Sign upLogin

secureCodeBox/secureCodeBox

View on GitHub
Star

Showing 195 of 515 total issues

Function openPorts has 31 lines of code (exceeds 25 allowed). Consider refactoring.
Open

            newHost.openPorts = openPorts.map(portItem => {
              // console.log(JSON.stringify(portItem, null, 4))

              const port = parseInt(portItem.$.portid, 10);
              const protocol = portItem.$.protocol;
Severity: Minor
Found in scanners/nmap/parser/parser.js - About 1 hr to fix

    Method ScanCompletionHookSpec.DeepCopyInto has 55 lines of code (exceeds 50 allowed). Consider refactoring.
    Open

    func (in *ScanCompletionHookSpec) DeepCopyInto(out *ScanCompletionHookSpec) {
    *out = *in
    if in.ImagePullSecrets != nil {
        in, out := &in.ImagePullSecrets, &out.ImagePullSecrets
        *out = make([]corev1.LocalObjectReference, len(*in))
    Severity: Minor
    Found in operator/apis/execution/v1/zz_generated.deepcopy.go - About 1 hr to fix

      Method ScanReconciler.startParser has 12 return statements (exceeds 4 allowed).
      Open

      func (r *ScanReconciler) startParser(scan *executionv1.Scan) error {
    ctx := context.Background()
    namespacedName := fmt.Sprintf("%s/%s", scan.Namespace, scan.Name)
    log := r.Log.WithValues("scan_parse", namespacedName)
      Severity: Major
      Found in operator/controllers/execution/scans/parse_reconciler.go - About 1 hr to fix

        Function main has 29 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

        async function main() {
  let scan;
  try {
    const { body } = await k8sApi.getNamespacedCustomObject(
      "execution.securecodebox.io",
        Severity: Minor
        Found in hook-sdk/nodejs/hook-wrapper.js - About 1 hr to fix

          Function getPredicatesForEnabledPerNamespace has 54 lines of code (exceeds 50 allowed). Consider refactoring.
          Open

          func getPredicatesForEnabledPerNamespace(client client.Client, log logr.Logger) predicate.Predicate {
    return predicate.Funcs{
        CreateFunc: func(event event.CreateEvent) bool {

            if val, ok := event.Object.GetAnnotations()["auto-discovery.securecodebox.io/ignore"]; ok && val == "true" {
          Severity: Minor
          Found in auto-discovery/kubernetes/pkg/util/filter.go - About 1 hr to fix

            Function convertTrivyK8sFindingToSCBFinding has 9 arguments (exceeds 4 allowed). Consider refactoring.
            Open

            function convertTrivyK8sFindingToSCBFinding(trivyK8sFinding, clusterName, namespace, kind, k8sName, target, clazz, type, categoryName) {
            Severity: Major
            Found in scanners/trivy/parser/parser.js - About 1 hr to fix

              Function transformRecommendationToFinding has 28 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

              function transformRecommendationToFinding(
  recommendationSeverityLevel,
  value,
  destination
) {
              Severity: Minor
              Found in scanners/ssh-audit/parser/parser.js - About 1 hr to fix

                Function parseResultFile has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                function parseResultFile(fileContent) {
    let targetList = [];

    for(const rawTarget of fileContent) {
      if (Object.keys(rawTarget).length > 0) { //Check for empty target
                Severity: Minor
                Found in scanners/whatweb/parser/parser.js - About 1 hr to fix

                  Function parse has 28 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                  async function parse(fileContent) {

  if (!fileContent || !fileContent.results || fileContent.results.length == 0) {
    return [];
  }
                  Severity: Minor
                  Found in scanners/ffuf/parser/parser.js - About 1 hr to fix

                    Function transformNMAPScripts has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
                    Open

                    function transformNMAPScripts(hosts) {
  let scriptFindings = [];

  for(const host of hosts) {
                    Severity: Minor
                    Found in scanners/nmap/parser/parser.js - About 1 hr to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Function __configure_scanner has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
                    Open

