juice-shop/juice-shop

View on GitHub

Showing 86 of 111 total issues

File server.ts has 514 lines of code (exceeds 300 allowed). Consider refactoring.
Open

/*
 * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
 * SPDX-License-Identifier: MIT
 */
import dataErasure from './routes/dataErasure'
Severity: Major
Found in server.ts - About 7 hrs to fix

    Function retrieveCodeSnippet has a Cognitive Complexity of 36 (exceeds 7 allowed). Consider refactoring.
    Open

    export const retrieveCodeSnippet = async (key: string, pass: boolean = false) => {
      let challenge = challenges[key]
      if (pass) challenge = { key }
      if (challenge) {
        if (!cache[challenge.key]) {
    Severity: Minor
    Found in routes/vulnCodeSnippet.ts - About 5 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Function placeOrder has 130 lines of code (exceeds 30 allowed). Consider refactoring.
    Open

    module.exports = function placeOrder () {
      return (req: Request, res: Response, next: NextFunction) => {
        const id = req.params.id
        models.Basket.findOne({ where: { id }, include: [{ model: models.Product, paranoid: false }] })
          .then(async basket => {
    Severity: Major
    Found in routes/order.ts - About 5 hrs to fix

      Function observeMetrics has 114 lines of code (exceeds 30 allowed). Consider refactoring.
      Open

      exports.observeMetrics = function observeMetrics () {
        const app = config.get('application.customMetricsPrefix')
        const intervalCollector = Prometheus.collectDefaultMetrics({ timeout: 5000 })
        register.setDefaultLabels({ app })
      
      
      Severity: Major
      Found in routes/metrics.ts - About 4 hrs to fix

        File 2faSpec.ts has 381 lines of code (exceeds 300 allowed). Consider refactoring.
        Open

        /*
         * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
         * SPDX-License-Identifier: MIT
         */
        
        
        Severity: Minor
        Found in test/api/2faSpec.ts - About 3 hrs to fix

          File configValidationSpec.ts has 377 lines of code (exceeds 300 allowed). Consider refactoring.
          Open

          /*
           * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
           * SPDX-License-Identifier: MIT
           */
          
          
          Severity: Minor
          Found in test/server/configValidationSpec.ts - About 3 hrs to fix

            Function checkVulnLines has a Cognitive Complexity of 26 (exceeds 7 allowed). Consider refactoring.
            Open

            exports.checkVulnLines = () => async (req: Request<{}, {}, VerdictRequestBody>, res: Response, next: NextFunction) => {
              const key = req.body.key
              let snippetData
              try {
                snippetData = await retrieveCodeSnippet(key)
            Severity: Minor
            Found in routes/vulnCodeSnippet.ts - About 3 hrs to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            File score-board.component.ts has 356 lines of code (exceeds 300 allowed). Consider refactoring.
            Open

            /*
             * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
             * SPDX-License-Identifier: MIT
             */
            
            
            Severity: Minor
            Found in frontend/src/app/score-board/score-board.component.ts - About 3 hrs to fix

              ScoreBoardComponent has 28 functions (exceeds 20 allowed). Consider refactoring.
              Open

              @Component({
                selector: 'app-score-board',
                templateUrl: './score-board.component.html',
                styleUrls: ['./score-board.component.scss']
              })
              Severity: Minor
              Found in frontend/src/app/score-board/score-board.component.ts - About 3 hrs to fix

                File dataExportApiSpec.ts has 354 lines of code (exceeds 300 allowed). Consider refactoring.
                Open

                /*
                 * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
                 * SPDX-License-Identifier: MIT
                 */
                
                
                Severity: Minor
                Found in test/api/dataExportApiSpec.ts - About 3 hrs to fix

                  Function ngOnInit has 75 lines of code (exceeds 30 allowed). Consider refactoring.
                  Open

                    ngOnInit () {
                      this.spinner.show()
                  
                      this.displayedDifficulties = localStorage.getItem('displayedDifficulties') ? JSON.parse(String(localStorage.getItem('displayedDifficulties'))) : [1]
                      this.showSolvedChallenges = localStorage.getItem('showSolvedChallenges') ? JSON.parse(String(localStorage.getItem('showSolvedChallenges'))) : true
                  Severity: Major
                  Found in frontend/src/app/score-board/score-board.component.ts - About 2 hrs to fix

