juice-shop/juice-shop

View on GitHub

Showing 99 of 134 total issues

Function getDeliveryMethods has a Cognitive Complexity of 10 (exceeds 7 allowed). Consider refactoring.
Open

module.exports.getDeliveryMethods = function getDeliveryMethods () {
  return async (req: Request, res: Response, next: NextFunction) => {
    const methods = await DeliveryModel.findAll()
    if (methods) {
      const sendMethods = []
Severity: Minor
Found in routes/delivery.ts - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Function saveLoginIp has a Cognitive Complexity of 10 (exceeds 7 allowed). Consider refactoring.
Open

module.exports = function saveLoginIp () {
  return (req: Request, res: Response, next: NextFunction) => {
    const loggedInUser = security.authenticatedUsers.from(req)
    if (loggedInUser !== undefined) {
      let lastLoginIp = req.headers['true-client-ip']
Severity: Minor
Found in routes/saveLoginIp.ts - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Avoid deeply nested control flow statements.
Open

          if (lines.length === 1) lines = snippet.split('\r')
Severity: Major
Found in routes/vulnCodeSnippet.ts - About 45 mins to fix

    Avoid deeply nested control flow statements.
    Open

              for (let i = 0; i < lines.length; i++) {
                if (new RegExp(`vuln-code-snippet vuln-line.*${challenge.key}`).exec(lines[i]) != null) {
                  vulnLines.push(i + 1)
                } else if (new RegExp(`vuln-code-snippet neutral-line.*${challenge.key}`).exec(lines[i]) != null) {
                  neutralLines.push(i + 1)
    Severity: Major
    Found in routes/vulnCodeSnippet.ts - About 45 mins to fix

      Function quantityCheck has 5 arguments (exceeds 4 allowed). Consider refactoring.
      Open

      async function quantityCheck (req: Request, res: Response, next: NextFunction, id: number, quantity: number) {
      Severity: Minor
      Found in routes/basketItems.ts - About 35 mins to fix

        Function quantityCheck has a Cognitive Complexity of 9 (exceeds 7 allowed). Consider refactoring.
        Open

        async function quantityCheck (req: Request, res: Response, next: NextFunction, id: number, quantity: number) {
          const product = await QuantityModel.findOne({ where: { ProductId: id } })
          if (!product) {
            throw new Error('No such product found!')
          }
        Severity: Minor
        Found in routes/basketItems.ts - About 35 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Function captchaBypassChallenge has a Cognitive Complexity of 9 (exceeds 7 allowed). Consider refactoring.
        Open

        exports.captchaBypassChallenge = () => (req: Request, res: Response, next: NextFunction) => {
          if (challengeUtils.notSolved(challenges.captchaBypassChallenge)) {
            if (req.app.locals.captchaReqId >= 10) {
              if ((new Date().getTime() - req.app.locals.captchaBypassReqTimes[req.app.locals.captchaReqId - 10]) <= 20000) {
                challengeUtils.solve(challenges.captchaBypassChallenge)
        Severity: Minor
        Found in routes/verify.ts - About 35 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Function choosePayment has a Cognitive Complexity of 9 (exceeds 7 allowed). Consider refactoring.
        Open

          choosePayment () {
            sessionStorage.removeItem('itemTotal')
            if (this.mode === 'wallet') {
              this.walletService.put({ balance: this.totalPrice, paymentId: this.paymentId }).subscribe(() => {
                sessionStorage.removeItem('walletTotal')
        Severity: Minor
        Found in frontend/src/app/payment/payment.component.ts - About 35 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Function profileImageUrlUpload has a Cognitive Complexity of 9 (exceeds 7 allowed). Consider refactoring.
        Open

        module.exports = function profileImageUrlUpload () {
          return (req: Request, res: Response, next: NextFunction) => {
            if (req.body.imageUrl !== undefined) {
              const url = req.body.imageUrl
              if (url.match(/(.)*solve\/challenges\/server-side(.)*/) !== null) req.app.locals.abused_ssrf_bug = true
        Severity: Minor
        Found in routes/profileImageUrlUpload.ts - About 35 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Function addWalletBalance has a Cognitive Complexity of 9 (exceeds 7 allowed). Consider refactoring.
        Open

