Skip to content

Commit

Permalink
Merge pull request pwndoc#457 from pwndoc/codequality
Browse files Browse the repository at this point in the history 
Improved code quality (based on CodeQL)
  • Loading branch information
@MaxNad
MaxNad authored Apr 10, 2023
2 parents 38e18d8 + 7886658 commit ac74fa4
Show file tree
Hide file tree
Showing 19 changed files with 34 additions and 42 deletions.
5 changes: 5 additions & 0 deletions .github/codeql/codeql-config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@ name: "PwnDoc CodeQL config"

queries:
- uses: security-and-quality
- uses: security-extended

query-filters:
- exclude:
id: js/missing-rate-limiting

paths:
- backend
Expand Down
4 changes: 2 additions & 2 deletions backend/src/app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,14 +47,14 @@ require('./models/settings');
// Socket IO configuration
io.on('connection', (socket) => {
socket.on('join', (data) => {
console.log(`user ${data.username} joined room ${data.room}`)
console.log(`user ${data.username.replace(/\n|\r/g, "")} joined room ${data.room.replace(/\n|\r/g, "")}`)
socket.username = data.username;
do { socket.color = '#'+(0x1000000+(Math.random())*0xffffff).toString(16).substr(1,6); } while (socket.color === "#77c84e")
socket.join(data.room);
io.to(data.room).emit('updateUsers');
});
socket.on('leave', (data) => {
console.log(`user ${data.username} left room ${data.room}`)
console.log(`user ${data.username.replace(/\n|\r/g, "")} left room ${data.room.replace(/\n|\r/g, "")}`)
socket.leave(data.room)
io.to(data.room).emit('updateUsers');
})
Expand Down
3 changes: 0 additions & 3 deletions backend/src/lib/custom-generator.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,6 @@ var filters = {};

// Convert input CVSS criteria into French: {input | criteriaFR}
expressions.filters.criteriaFR = function(input) {
var pre = '<w:p><w:r><w:t>';
var post = '</w:t></w:r></w:p>';
var result = "Non défini"

if (input === "Network") result = "Réseau"
Expand All @@ -30,7 +28,6 @@ expressions.filters.criteriaFR = function(input) {
else if (input === "Unchanged") result = "Inchangé"
else if (input === "Changed") result = "Changé"

// return pre + result + post;
return result;
}

Expand Down
10 changes: 5 additions & 5 deletions backend/src/lib/report-generator.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ async function generateDoc(audit) {
}
return [width,height];
}
return [0,0]
return [0,0];
}

if (settings.report.private.imageBorder && settings.report.private.imageBorderColor)
Expand Down Expand Up @@ -425,7 +425,7 @@ async function prepAuditData(data, settings) {
result.date_start = data.date_start || "undefined"
result.date_end = data.date_end || "undefined"
if (data.customFields) {
for (field of data.customFields) {
for (var field of data.customFields) {
var fieldType = field.customField.fieldType
var label = field.customField.label

Expand Down Expand Up @@ -469,7 +469,7 @@ async function prepAuditData(data, settings) {
result.scope = data.scope.toObject() || []

result.findings = []
for (finding of data.findings) {
for (var finding of data.findings) {
var tmpCVSS = CVSS31.calculateCVSSFromVector(finding.cvssv3);
var tmpFinding = {
title: finding.title || "",
Expand Down Expand Up @@ -571,7 +571,7 @@ async function prepAuditData(data, settings) {
result.creator.role = data.creator.role || "undefined"
}

for (section of data.sections) {
for (var section of data.sections) {
var formatSection = {
name: $t(section.name)
}
Expand Down Expand Up @@ -600,7 +600,7 @@ async function splitHTMLParagraphs(data) {

var splitted = data.split(/(<img.+?src=".*?".+?alt=".*?".*?>)/)

for (value of splitted){
for (var value of splitted){
if (value.startsWith("<img")) {
var src = value.match(/<img.+src="(.*?)"/) || ""
var alt = value.match(/<img.+alt="(.*?)"/) || ""
Expand Down
1 change: 0 additions & 1 deletion backend/src/models/settings.js
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
var mongoose = require('mongoose');//.set('debug', true);
var Schema = mongoose.Schema;
var fs = require('fs');
var _ = require('lodash');
var Utils = require('../lib/utils.js');

