juice-shop/juice-shop

View on GitHub

Showing 126 of 126 total issues

File server.ts has 544 lines of code (exceeds 300 allowed). Consider refactoring.
Open

/*
 * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
 * SPDX-License-Identifier: MIT
 */
import dataErasure from './routes/dataErasure'
Severity: Major
Found in server.ts - About 7 hrs to fix

    Function placeOrder has 137 lines of code (exceeds 30 allowed). Consider refactoring.
    Open

    module.exports = function placeOrder () {
      return (req: Request, res: Response, next: NextFunction) => {
        const id = req.params.id
        BasketModel.findOne({ where: { id }, include: [{ model: ProductModel, paranoid: false, as: 'Products' }] })
          .then(async (basket: BasketModel | null) => {
    Severity: Major
    Found in routes/order.ts - About 5 hrs to fix

      Function retrieveCodeSnippet has a Cognitive Complexity of 36 (exceeds 7 allowed). Consider refactoring.
      Open

      export const retrieveCodeSnippet = async (key: string, pass: boolean = false) => {
        let challenge = challenges[key]
        if (pass) challenge = { key }
        if (challenge) {
          if (!cache[challenge.key]) {
      Severity: Minor
      Found in routes/vulnCodeSnippet.ts - About 5 hrs to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Function observeMetrics has 124 lines of code (exceeds 30 allowed). Consider refactoring.
      Open

      exports.observeMetrics = function observeMetrics () {
        const app = config.get('application.customMetricsPrefix')
        const intervalCollector = Prometheus.collectDefaultMetrics({ timeout: 5000 })
        register.setDefaultLabels({ app })
      
      
      Severity: Major
      Found in routes/metrics.ts - About 4 hrs to fix

        Function relationsInit has 107 lines of code (exceeds 30 allowed). Consider refactoring.
        Open

        const relationsInit = (_sequelize: Sequelize) => {
          AddressModel.belongsTo(UserModel, {
            constraints: true,
            foreignKeyConstraint: true,
            foreignKey: {
        Severity: Major
        Found in models/relations.ts - About 4 hrs to fix

          File 2faSpec.ts has 381 lines of code (exceeds 300 allowed). Consider refactoring.
          Open

          /*
           * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
           * SPDX-License-Identifier: MIT
           */
          
          
          Severity: Minor
          Found in test/api/2faSpec.ts - About 3 hrs to fix

            Function UserModelInit has 103 lines of code (exceeds 30 allowed). Consider refactoring.
            Open

            const UserModelInit = (sequelize: Sequelize) => {
              User.init(
                {
                  id: {
                    type: DataTypes.INTEGER,
            Severity: Major
            Found in models/user.ts - About 3 hrs to fix

              File configValidationSpec.ts has 377 lines of code (exceeds 300 allowed). Consider refactoring.
              Open

              /*
               * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
               * SPDX-License-Identifier: MIT
               */
              
              
              Severity: Minor
              Found in test/server/configValidationSpec.ts - About 3 hrs to fix

                Function dataExport has 96 lines of code (exceeds 30 allowed). Consider refactoring.
                Open

                module.exports = function dataExport () {
                  return async (req: Request, res: Response, next: NextFunction) => {
                    const loggedInUser = security.authenticatedUsers.get(req.headers?.authorization?.replace('Bearer ', ''))
                    if (loggedInUser?.data?.email && loggedInUser.data.id) {
                      const username = loggedInUser.data.username
                Severity: Major
                Found in routes/dataExport.ts - About 3 hrs to fix

                  Function checkVulnLines has a Cognitive Complexity of 26 (exceeds 7 allowed). Consider refactoring.
                  Open

                  exports.checkVulnLines = () => async (req: Request<{}, {}, VerdictRequestBody>, res: Response, next: NextFunction) => {
                    const key = req.body.key
                    let snippetData
                    try {
                      snippetData = await retrieveCodeSnippet(key)
                  Severity: Minor
                  Found in routes/vulnCodeSnippet.ts - About 3 hrs to fix

                  Cognitive Complexity

                  Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                  A method's cognitive complexity is based on a few simple rules:

                  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                  • Code is considered more complex for each "break in the linear flow of the code"
                  • Code is considered more complex when "flow breaking structures are nested"

