bkimminich/juice-shop

View on GitHub

Showing 87 of 87 total issues

Function restoreProgress has a Cognitive Complexity of 17 (exceeds 7 allowed). Consider refactoring.
Open

module.exports = function restoreProgress () {
  return ({ params }, res) => {
    const continueCode = params.continueCode
    const ids = hashids.decode(continueCode)
    if (utils.notSolved(challenges.continueCodeChallenge) && ids.indexOf(999) > -1) {
Severity: Minor
Found in routes/restoreProgress.js - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Function handleXmlUpload has a Cognitive Complexity of 17 (exceeds 7 allowed). Consider refactoring.
Open

function handleXmlUpload ({ file }, res, next) {
  if (utils.endsWith(file.originalname.toLowerCase(), '.xml')) {
    utils.solveIf(challenges.deprecatedInterfaceChallenge, () => { return true })
    if (file.buffer && !utils.disableOnContainerEnv()) { // XXE attacks in Docker/Heroku containers regularly cause "segfault" crashes
      const data = file.buffer.toString()
Severity: Minor
Found in routes/fileUpload.js - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Function searchProducts has 49 lines of code (exceeds 30 allowed). Consider refactoring.
Open

module.exports = function searchProducts () {
  return (req, res, next) => {
    let criteria = req.query.q === 'undefined' ? '' : req.query.q || ''
    criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)
    models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`)
Severity: Minor
Found in routes/search.js - About 1 hr to fix

    Function getUserProfile has 48 lines of code (exceeds 30 allowed). Consider refactoring.
    Open

    module.exports = function getUserProfile () {
      return (req, res, next) => {
        fs.readFile('views/userProfile.pug', function (err, buf) {
          if (err) throw err
          const loggedInUser = insecurity.authenticatedUsers.get(req.cookies.token)
    Severity: Minor
    Found in routes/userProfile.js - About 1 hr to fix

      Function productReviews has 45 lines of code (exceeds 30 allowed). Consider refactoring.
      Open

      module.exports = function productReviews () {
        return (req, res, next) => {
          const id = req.body.id
          const user = insecurity.authenticatedUsers.from(req)
          db.reviews.findOne({ _id: id }).then(review => {
      Severity: Minor
      Found in routes/likeProductReviews.js - About 1 hr to fix

        Function upgradeToDeluxe has a Cognitive Complexity of 15 (exceeds 7 allowed). Consider refactoring.
        Open

        module.exports.upgradeToDeluxe = function upgradeToDeluxe () {
          return async (req, res, next) => {
            const user = await models.User.findOne({ where: { id: req.body.UserId, role: insecurity.roles.customer } })
            if (!user) {
              res.status(400).json({ status: 'error', error: 'Something went wrong. Please try again!' })
        Severity: Minor
        Found in routes/deluxe.js - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Function status has 44 lines of code (exceeds 30 allowed). Consider refactoring.
        Open

        module.exports.status = function status () {
          return async (req, res, next) => {
            if (!bot) {
              res.status(200).json({
                status: false,
        Severity: Minor
        Found in routes/chatbot.js - About 1 hr to fix

          Function addToBasket has 43 lines of code (exceeds 30 allowed). Consider refactoring.
          Open

            addToBasket (id?: number) {
              this.basketService.find(Number(sessionStorage.getItem('bid'))).subscribe((basket) => {
                let productsInBasket: any = basket.Products
                let found = false
                for (let i = 0; i < productsInBasket.length; i++) {
          Severity: Minor
          Found in frontend/src/app/search-result/search-result.component.ts - About 1 hr to fix

            Function ngOnInit has 42 lines of code (exceeds 30 allowed). Consider refactoring.
            Open

              ngOnInit () {
                this.getLanguages()
                this.basketService.getItemTotal().subscribe(x => this.itemTotal = x)
                this.administrationService.getApplicationVersion().subscribe((version: any) => {
                  if (version) {
            Severity: Minor
            Found in frontend/src/app/navbar/navbar.component.ts - About 1 hr to fix

