bkimminich/juice-shop

View on GitHub

Showing 69 of 69 total issues

File server.js has 467 lines of code (exceeds 300 allowed). Consider refactoring.
Open

/*
 * Copyright (c) 2014-2020 Bjoern Kimminich.
 * SPDX-License-Identifier: MIT
 */

Severity: Minor
Found in server.js - About 6 hrs to fix

    Function placeOrder has 143 lines of code (exceeds 30 allowed). Consider refactoring.
    Open

    module.exports = function placeOrder () {
      return (req, res, next) => {
        const id = req.params.id
        models.Basket.findOne({ where: { id }, include: [{ model: models.Product, paranoid: false }] })
          .then(async basket => {
    Severity: Major
    Found in routes/order.js - About 5 hrs to fix

      File 2faSpec.js has 381 lines of code (exceeds 300 allowed). Consider refactoring.
      Open

      /*
       * Copyright (c) 2014-2020 Bjoern Kimminich.
       * SPDX-License-Identifier: MIT
       */
      
      
      Severity: Minor
      Found in test/api/2faSpec.js - About 3 hrs to fix

        File dataExportApiSpec.js has 354 lines of code (exceeds 300 allowed). Consider refactoring.
        Open

        /*
         * Copyright (c) 2014-2020 Bjoern Kimminich.
         * SPDX-License-Identifier: MIT
         */
        
        
        Severity: Minor
        Found in test/api/dataExportApiSpec.js - About 3 hrs to fix

          Function observeMetrics has 86 lines of code (exceeds 30 allowed). Consider refactoring.
          Open

          exports.observeMetrics = function observeMetrics () {
            const app = config.get('application.customMetricsPrefix')
            const intervalCollector = Prometheus.collectDefaultMetrics({ timeout: 5000 })
            register.setDefaultLabels({ app })
          
          
          Severity: Major
          Found in routes/metrics.js - About 3 hrs to fix

            File configValidationSpec.js has 329 lines of code (exceeds 300 allowed). Consider refactoring.
            Open

            /*
             * Copyright (c) 2014-2020 Bjoern Kimminich.
             * SPDX-License-Identifier: MIT
             */
            
            
            Severity: Minor
            Found in test/server/configValidationSpec.js - About 2 hrs to fix

              Function login has 64 lines of code (exceeds 30 allowed). Consider refactoring.
              Open

              module.exports = function login () {
                function afterLogin (user, res, next) {
                  verifyPostLoginChallenges(user)
                  models.Basket.findOrCreate({ where: { userId: user.data.id }, defaults: {} })
                    .then(([basket]) => {
              Severity: Major
              Found in routes/login.js - About 2 hrs to fix

                File search-result.component.spec.ts has 313 lines of code (exceeds 300 allowed). Consider refactoring.
                Open

                /*
                 * Copyright (c) 2014-2020 Bjoern Kimminich.
                 * SPDX-License-Identifier: MIT
                 */
                
                
                Severity: Minor
                Found in frontend/src/app/search-result/search-result.component.spec.ts - About 2 hrs to fix

                  File verify.js has 313 lines of code (exceeds 300 allowed). Consider refactoring.
                  Open

                  /*
                   * Copyright (c) 2014-2020 Bjoern Kimminich.
                   * SPDX-License-Identifier: MIT
                   */
                  
                  
                  Severity: Minor
                  Found in routes/verify.js - About 2 hrs to fix

                    Function getLanguageList has 61 lines of code (exceeds 30 allowed). Consider refactoring.
                    Open

                    module.exports = function getLanguageList () {
                      return (req, res, next) => {
                        const languages = []
                        let count = 0
                        let enContent
                    Severity: Major
                    Found in routes/languages.js - About 2 hrs to fix

                      Function dataExport has 61 lines of code (exceeds 30 allowed). Consider refactoring.
                      Open

                      module.exports = function dataExport () {
                        return async (req, res, next) => {
                          const loggedInUser = insecurity.authenticatedUsers.get(req.headers.authorization.replace('Bearer ', ''))
                          if (loggedInUser && loggedInUser.data && loggedInUser.data.email && loggedInUser.data.id) {
                            const username = loggedInUser.data.username
                      Severity: Major
                      Found in routes/dataExport.js - About 2 hrs to fix

                        Function changePassword has a Cognitive Complexity of 18 (exceeds 7 allowed). Consider refactoring.
                        Open

                        module.exports = function changePassword () {
                          return ({ query, headers, connection }, res, next) => {
                            const currentPassword = query.current
                            const newPassword = query.new
                            const repeatPassword = query.repeat
                        Severity: Minor
                        Found in routes/changePassword.js - About 2 hrs to fix

                        Cognitive Complexity

                        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                        A method's cognitive complexity is based on a few simple rules:

                        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                        • Code is considered more complex for each "break in the linear flow of the code"
                        • Code is considered more complex when "flow breaking structures are nested"