                        def __configure_scanner(
        self, zap_scanner: ascan, scanner_config: collections.OrderedDict
    ):
        """Starts a ZAP ActiveScan with the given name for the scanners configuration, based on the given configuration and ZAP instance.
                    Severity: Minor
                    Found in scanners/zap-advanced/scanner/zapclient/scanner/zap_scanner_active.py - About 1 hr to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Function configure_spider has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
                    Open

                        def configure_spider(self, spider_config: collections.OrderedDict):
        """Configures a ZAP Ajax Spider with the given spider configuration, based on the running ZAP instance.

        Parameters
        ----------
                    Severity: Minor
                    Found in scanners/zap-advanced/scanner/zapclient/spider/zap_spider_ajax.py - About 1 hr to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Function __start_scanner_with_config has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
                    Open

                        def __start_scanner_with_config(
        self, url: str, scanner_config: collections.OrderedDict
    ) -> int:
        """Starts a ZAP ActiveScan with the given name for the scanners configuration, based on the given configuration and ZAP instance.
                    Severity: Minor
                    Found in scanners/zap-advanced/scanner/zapclient/scanner/zap_scanner_active.py - About 1 hr to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Function parseK8sScanResultResource has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                    function parseK8sScanResultResource(clusterName, resourceItem, reject) {
  let findings = [];

  const {Namespace: namespace, Kind: kind, Name: name, Results} = resourceItem;
  const results = Results || [];
                    Severity: Minor
                    Found in scanners/trivy/parser/parser.js - About 1 hr to fix

                      Function transformToFindings has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                      function transformToFindings(targets) {

  const targetFindings = targets.map(target => {
    let finding = {
      name: target.uri,
                      Severity: Minor
                      Found in scanners/whatweb/parser/parser.js - About 1 hr to fix

                        Function getCascadingRulesForScan has 27 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                        export async function getCascadingRulesForScan(scan: Scan) {
  if (scan.spec.cascades === undefined || scan.spec.cascades === null) {
    console.log("Skipping cascades as no selector was defined.");
    return [];
  }
                        Severity: Minor
                        Found in hooks/cascading-scans/hook/scan-helpers.ts - About 1 hr to fix

                          Method init has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            public void init() throws IOException {
    final ClientBuilder clientBuilder;

    if (env.isDev()) {
      // loading the out-of-cluster config, a kubeconfig from file-system
                          Severity: Minor
                          Found in hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/KubernetesService.java - About 1 hr to fix

                            Method ServiceScanReconciler.Reconcile has 10 return statements (exceeds 4 allowed).
                            Open

                            func (r *ServiceScanReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
    log := r.Log

    log.V(8).Info("Something happened to a service", "service", req.Name, "namespace", req.Namespace)
                            Severity: Major
                            Found in auto-discovery/kubernetes/controllers/service_scan_controller.go - About 1 hr to fix

                              Method ScanReconciler.processPendingHook has 10 return statements (exceeds 4 allowed).
                              Open

                              func (r *ScanReconciler) processPendingHook(scan *executionv1.Scan, status *executionv1.HookStatus, jobType string) error {
    ctx := context.Background()
    var err error

    var hookName string
                              Severity: Major
                              Found in operator/controllers/execution/scans/hook_reconciler.go - About 1 hr to fix

                                Method equals has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
                                Open

                                  @Override
  public boolean equals(Object o) {
    if (this == o) {
      return true;
    }
                                Severity: Minor
                                Found in hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/models/V1ScanStatusReadAndWriteHookStatus.java - About 55 mins to fix

                                Cognitive Complexity

                                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                                A method's cognitive complexity is based on a few simple rules:

                                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                                • Code is considered more complex for each "break in the linear flow of the code"
                                • Code is considered more complex when "flow breaking structures are nested"

                                Further reading

                                Severity
                                Category
                                Status
                                Source
                                Language