Expand Down
2 changes: 1 addition & 1 deletion backend/src/models/user.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@ UserSchema.statics.updateProfile = function (username, user) {
payload.lastname = row.lastname;
payload.email = row.email;
payload.phone = row.phone;
payload.roles = auth.acl.getRoles(payload.role)
payload.roles = auth.acl.getRoles(payload.role);

return row.save();
}
Expand Down
2 changes: 1 addition & 1 deletion backend/src/models/vulnerability.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@ VulnerabilitySchema.statics.Merge = (vulnIdPrime, vulnIdMerge, locale) => {
if (mergeDetail.description) detail.description = mergeDetail.description;
if (mergeDetail.observation) detail.observation = mergeDetail.observation;
if (mergeDetail.remediation) detail.remediation = mergeDetail.remediation;
if (mergeDetail.customFields) detail.customFields = mergeDetail.customFields
if (mergeDetail.customFields) detail.customFields = mergeDetail.customFields;
primeVuln.details.push(detail);
return primeVuln.save();
})
Expand Down
10 changes: 5 additions & 5 deletions backend/src/routes/audit.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ module.exports = function(app, io) {
Audit.delete(acl.isAllowed(req.decodedToken.role, 'audits:delete-all'), req.params.auditId, req.decodedToken.id)
.then(msg => Response.Ok(res, msg))
.catch(err => Response.Internal(res, err))
})
});

/* ### AUDITS EDIT ### */

Expand Down Expand Up @@ -150,7 +150,7 @@ module.exports = function(app, io) {

// If the new collaborator already gave a review, remove said review, accept collaborator
if (audit.approvals) {
newApprovals = audit.approvals.filter((approval) => !req.body.collaborators.some((collaborator) => approval.toString() === collaborator._id));
var newApprovals = audit.approvals.filter((approval) => !req.body.collaborators.some((collaborator) => approval.toString() === collaborator._id));
update.approvals = newApprovals;
}
}
Expand Down Expand Up @@ -354,7 +354,7 @@ module.exports = function(app, io) {
.then(msg => {
Response.Ok(res, msg)
})
.catch(err => Response.Internal(res, err))
.catch(err => Response.Internal(res, err));
});

// Generate Report for specific audit
Expand Down Expand Up @@ -430,7 +430,7 @@ module.exports = function(app, io) {
io.to(req.params.auditId).emit('updateAudit');
Response.Ok(res, msg)
})
.catch(err => Response.Internal(res, err))
.catch(err => Response.Internal(res, err));
});

// Give or remove a reviewer's approval to an audit
Expand Down Expand Up @@ -522,6 +522,6 @@ module.exports = function(app, io) {
io.to(req.params.auditId).emit('updateAudit');
Response.Ok(res, msg)
})
.catch(err => Response.Internal(res, err))
.catch(err => Response.Internal(res, err));
});
}
4 changes: 2 additions & 2 deletions backend/src/routes/client.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ module.exports = function(app) {

Client.create(client, company)
.then(msg => Response.Created(res, msg))
.catch(err => Response.Internal(res, err))
.catch(err => Response.Internal(res, err));
});

// Update client
Expand All @@ -51,7 +51,7 @@ module.exports = function(app) {

Client.update(req.params.id, client, company)
.then(msg => Response.Ok(res, 'Client updated successfully'))
.catch(err => Response.Internal(res, err))
.catch(err => Response.Internal(res, err));
});

// Delete client
Expand Down
2 changes: 1 addition & 1 deletion backend/src/routes/template.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,5 +103,5 @@ module.exports = function(app) {
res.download(file, `${data.name}.${data.ext}`)
})
.catch(err => Response.Internal(res, err))
})
});
}
8 changes: 4 additions & 4 deletions backend/src/routes/user.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ module.exports = function(app) {

User.create(user)
.then(msg => Response.Created(res, 'User created successfully'))
.catch(err => Response.Internal(res, err))
.catch(err => Response.Internal(res, err));
});

// Create First User
Expand Down Expand Up @@ -231,7 +231,7 @@ module.exports = function(app) {
else
Response.Forbidden(res, 'Already Initialized');
})
.catch(err => Response.Internal(res, err))
.catch(err => Response.Internal(res, err));
});

// Update my profile
Expand Down Expand Up @@ -268,7 +268,7 @@ module.exports = function(app) {
res.cookie('token', msg.token, {secure: true, httpOnly: true})
Response.Ok(res, msg)
})
.catch(err => Response.Internal(res, err))
.catch(err => Response.Internal(res, err));
});

// Update any user (admin only)
Expand All @@ -292,6 +292,6 @@ module.exports = function(app) {