        module.exports.addWalletBalance = function addWalletBalance () {
          return async (req: Request, res: Response, next: NextFunction) => {
            const cardId = req.body.paymentId
            const card = cardId ? await CardModel.findOne({ where: { id: cardId, UserId: req.body.UserId } }) : null
            if (card) {
        Severity: Minor
        Found in routes/wallet.ts - About 35 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Function servePublicFiles has a Cognitive Complexity of 9 (exceeds 7 allowed). Consider refactoring.
        Open

        module.exports = function servePublicFiles () {
          return ({ params, query }: Request, res: Response, next: NextFunction) => {
            const file = params.file
        
            if (!file.includes('/')) {
        Severity: Minor
        Found in routes/fileServer.ts - About 35 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Function checkIfPortIsAvailable has a Cognitive Complexity of 9 (exceeds 7 allowed). Consider refactoring.
        Open

        const checkIfPortIsAvailable = async (port: number) => {
          return await new Promise((resolve, reject) => {
            portscanner.checkPortStatus(port, function (error: unknown, status: string) {
              if (error) {
                reject(error)
        Severity: Minor
        Found in lib/startup/validatePreconditions.ts - About 35 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Avoid too many return statements within this function.
        Open

          return null
        Severity: Major
        Found in lib/utils.ts - About 30 mins to fix

          Avoid too many return statements within this function.
          Open

          Severity: Major
          Found in frontend/src/app/score-board/score-board.component.ts - About 30 mins to fix

            Function makeKeyNonUpdatable has a Cognitive Complexity of 8 (exceeds 7 allowed). Consider refactoring.
            Open

            export const makeKeyNonUpdatable = (model: Model, column: string) => {
              model.addHook('beforeValidate', (instance: ExtendedModel, options: ExtendedValidationOptions) => {
                if (!options.validate) return
            
                if (instance.isNewRecord) return
            Severity: Minor
            Found in lib/noUpdate.ts - About 25 mins to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Function seePatch has a Cognitive Complexity of 8 (exceeds 7 allowed). Consider refactoring.
            Open

            async function seePatch (file: string) {
              const fileData = fs.readFileSync(fixesPath + '/' + file).toString()
              const snippet = await retrieveCodeSnippet(file.split('_')[0], true)
              const patch = Diff.structuredPatch(file, file, filterString(snippet.snippet), filterString(fileData))
              console.log(colors.bold(file + '\n'))
            Severity: Minor
            Found in rsn/rsnUtil.ts - About 25 mins to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Function setup has a Cognitive Complexity of 8 (exceeds 7 allowed). Consider refactoring.
            Open

            async function setup (req: Request, res: Response) {
              try {
                const data = security.authenticatedUsers.from(req)
                if (!data) {
                  throw new Error('Need to login before setting up 2FA')
            Severity: Minor
            Found in routes/2fa.ts - About 25 mins to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Function customizeApplication has a Cognitive Complexity of 8 (exceeds 7 allowed). Consider refactoring.
            Open

            const customizeApplication = () => {
              if (config.get('application.name')) {
                customizeTitle()
              }
              if (config.get('application.logo')) {
            Severity: Minor
            Found in lib/startup/customizeApplication.ts - About 25 mins to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Function serverSideChallenges has a Cognitive Complexity of 8 (exceeds 7 allowed). Consider refactoring.
            Open

            exports.serverSideChallenges = () => (req: Request, res: Response, next: NextFunction) => {
              if (req.query.key === 'tRy_H4rd3r_n0thIng_iS_Imp0ssibl3') {
                if (challengeUtils.notSolved(challenges.sstiChallenge) && req.app.locals.abused_ssti_bug === true) {
                  challengeUtils.solve(challenges.sstiChallenge)
                  res.status(204).send()
            Severity: Minor
            Found in routes/verify.ts - About 25 mins to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Severity
            Category
            Status
            Source
            Language