Sign upLogin

secureCodeBox/secureCodeBox

View on GitHub
Star

Showing 195 of 515 total issues

Method ScanReconciler.startParser has a Cognitive Complexity of 28 (exceeds 20 allowed). Consider refactoring.
Open

func (r *ScanReconciler) startParser(scan *executionv1.Scan) error {
    ctx := context.Background()
    namespacedName := fmt.Sprintf("%s/%s", scan.Namespace, scan.Name)
    log := r.Log.WithValues("scan_parse", namespacedName)
Severity: Minor
Found in operator/controllers/execution/scans/parse_reconciler.go - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Function purgeCascadedRuleFromScan has a Cognitive Complexity of 13 (exceeds 5 allowed). Consider refactoring.
Open

export function purgeCascadedRuleFromScan(
  scan: Scan,
  cascadedRuleUsedForParentScan?: CascadingRule
): Scan {
  // If there was no cascading rule applied to the parent scan, then ignore no purging is necessary.
Severity: Minor
Found in hooks/cascading-scans/hook/scan-helpers.ts - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Function _configure_load_script has a Cognitive Complexity of 13 (exceeds 5 allowed). Consider refactoring.
Open

    def _configure_load_script(
        self, script_config: collections.OrderedDict, script_type: str
    ):
        """Protected method to load a new ZAP Script based on a given ZAP config.
Severity: Minor
Found in scanners/zap-advanced/scanner/zapclient/zap_abstract_client.py - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Function parse has 39 lines of code (exceeds 25 allowed). Consider refactoring.
Open

function parse(fileContent) {
  // Only 0 when the target wasn't reachable
  if (!fileContent.server_scan_results || fileContent.server_scan_results.length === 0) {
    return [];
  }
Severity: Minor
Found in scanners/sslyze/parser/parser.js - About 1 hr to fix

    Function parseImageScanResults has 39 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

    function parseImageScanResults(imageScanResults) {
  // check if imageScanResults.Results is an array and non empty
  if (!Array.isArray(imageScanResults.Results) || imageScanResults.Results.length === 0) {
    return [];
  }
    Severity: Minor
    Found in scanners/trivy/parser/parser.js - About 1 hr to fix

      Function main has 63 lines of code (exceeds 50 allowed). Consider refactoring.
      Open

      func main() {
    var configFile string
    flag.StringVar(&configFile, "config", "",
        "The controller will load its initial configuration from this file. "+
            "Omit this flag to use the default configuration values. "+
      Severity: Minor
      Found in auto-discovery/kubernetes/main.go - About 1 hr to fix

        Function _create_finding has 12 arguments (exceeds 4 allowed). Consider refactoring.
        Open

            def _create_finding(
        Severity: Major
        Found in scanners/git-repo-scanner/scanner/git_repo_scanner/abstract_scanner.py - About 1 hr to fix

          Function transformToFindings has 37 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

          function transformToFindings(ncrackrun, publicKey) {
  return ncrackrun.service.flatMap(({address, port, credentials = []}) => {
    const {addr: ipAddress} = address[0]["$"];
    const {protocol, portid, name: portName} = port[0]["$"];
          Severity: Minor
          Found in scanners/ncrack/parser/parser.js - About 1 hr to fix

            Function main has 36 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

            async function main() {
  const currentDirectory = __dirname; // current directory is /documentation/src
  const parentDirectory = path.dirname(currentDirectory); // parent is /documentation
  const rootDirectory = path.dirname(parentDirectory); // root is /
            Severity: Minor
            Found in documentation/src/docs.build.js - About 1 hr to fix

              Function getValidFindings has 36 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

              function getValidFindings(){
  return [{
    name: "Test read-write-hook service",
    description: `Port is using protocol.`,
    category: "Open Port",
              Severity: Minor
              Found in scanners/test-scan/parser/parser.js - About 1 hr to fix

                Function getScansMatchingRule has 36 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                function getScansMatchingRule(
  parentScan: Scan,
  findings: Array<Finding>,
  cascadingRule: CascadingRule,
  parseDefinition: ParseDefinition
                Severity: Minor
                Found in hooks/cascading-scans/hook/hook.ts - About 1 hr to fix

                  Method ScanReconciler.startScan has 15 return statements (exceeds 4 allowed).
                  Open

                  func (r *ScanReconciler) startScan(scan *executionv1.Scan) error {
    ctx := context.Background()
    namespacedName := fmt.Sprintf("%s/%s", scan.Namespace, scan.Name)
    log := r.Log.WithValues("scan_init", namespacedName)
                  Severity: Major
                  Found in operator/controllers/execution/scans/scan_reconciler.go - About 1 hr to fix

