiResult</span><span class="p">.</span><span class="nx">result</span><span class="p">.</span><span class="nx">response</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">start</span> <span class="o">=</span> <span class="nx">stringifiedJson</span><span class="p">.</span><span class="nf">indexOf</span><span class="p">(</span><span class="dl">"</span><span class="s2">{</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">end</span> <span class="o">=</span> <span class="nx">stringifiedJson</span><span class="p">.</span><span class="nf">lastIndexOf</span><span class="p">(</span><span class="dl">"</span><span class="s2">}</span><span class="dl">"</span><span class="p">)</span> <span class="o">+</span> <span class="mi">1</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">jsonPart</span> <span class="o">=</span> <span class="nx">stringifiedJson</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="nx">start</span><span class="p">,</span> <span class="nx">end</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">parsedJson</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">jsonPart</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">responseData</span> <span class="o">=</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">parsedJson</span><span class="p">,</span> <span class="p">};</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">responseData</span><span class="p">),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">content-type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Origin</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">*</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">responseData</span> <span class="o">=</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">500</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Oops! Looks like your input took a wrong turn :(</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">};</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Response</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">responseData</span><span class="p">),</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">content-type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Access-Control-Allow-Origin</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">*</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>We're excited to be exploring the Cloudflare platform for the first time! It's been an amazing learning experience, and we're looking forward to using this tool for many more projects in the future. Thanks a lot for taking the time to read about our journey!</p> <p>Team members - <a class="mentioned-user" href="https://dev.to/engineeredsoul">@engineeredsoul</a> <a class="mentioned-user" href="https://dev.to/mohandotdev">@mohandotdev</a> <a class="mentioned-user" href="https://dev.to/santoholic">@santoholic</a> <a class="mentioned-user" href="https://dev.to/sanjayalagappan">@sanjayalagappan</a> </p> cloudflarechallenge devchallenge ai