RocketChat/Rocket.Chat

View on GitHub
apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts

Summary

Maintainability
F
5 days
Test Coverage

Function validate has a Cognitive Complexity of 52 (exceeds 5 allowed). Consider refactoring.
Open

    public validate(xml: string, callback: IResponseValidateCallback): void {
        // We currently use RelayState to save SAML provider
        SAMLUtils.log(`Validating response with relay state: ${xml}`);

        let error: Error | null = null;
Severity: Minor
Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 1 day to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

File Response.ts has 379 lines of code (exceeds 250 allowed). Consider refactoring.
Open

import xmldom from '@xmldom/xmldom';
import xmlCrypto from 'xml-crypto';
import xmlenc from 'xml-encryption';

import type { ISAMLAssertion } from '../../definition/ISAMLAssertion';
Severity: Minor
Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 5 hrs to fix

    Function validate has 127 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

        public validate(xml: string, callback: IResponseValidateCallback): void {
            // We currently use RelayState to save SAML provider
            SAMLUtils.log(`Validating response with relay state: ${xml}`);
    
            let error: Error | null = null;
    Severity: Major
    Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 5 hrs to fix

      Function mapAttributes has a Cognitive Complexity of 21 (exceeds 5 allowed). Consider refactoring.
      Open

          private mapAttributes(attributeStatement: Element, profile: Record<string, any>): void {
              SAMLUtils.log(`Attribute Statement found in SAML response: ${attributeStatement}`);
              const attributes = attributeStatement.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'Attribute');
              SAMLUtils.log(`Attributes will be processed: ${attributes.length}`);
      
      
      Severity: Minor
      Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 2 hrs to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Function verifySignatures has a Cognitive Complexity of 17 (exceeds 5 allowed). Consider refactoring.
      Open

          private verifySignatures(response: Element, assertionData: ISAMLAssertion, xml: string): void {
              if (!this.serviceProviderOptions.cert) {
                  return;
              }
      
      
      Severity: Minor
      Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 2 hrs to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Function mapAttributes has 43 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

          private mapAttributes(attributeStatement: Element, profile: Record<string, any>): void {
              SAMLUtils.log(`Attribute Statement found in SAML response: ${attributeStatement}`);
              const attributes = attributeStatement.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'Attribute');
              SAMLUtils.log(`Attributes will be processed: ${attributes.length}`);
      
      
      Severity: Minor
      Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 1 hr to fix

        Function verifySignatures has 36 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

            private verifySignatures(response: Element, assertionData: ISAMLAssertion, xml: string): void {
                if (!this.serviceProviderOptions.cert) {
                    return;
                }
        
        
        Severity: Minor
        Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 1 hr to fix

          Function getAssertion has 33 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

              private getAssertion(response: Element, xml: string): ISAMLAssertion {
                  const allAssertions = response.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'Assertion');
                  const allEncrypedAssertions = response.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'EncryptedAssertion');
          
                  if (allAssertions.length + allEncrypedAssertions.length > 1) {
          Severity: Minor
          Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 1 hr to fix

            Function validateNotBeforeNotOnOrAfterAssertions has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.
            Open

                private validateNotBeforeNotOnOrAfterAssertions(element: Element): boolean {
                    const sysnow = new Date();
                    const allowedclockdrift = this.serviceProviderOptions.allowedClockDrift || 0;
            
                    const now = new Date(sysnow.getTime() + allowedclockdrift);
            Severity: Minor
            Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 1 hr to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Avoid too many return statements within this function.
            Open

                        return callback(e instanceof Error ? e : String(e), null, false);
            Severity: Major
            Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 30 mins to fix

              Avoid too many return statements within this function.
              Open

                          return callback(new Error(`Status is: ${statusValidateObj.statusCode}`), null, false);
              Severity: Major
              Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 30 mins to fix

                Avoid too many return statements within this function.
                Open

                                return callback(new Error('Missing StatusCode'), null, false);
                Severity: Major
                Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 30 mins to fix

                  Avoid too many return statements within this function.
                  Open

                              return callback(e instanceof Error ? e : String(e), null, false);
                  Severity: Major
                  Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 30 mins to fix

                    Avoid too many return statements within this function.
                    Open

                                    return callback(e instanceof Error ? e : String(e), null, false);
                    Severity: Major
                    Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 30 mins to fix

                      Avoid too many return statements within this function.
                      Open

                                  return callback(e instanceof Error ? e : String(e), null, false);
                      Severity: Major
                      Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 30 mins to fix

                        Avoid too many return statements within this function.
                        Open

                                return callback(null, profile, false);
                        Severity: Major
                        Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 30 mins to fix

                          Avoid too many return statements within this function.
                          Open

                                          return callback(new Error(statusValidateObj.message), null, false);
                          Severity: Major
                          Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 30 mins to fix

                            Avoid too many return statements within this function.
                            Open