                    Method equals has a Cognitive Complexity of 12 (exceeds 5 allowed). Consider refactoring.
                    Open

                      @Override
  public boolean equals(Object o) {
    if (this == o) {
      return true;
    }
                    Severity: Minor
                    Found in hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/models/V1ScanSpecCascades.java - About 1 hr to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Function analyseCertificateDeployments has a Cognitive Complexity of 12 (exceeds 5 allowed). Consider refactoring.
                    Open

                    function analyseCertificateDeployments(serverScanResult) {
  if (serverScanResult?.scan_result?.certificate_info?.result?.certificate_deployments) {
    const certificateInfos = serverScanResult.scan_result.certificate_info.result.certificate_deployments.map(
      analyseCertificateDeployment
    );
                    Severity: Minor
                    Found in scanners/sslyze/parser/parser.js - About 1 hr to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Function parse has 34 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                    async function parse (fileContent, scan) {

  if (fileContent) {
    const commitUrlBase = prepareCommitUrl(scan);
                    Severity: Minor
                    Found in scanners/gitleaks/parser/parser.js - About 1 hr to fix

                      Consider simplifying this complex logical expression.
                      Open

                        if(script.table && script.table[0] && script.table[0].elem) {

    for(const elem of script.table[0].elem) {
      console.log ("Found SMB SMB Protocol: " + elem);
      //console.log (elem);
                      Severity: Critical
                      Found in scanners/nmap/parser/parser.js - About 1 hr to fix

                        Method ScheduledScanReconciler.Reconcile has 14 return statements (exceeds 4 allowed).
                        Open

                        func (r *ScheduledScanReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
    log := r.Log.WithValues("scheduledscan", req.NamespacedName)

    // get the ScheduledScan
    var scheduledScan executionv1.ScheduledScan
                        Severity: Major
                        Found in operator/controllers/execution/scheduledscan_controller.go - About 1 hr to fix

                          Method ParseDefinitionSpec.DeepCopyInto has 57 lines of code (exceeds 50 allowed). Consider refactoring.
                          Open

                          func (in *ParseDefinitionSpec) DeepCopyInto(out *ParseDefinitionSpec) {
    *out = *in
    if in.ScopeLimiterAliases != nil {
        in, out := &in.ScopeLimiterAliases, &out.ScopeLimiterAliases
        *out = make(map[string]string, len(*in))
                          Severity: Minor
                          Found in operator/apis/execution/v1/zz_generated.deepcopy.go - About 1 hr to fix

                            Method ScanReconciler.startScan has a Cognitive Complexity of 26 (exceeds 20 allowed). Consider refactoring.
                            Open

                            func (r *ScanReconciler) startScan(scan *executionv1.Scan) error {
    ctx := context.Background()
    namespacedName := fmt.Sprintf("%s/%s", scan.Namespace, scan.Name)
    log := r.Log.WithValues("scan_init", namespacedName)
                            Severity: Minor
                            Found in operator/controllers/execution/scans/scan_reconciler.go - About 1 hr to fix

                            Cognitive Complexity

                            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                            A method's cognitive complexity is based on a few simple rules:

                            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                            • Code is considered more complex for each "break in the linear flow of the code"
                            • Code is considered more complex when "flow breaking structures are nested"

                            Further reading

                            Function convertTrivyK8sFindingToSCBFinding has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.
                            Open

                            function convertTrivyK8sFindingToSCBFinding(trivyK8sFinding, clusterName, namespace, kind, k8sName, target, clazz, type, categoryName) {
  let references = trivyK8sFinding.PrimaryURL ? [{type: "URL", value: trivyK8sFinding.PrimaryURL}] : [];

  const url_references = getUrlReferences(trivyK8sFinding.References).filter(ref => ref.value !== trivyK8sFinding.PrimaryURL);
  references = references.concat(url_references);
                            Severity: Minor
                            Found in scanners/trivy/parser/parser.js - About 1 hr to fix

                            Cognitive Complexity

                            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                            A method's cognitive complexity is based on a few simple rules:

                            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                            • Code is considered more complex for each "break in the linear flow of the code"
                            • Code is considered more complex when "flow breaking structures are nested"

                            Further reading

                            Severity
                            Category
                            Status
                            Source
                            Language