juice-shop/juice-shop

View on GitHub

Showing 134 of 134 total issues

FIXME found
Open

    xit('for Mozilla configuration (https://pastebin.com/t8jqE1y7)', () => { // FIXME Test would need to confirm/bypass PasteBin SMART filter to retrieve content
Severity: Minor
Found in test/api/internetResourcesSpec.ts by fixme

FIXME found
Open

Severity: Minor
Found in .github/workflows/ci.yml by fixme

FIXME found
Open

        // FIXME warnings below this line need to be checked and fixed. Line end comments below are number of findings per rule on 02.05.2022
Severity: Minor
Found in .eslintrc.js by fixme

FIXME found
Open

  name: 'CSRF' # FIXME No e2e test automation! No longer works in Chrome >=80 and Firefox >=100 or other latest browsers!
Severity: Minor
Found in data/static/challenges.yml by fixme

FIXME found
Open

  rules: { // FIXME Remaining linting errors since migrating from StandardJS-style TSLint. Significant refactoring expected in order to turn on!
Severity: Minor
Found in frontend/.eslintrc.js by fixme

FIXME found
Open

FIXME found
Open

    xit('for 7MS configuration (https://pastebin.com/8SMbWPxc)', () => { // FIXME Test would need to confirm/bypass PasteBin SMART filter to retrieve content
Severity: Minor
Found in test/api/internetResourcesSpec.ts by fixme

FIXME found
Open

  xit('GET last login IP will be saved as remote IP when True-Client-IP is not present', () => { // FIXME Started to fail regularly on CI under Linux
Severity: Minor
Found in test/api/loginApiSpec.ts by fixme

TODO found
Open

export const contains = (str: string, element: string) => str ? str.includes(element) : false // TODO Inline all usages as this function is not adding any functionality to String.includes
Severity: Minor
Found in lib/utils.ts by fixme

TODO found
Open

exports.calculateFindItCheatScore = async (challenge: Challenge) => { // TODO Consider coding challenges with identical/overlapping snippets as easier once one of them has been solved
Severity: Minor
Found in lib/antiCheat.ts by fixme

FIXME found
Open

  xit('GET file upload error metrics via public API', () => { // FIXME Flaky on CI/CD on at least Windows
Severity: Minor
Found in test/api/metricsApiSpec.ts by fixme

FIXME found
Open

  xit('PUT update existing product does not filter XSS attacks', () => { // FIXME Started to fail regularly on CI under Linux
Severity: Minor
Found in test/api/productApiSpec.ts by fixme

TODO found
Open

        // TODO Verify functionally that it's not the basket of the admin

FIXME found
Open

  xit('should not set Last-Login IP if none is present in JWT', () => { // FIXME Expected state seems to leak over from previous test case occasionally

FIXME found
Open

TODO found
Open

      if (matches[0]) { // TODO Currently only a single source file is supported
Severity: Minor
Found in routes/vulnCodeSnippet.ts by fixme

FIXME found
Open

  xit('should notify about user login after 2FA verification', () => { // FIXME Spy call is not registered at all

FIXME found
Open

  xit('GET file upload metrics via public API', () => { // FIXME Flaky on CI/CD on at least Windows
Severity: Minor
Found in test/api/metricsApiSpec.ts by fixme

FIXME found
Open

  xit('should hold nothing on error from backend API and log the error', fakeAsync(() => { // FIXME Error: 1 timer(s) still in the queue.

TODO found
Open

const coupledChallenges = { // TODO prevent also near-identical challenges (e.g. all null byte file access or dom xss + bonus payload etc.) from counting as cheating
Severity: Minor
Found in lib/antiCheat.ts by fixme
Severity
Category
Status
Source
Language