User.updateUser(req.params.id, user)
.then(msg => Response.Ok(res, msg))
.catch(err => Response.Internal(res, err))
.catch(err => Response.Internal(res, err));
});
}
2 changes: 1 addition & 1 deletion backend/src/routes/vulnerability.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,5 +188,5 @@ module.exports = function(app) {
Vulnerability.Merge(req.params.vulnId, req.body.vulnId, req.body.locale)
.then(() => Response.Ok(res, 'Vulnerability merge successfully'))
.catch(err => Response.Internal(res, err))
})
});
}
2 changes: 0 additions & 2 deletions frontend/src/i18n/de-DE/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -365,7 +365,6 @@ export default {
export: 'Export',
hostsAssociateScopes: 'Importierte Hosts mit Geltungsbereichen assoziieren',
handleCustomData: 'Handle Custom Data',
companies: 'Firmen',
clients: 'Kunden',
templates: 'Vorlagen',
addClient: 'Kunde hinzufügen',
Expand Down Expand Up @@ -441,7 +440,6 @@ export default {
auditSection: 'Auditabschnitte',
vulnerability: 'Vulnerability',
checkbox: 'Checkbox',
date: 'Datum',
editor: 'Editor',
input: 'Eingabe',
radio: 'Radio',
Expand Down
2 changes: 0 additions & 2 deletions frontend/src/i18n/en-US/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -371,7 +371,6 @@ export default {
export: 'Export',
hostsAssociateScopes: 'Associate imported hosts with Scopes',
handleCustomData: 'Handle Custom Data',
companies: 'Companies',
clients: 'Clients',
templates: 'Templates',
addClient: 'Add Client',
Expand Down Expand Up @@ -447,7 +446,6 @@ export default {
auditSection: 'Audit Section',
vulnerability: 'Vulnerability',
checkbox: 'Checkbox',
date: 'Date',
editor: 'Editor',
input: 'Input',
radio: 'Radio',
Expand Down
2 changes: 0 additions & 2 deletions frontend/src/i18n/fr-FR/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,6 @@ export default {
export: 'Exporter',
hostsAssociateScopes: 'Associer des hôtes "importés" au périmètre défini',
handleCustomData: 'Gérer les Données Personnalisées',
companies: 'Entreprises',
clients: 'Clients',
templates: 'Modèles',
addClient: 'Ajouter un Client',
Expand Down Expand Up @@ -301,7 +300,6 @@ export default {
auditSection: 'Section d\'Audit',
vulnerability: 'Vulnerabilité',
checkbox: 'Checkbox',
date: 'Date',
editor: 'Editeur',
input: 'Input',
radio: 'Radio',
Expand Down
2 changes: 0 additions & 2 deletions frontend/src/i18n/zh-CN/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -370,7 +370,6 @@ export default {
export: '导出',
hostsAssociateScopes: '将导入的主机与范围关联',
handleCustomData: '处理自定义数据',
companies: '公司',
clients: '客户',
templates: '模板',
addClient: '添加客户',
Expand Down Expand Up @@ -446,7 +445,6 @@ export default {
auditSection: '审计编辑 - 段落',
vulnerability: '漏洞编辑',
checkbox: '复选框',
date: '日期',
editor: '编辑器',
input: '输入框',
radio: '单选框',
Expand Down
1 change: 0 additions & 1 deletion frontend/src/pages/audits/edit/index.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,6 @@ export default {
vulnCategories: [],
customFields: [],
auditTypes: [],
vulnCategories: [],
findingList: [],
frontEndAuditState: Utils.AUDIT_VIEW_STATE.EDIT_READONLY,
AUDIT_VIEW_STATE: Utils.AUDIT_VIEW_STATE
Expand Down
12 changes: 6 additions & 6 deletions frontend/src/pages/audits/edit/network/network.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,16 +231,16 @@ export default {
color: 'positive',
textColor:'white',
position: 'top-right'
})
});
}
catch (err) {
console.log(err)
console.log(err);
Notify.create({
message: 'Error parsing Nmap',
color: 'negative',
textColor:'white',
position: 'top-right'
})
});
}
},

Expand Down Expand Up @@ -321,16 +321,16 @@ export default {
color: 'positive',
textColor:'white',
position: 'top-right'
})
});
}
catch (err) {
console.log(err)
console.log(err);
Notify.create({
message: 'Error parsing Nessus',
color: 'negative',
textColor:'white',
position: 'top-right'
})
});
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion frontend/src/pages/data/templates/templates.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ export default {
downloadTemplate: function(row) {
TemplateService.downloadTemplate(row._id)
.then((data) => {
status = exportFile(`${row.name}.${row.ext || 'docx'}`, data.data, {type: "application/octet-stream"})
var status = exportFile(`${row.name}.${row.ext || 'docx'}`, data.data, {type: "application/octet-stream"})
if (!status)
throw (status)
})
Expand Down

0 comments on commit ac74fa4

Please sign in to comment.