These are a set of “suspicious” nodejs patterns that might reveal vulnerabilities.
# Returns instances where anti xss measures are deployed
egrep -r --include "*.cs" -e "(AntiXssEncoder|Server\.HtmlEncode|Html.Encode)" .
# Returns possible command injection areas
egrep -r --include "*.cs" -e "(Process|Process\.Start)\(" .
# Returns possible xss scenarios (string concatention in HTML/XML)
egrep -r --include "*.cs" -e "<.*>\"\s*\+.*\+\s*\"<.*>" .
# Returns places where anti csrf measure are deployed
egrep -r --include "*.cs" -e "ValidateAntiForgeryToken" .
# Returns places where raw sql statements are executed
egrep -r --include "*.cs" -e "(ExecuteNonQuery|SqlCommand)\(" .