                                    return true;
                            Severity: Major
                            Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 30 mins to fix

                              Function validateSignatureChildren has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
                              Open

                                  private validateSignatureChildren(xml: string, cert: string, parent: XmlParent): boolean {
                                      const xpathSigQuery = ".//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']";
                                      const signatures = xmlCrypto.xpath(parent, xpathSigQuery) as Array<Element>;
                                      let signature = null;
                              
                              
                              Severity: Minor
                              Found in apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts - About 25 mins to fix

                              Cognitive Complexity

                              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                              A method's cognitive complexity is based on a few simple rules:

                              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                              • Code is considered more complex for each "break in the linear flow of the code"
                              • Code is considered more complex when "flow breaking structures are nested"

                              Further reading

                              Similar blocks of code found in 2 locations. Consider refactoring.
                              Open

                                      if (element.hasAttribute('NotBefore')) {
                                          const notBefore: string | null = element.getAttribute('NotBefore');
                              
                                          if (!notBefore) {
                                              return false;
                              apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts on lines 397..408

                              Duplicated Code

                              Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                              Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                              When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                              Tuning

                              This issue has a mass of 74.

                              We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                              The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                              If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                              See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                              Refactorings

                              Further Reading

                              Similar blocks of code found in 2 locations. Consider refactoring.
                              Open

                                      if (element.hasAttribute('NotOnOrAfter')) {
                                          const notOnOrAfter: string | null = element.getAttribute('NotOnOrAfter');
                                          if (!notOnOrAfter) {
                                              return false;
                                          }
                              apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts on lines 384..395

                              Duplicated Code

                              Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                              Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                              When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                              Tuning

                              This issue has a mass of 74.

                              We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                              The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                              If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                              See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                              Refactorings

                              Further Reading

                              Identical blocks of code found in 2 locations. Consider refactoring.
                              Open

                                              fatalError: (e: any) => {
                                                  if (e instanceof Error) {
                                                      error = e;
                                                      return;
                                                  }
                              apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts on lines 41..53

                              Duplicated Code

                              Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                              Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                              When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                              Tuning

                              This issue has a mass of 58.

                              We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                              The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                              If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                              See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                              Refactorings

                              Further Reading

                              Identical blocks of code found in 2 locations. Consider refactoring.
                              Open

                                              error: (e: Error) => {
                                                  if (e instanceof Error) {
                                                      error = e;
                                                      return;
                                                  }
                              apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts on lines 28..40

                              Duplicated Code

                              Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                              Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                              When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                              Tuning

                              This issue has a mass of 58.

                              We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                              The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                              If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                              See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                              Refactorings

                              Further Reading

                              Similar blocks of code found in 2 locations. Consider refactoring.
                              Open

                                      if (subjectConfirmation) {
                                          const subjectConfirmationData = subjectConfirmation.getElementsByTagNameNS(
                                              'urn:oasis:names:tc:SAML:2.0:assertion',
                                              'SubjectConfirmationData',
                                          )[0];
                              apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts on lines 413..418

                              Duplicated Code

                              Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                              Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                              When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                              Tuning

                              This issue has a mass of 51.

                              We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                              The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                              If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                              See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                              Refactorings

                              Further Reading

                              Similar blocks of code found in 2 locations. Consider refactoring.
                              Open

                                  private validateAssertionConditions(assertion: XmlParent): void {
                                      const conditions = assertion.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:assertion', 'Conditions')[0];
                                      if (conditions && !this.validateNotBeforeNotOnOrAfterAssertions(conditions)) {
                                          throw new Error('NotBefore / NotOnOrAfter assertion failed');
                                      }
                              apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts on lines 367..375

                              Duplicated Code

                              Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                              Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                              When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                              Tuning

                              This issue has a mass of 51.

                              We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                              The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                              If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                              See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                              Refactorings

                              Further Reading

                              Similar blocks of code found in 2 locations. Consider refactoring.
                              Open

                                      try {
                                          this.validateAssertionConditions(assertion);
                                      } catch (e) {
                                          return callback(e instanceof Error ? e : String(e), null, false);
                                      }
                              apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts on lines 130..134

                              Duplicated Code

                              Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                              Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                              When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                              Tuning

                              This issue has a mass of 47.

                              We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                              The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                              If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                              See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                              Refactorings

                              Further Reading

                              Similar blocks of code found in 2 locations. Consider refactoring.
                              Open

                                          try {
                                              this.validateSubjectConditions(subject);
                                          } catch (e) {
                                              return callback(e instanceof Error ? e : String(e), null, false);
                                          }
                              apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts on lines 137..141

                              Duplicated Code

                              Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                              Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                              When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                              Tuning

                              This issue has a mass of 47.

                              We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                              The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                              If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                              See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                              Refactorings

                              Further Reading

                              There are no issues that match your filters.

                              Category
                              Status