                        Further reading

                        Function databaseRelatedChallenges has a Cognitive Complexity of 18 (exceeds 7 allowed). Consider refactoring.
                        Open

                        exports.databaseRelatedChallenges = () => (req, res, next) => {
                          if (utils.notSolved(challenges.changeProductChallenge) && products.osaft) {
                            changeProductChallenge(products.osaft)
                          }
                          if (utils.notSolved(challenges.feedbackChallenge)) {
                        Severity: Minor
                        Found in routes/verify.js - About 2 hrs to fix

                        Cognitive Complexity

                        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                        A method's cognitive complexity is based on a few simple rules:

                        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                        • Code is considered more complex for each "break in the linear flow of the code"
                        • Code is considered more complex when "flow breaking structures are nested"

                        Further reading

                        Function retrieveLoggedInUser has a Cognitive Complexity of 17 (exceeds 7 allowed). Consider refactoring.
                        Open

                        module.exports = function retrieveLoggedInUser () {
                          return (req, res) => {
                            let user
                            try {
                              if (insecurity.verify(req.cookies.token)) {
                        Severity: Minor
                        Found in routes/currentUser.js - About 1 hr to fix

                        Cognitive Complexity

                        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                        A method's cognitive complexity is based on a few simple rules:

                        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                        • Code is considered more complex for each "break in the linear flow of the code"
                        • Code is considered more complex when "flow breaking structures are nested"

                        Further reading

                        Function handleXmlUpload has a Cognitive Complexity of 17 (exceeds 7 allowed). Consider refactoring.
                        Open

                        function handleXmlUpload ({ file }, res, next) {
                          if (utils.endsWith(file.originalname.toLowerCase(), '.xml')) {
                            utils.solveIf(challenges.deprecatedInterfaceChallenge, () => { return true })
                            if (file.buffer && !utils.disableOnContainerEnv()) { // XXE attacks in Docker/Heroku containers regularly cause "segfault" crashes
                              const data = file.buffer.toString()
                        Severity: Minor
                        Found in routes/fileUpload.js - About 1 hr to fix

                        Cognitive Complexity

                        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                        A method's cognitive complexity is based on a few simple rules:

                        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                        • Code is considered more complex for each "break in the linear flow of the code"
                        • Code is considered more complex when "flow breaking structures are nested"

                        Further reading

                        Function restoreProgress has a Cognitive Complexity of 17 (exceeds 7 allowed). Consider refactoring.
                        Open

                        module.exports = function restoreProgress () {
                          return ({ params }, res) => {
                            const continueCode = params.continueCode
                            const ids = hashids.decode(continueCode)
                            if (utils.notSolved(challenges.continueCodeChallenge) && ids.indexOf(999) > -1) {
                        Severity: Minor
                        Found in routes/restoreProgress.js - About 1 hr to fix

                        Cognitive Complexity

                        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                        A method's cognitive complexity is based on a few simple rules:

                        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                        • Code is considered more complex for each "break in the linear flow of the code"
                        • Code is considered more complex when "flow breaking structures are nested"

                        Further reading

                        Function searchProducts has 49 lines of code (exceeds 30 allowed). Consider refactoring.
                        Open

                        module.exports = function searchProducts () {
                          return (req, res, next) => {
                            let criteria = req.query.q === 'undefined' ? '' : req.query.q || ''
                            criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
                            models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`)
                        Severity: Minor
                        Found in routes/search.js - About 1 hr to fix

                          Function getUserProfile has 48 lines of code (exceeds 30 allowed). Consider refactoring.
                          Open

                          module.exports = function getUserProfile () {
                            return (req, res, next) => {
                              fs.readFile('views/userProfile.pug', function (err, buf) {
                                if (err) throw err
                                const loggedInUser = insecurity.authenticatedUsers.get(req.cookies.token)
                          Severity: Minor
                          Found in routes/userProfile.js - About 1 hr to fix

                            Function productReviews has 45 lines of code (exceeds 30 allowed). Consider refactoring.
                            Open

                            module.exports = function productReviews () {
                              return (req, res, next) => {
                                const id = req.body.id
                                const user = insecurity.authenticatedUsers.from(req)
                                db.reviews.findOne({ _id: id }).then(review => {
                            Severity: Minor
                            Found in routes/likeProductReviews.js - About 1 hr to fix

                              Function ngOnInit has 42 lines of code (exceeds 30 allowed). Consider refactoring.
                              Open

                                ngOnInit () {
                                  this.getLanguages()
                                  this.basketService.getItemTotal().subscribe(x => this.itemTotal = x)
                                  this.administrationService.getApplicationVersion().subscribe((version: any) => {
                                    if (version) {
                              Severity: Minor
                              Found in frontend/src/app/navbar/navbar.component.ts - About 1 hr to fix
                                Severity
                                Category
                                Status
                                Source
                                Language