              Function determineDisabledEnv has a Cognitive Complexity of 14 (exceeds 7 allowed). Consider refactoring.
              Open

              exports.determineDisabledEnv = (disabledEnv) => {
                if (isDocker()) {
                  return disabledEnv && (disabledEnv === 'Docker' || disabledEnv.includes('Docker')) ? 'Docker' : null
                } else if (isHeroku) {
                  return disabledEnv && (disabledEnv === 'Heroku' || disabledEnv.includes('Heroku')) ? 'Heroku' : null
              Severity: Minor
              Found in lib/utils.js - About 1 hr to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Function respond has a Cognitive Complexity of 14 (exceeds 7 allowed). Consider refactoring.
              Open

              module.exports.process = function respond () {
                return async (req, res, next) => {
                  if (!bot) {
                    res.status(200).json({
                      action: 'response',
              Severity: Minor
              Found in routes/chatbot.js - About 1 hr to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Function queryResultToJson has a Cognitive Complexity of 14 (exceeds 7 allowed). Consider refactoring.
              Open

              exports.queryResultToJson = (data, status) => {
                let wrappedData = {}
                if (data) {
                  if (!data.length && data.dataValues) {
                    wrappedData = data.dataValues
              Severity: Minor
              Found in lib/utils.js - About 1 hr to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Function save has 40 lines of code (exceeds 30 allowed). Consider refactoring.
              Open

                save () {
                  this.address.country = this.countryControl.value
                  this.address.fullName = this.nameControl.value
                  this.address.mobileNum = this.numberControl.value
                  this.address.zipCode = this.pinControl.value
              Severity: Minor
              Found in frontend/src/app/address-create/address-create.component.ts - About 1 hr to fix

                Function mimeType has 40 lines of code (exceeds 30 allowed). Consider refactoring.
                Open

                export const mimeType = (
                  control: AbstractControl
                ): Promise<{ [key: string]: any }> | Observable<{ [key: string]: any }> => {
                  if (typeof(control.value) === 'string') {
                    return of(null)
                Severity: Minor
                Found in frontend/src/app/photo-wall/mime-type.validator.ts - About 1 hr to fix

                  Function updateLoop has 39 lines of code (exceeds 30 allowed). Consider refactoring.
                  Open

                    const updateLoop = setInterval(() => {
                      const version = utils.version()
                      const { major, minor, patch } = version.match(/(?<major>[0-9]+).(?<minor>[0-9]+).(?<patch>[0-9]+)/).groups
                      versionMetrics.set({ version, major, minor, patch }, 1)
                  
                  
                  Severity: Minor
                  Found in routes/metrics.js - About 1 hr to fix

                    Function resetPassword has 37 lines of code (exceeds 30 allowed). Consider refactoring.
                    Open

                    module.exports = function resetPassword () {
                      return ({ body, connection }, res, next) => {
                        const email = body.email
                        const answer = body.answer
                        const newPassword = body.new
                    Severity: Minor
                    Found in routes/resetPassword.js - About 1 hr to fix

                      Function processQuery has a Cognitive Complexity of 13 (exceeds 7 allowed). Consider refactoring.
                      Open

                      async function processQuery (user, req, res) {
                        const username = user.username
                        if (!username) {
                          res.status(200).json({
                            action: 'namequery',
                      Severity: Minor
                      Found in routes/chatbot.js - About 1 hr to fix

                      Cognitive Complexity

                      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                      A method's cognitive complexity is based on a few simple rules:

                      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                      • Code is considered more complex for each "break in the linear flow of the code"
                      • Code is considered more complex when "flow breaking structures are nested"

                      Further reading

                      Function b2bOrder has a Cognitive Complexity of 13 (exceeds 7 allowed). Consider refactoring.
                      Open

                      module.exports = function b2bOrder () {
                        return ({ body }, res, next) => {
                          if (!utils.disableOnContainerEnv()) {
                            const orderLinesData = body.orderLinesData || ''
                            try {
                      Severity: Minor
                      Found in routes/b2bOrder.js - About 1 hr to fix

                      Cognitive Complexity

                      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                      A method's cognitive complexity is based on a few simple rules:

                      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                      • Code is considered more complex for each "break in the linear flow of the code"
                      • Code is considered more complex when "flow breaking structures are nested"

                      Further reading

                      Function addBasketItem has 36 lines of code (exceeds 30 allowed). Consider refactoring.
                      Open

                      module.exports.addBasketItem = function addBasketItem () {
                        return (req, res, next) => {
                          var result = utils.parseJsonCustom(req.rawBody)
                          var productIds = []
                          var basketIds = []
                      Severity: Minor
                      Found in routes/basketItems.js - About 1 hr to fix

                        Function respond has 34 lines of code (exceeds 30 allowed). Consider refactoring.
                        Open

                        module.exports.process = function respond () {
                          return async (req, res, next) => {
                            if (!bot) {
                              res.status(200).json({
                                action: 'response',
                        Severity: Minor
                        Found in routes/chatbot.js - About 1 hr to fix
                          Severity
                          Category
                          Status
                          Source
                          Language