                    Function status has a Cognitive Complexity of 20 (exceeds 7 allowed). Consider refactoring.
                    Open

                    module.exports.status = function status () {
                      return async (req: Request, res: Response, next: NextFunction) => {
                        if (!bot) {
                          res.status(200).json({
                            status: false,
                    Severity: Minor
                    Found in routes/chatbot.ts - About 2 hrs to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Function checkDiffs has 65 lines of code (exceeds 30 allowed). Consider refactoring.
                    Open

                    const checkDiffs = async (keys: string[]) => {
                      const data: CacheData = keys.reduce((prev, curr) => {
                        return {
                          ...prev,
                          [curr]: {
                    Severity: Major
                    Found in rsn/rsnUtil.ts - About 2 hrs to fix

                      File verify.ts has 315 lines of code (exceeds 300 allowed). Consider refactoring.
                      Open

                      /*
                       * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
                       * SPDX-License-Identifier: MIT
                       */
                      
                      
                      Severity: Minor
                      Found in routes/verify.ts - About 2 hrs to fix

                        File search-result.component.spec.ts has 313 lines of code (exceeds 300 allowed). Consider refactoring.
                        Open

                        /*
                         * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
                         * SPDX-License-Identifier: MIT
                         */
                        
                        
                        Severity: Minor
                        Found in frontend/src/app/search-result/search-result.component.spec.ts - About 2 hrs to fix

                          Function dataExport has 61 lines of code (exceeds 30 allowed). Consider refactoring.
                          Open

                          module.exports = function dataExport () {
                            return async (req: Request, res: Response, next: NextFunction) => {
                              const loggedInUser = security.authenticatedUsers.get(req.headers?.authorization?.replace('Bearer ', ''))
                              if (loggedInUser?.data?.email && loggedInUser.data.id) {
                                const username = loggedInUser.data.username
                          Severity: Major
                          Found in routes/dataExport.ts - About 2 hrs to fix

                            Function getLanguageList has 61 lines of code (exceeds 30 allowed). Consider refactoring.
                            Open

                            module.exports = function getLanguageList () { // TODO Refactor and extend to also load backend translations from /i18n/*json and calculate joint percentage/gauge
                              return (req: Request, res: Response, next: NextFunction) => {
                                const languages = []
                                let count = 0
                                let enContent
                            Severity: Major
                            Found in routes/languages.ts - About 2 hrs to fix

                              File app.module.ts has 309 lines of code (exceeds 300 allowed). Consider refactoring.
                              Open

                              /*
                               * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
                               * SPDX-License-Identifier: MIT
                               */
                              
                              
                              Severity: Minor
                              Found in frontend/src/app/app.module.ts - About 2 hrs to fix

                                Function databaseRelatedChallenges has a Cognitive Complexity of 18 (exceeds 7 allowed). Consider refactoring.
                                Open

                                exports.databaseRelatedChallenges = () => (req: Request, res: Response, next: NextFunction) => {
                                  if (utils.notSolved(challenges.changeProductChallenge) && products.osaft) {
                                    changeProductChallenge(products.osaft)
                                  }
                                  if (utils.notSolved(challenges.feedbackChallenge)) {
                                Severity: Minor
                                Found in routes/verify.ts - About 2 hrs to fix

                                Cognitive Complexity

                                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                                A method's cognitive complexity is based on a few simple rules:

                                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                                • Code is considered more complex for each "break in the linear flow of the code"
                                • Code is considered more complex when "flow breaking structures are nested"

                                Further reading

                                Function changePassword has a Cognitive Complexity of 18 (exceeds 7 allowed). Consider refactoring.
                                Open

                                module.exports = function changePassword () {
                                  return ({ query, headers, connection }: Request, res: Response, next: NextFunction) => {
                                    const currentPassword = query.current
                                    const newPassword = query.new
                                    const repeatPassword = query.repeat
                                Severity: Minor
                                Found in routes/changePassword.ts - About 2 hrs to fix

                                Cognitive Complexity

                                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                                A method's cognitive complexity is based on a few simple rules:

                                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                                • Code is considered more complex for each "break in the linear flow of the code"
                                • Code is considered more complex when "flow breaking structures are nested"

                                Further reading

                                Severity
                                Category
                                Status
                                Source
                                Language