                  Further reading

                  File score-board.component.ts has 356 lines of code (exceeds 300 allowed). Consider refactoring.
                  Open

                  /*
                   * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
                   * SPDX-License-Identifier: MIT
                   */
                  
                  
                  Severity: Minor
                  Found in frontend/src/app/score-board/score-board.component.ts - About 3 hrs to fix

                    ScoreBoardComponent has 28 functions (exceeds 20 allowed). Consider refactoring.
                    Open

                    @Component({
                      selector: 'app-score-board',
                      templateUrl: './score-board.component.html',
                      styleUrls: ['./score-board.component.scss']
                    })
                    Severity: Minor
                    Found in frontend/src/app/score-board/score-board.component.ts - About 3 hrs to fix

                      File dataExportApiSpec.ts has 354 lines of code (exceeds 300 allowed). Consider refactoring.
                      Open

                      /*
                       * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
                       * SPDX-License-Identifier: MIT
                       */
                      
                      
                      Severity: Minor
                      Found in test/api/dataExportApiSpec.ts - About 3 hrs to fix

                        File verify.ts has 348 lines of code (exceeds 300 allowed). Consider refactoring.
                        Open

                        /*
                         * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
                         * SPDX-License-Identifier: MIT
                         */
                        
                        
                        Severity: Minor
                        Found in routes/verify.ts - About 3 hrs to fix

                          File score-board.component.spec.ts has 334 lines of code (exceeds 300 allowed). Consider refactoring.
                          Open

                          /*
                           * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
                           * SPDX-License-Identifier: MIT
                           */
                          
                          
                          Severity: Minor
                          Found in frontend/src/app/score-board/score-board.component.spec.ts - About 2 hrs to fix

                            Function ngOnInit has 75 lines of code (exceeds 30 allowed). Consider refactoring.
                            Open

                              ngOnInit () {
                                this.spinner.show()
                            
                                this.displayedDifficulties = localStorage.getItem('displayedDifficulties') ? JSON.parse(String(localStorage.getItem('displayedDifficulties'))) : [1]
                                this.showSolvedChallenges = localStorage.getItem('showSolvedChallenges') ? JSON.parse(String(localStorage.getItem('showSolvedChallenges'))) : true
                            Severity: Major
                            Found in frontend/src/app/score-board/score-board.component.ts - About 2 hrs to fix

                              Function status has a Cognitive Complexity of 20 (exceeds 7 allowed). Consider refactoring.
                              Open

                              module.exports.status = function status () {
                                return async (req: Request, res: Response, next: NextFunction) => {
                                  if (!bot) {
                                    res.status(200).json({
                                      status: false,
                              Severity: Minor
                              Found in routes/chatbot.ts - About 2 hrs to fix

                              Cognitive Complexity

                              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                              A method's cognitive complexity is based on a few simple rules:

                              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                              • Code is considered more complex for each "break in the linear flow of the code"
                              • Code is considered more complex when "flow breaking structures are nested"

                              Further reading

                              Function checkDiffs has 65 lines of code (exceeds 30 allowed). Consider refactoring.
                              Open

                              const checkDiffs = async (keys: string[]) => {
                                const data: CacheData = keys.reduce((prev, curr) => {
                                  return {
                                    ...prev,
                                    [curr]: {
                              Severity: Major
                              Found in rsn/rsnUtil.ts - About 2 hrs to fix

                                Function updateLoop has 63 lines of code (exceeds 30 allowed). Consider refactoring.
                                Open

                                  const updateLoop = setInterval(() => {
                                    try {
                                      const version = utils.version()
                                      const { major, minor, patch } = version.match(/(?<major>\d+).(?<minor>\d+).(?<patch>\d+)/).groups
                                      versionMetrics.set({ version, major, minor, patch }, 1)
                                Severity: Major
                                Found in routes/metrics.ts - About 2 hrs to fix

                                  File search-result.component.spec.ts has 313 lines of code (exceeds 300 allowed). Consider refactoring.
                                  Open

                                  /*
                                   * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
                                   * SPDX-License-Identifier: MIT
                                   */
                                  
                                  
                                  Severity: Minor
                                  Found in frontend/src/app/search-result/search-result.component.spec.ts - About 2 hrs to fix
                                    Severity
                                    Category
                                    Status
                                    Source
                                    Language