IntenseWebs/pgadmin4
3
0
Fork 0
mirror of https://github.com/pgadmin-org/pgadmin4.git synced 2025-01-23 23:13:38 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fixed sonaqube security smells and bugs

Browse Source 
1. Delete unreachable code or refactor the code to make it reachable.
2. Unexpected var, use let or const instead.
3. Remove useless assignment to variable.
4. Define a constant instead of duplicating the literal
5. Remove commented out code
This commit is contained in:
Pravesh Sharma 2023-07-10 10:36:15 +05:30 committed by GitHub
parent 9aa116bf3f
commit 62056cab14
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 27 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
runtime/src/js/pgadmin.js
View File

@ -368,7 +368,7 @@ function addCommonMenus(menu) {
let _menu = new gui.Menu(); let _menu = new gui.Menu();
menu.menuItems.forEach((menuItem) => { menu.menuItems.forEach((menuItem) => {
var submenu = getSubMenu(menuItem); let submenu = getSubMenu(menuItem);
let _menuItem = new gui.MenuItem({ let _menuItem = new gui.MenuItem({
label: menuItem.label, label: menuItem.label,
@ -417,8 +417,6 @@ function addCommonMenus(menu) {
} }
function getRuntimeMenu() { function getRuntimeMenu() {
let controlKey = platform() === 'darwin' ? 'cmd' : 'ctrl';
let fullScreenKey = platform() === 'darwin' ? 'F' : 'F10';
let subMenus = new gui.Menu(); let subMenus = new gui.Menu();
let rtmenudt = pgAdminMainScreen.window.pgAdmin.Browser.RUNTIME_MENUS_OPTIONS['runtime'] let rtmenudt = pgAdminMainScreen.window.pgAdmin.Browser.RUNTIME_MENUS_OPTIONS['runtime']
let runtimeSubMenus = pgAdminMainScreen.window.pgAdmin.Browser.RUNTIME_MENUS_OPTIONS['runtime']['submenus'] let runtimeSubMenus = pgAdminMainScreen.window.pgAdmin.Browser.RUNTIME_MENUS_OPTIONS['runtime']['submenus']
@ -558,7 +556,7 @@ function getSubMenu(menuItem) {
function addMacMenu(menu) { function addMacMenu(menu) {
if (menu.name == 'file' && platform() === 'darwin') { if (menu.name == 'file' && platform() === 'darwin') {
var rootMenu = nativeMenu.items[0].submenu; let rootMenu = nativeMenu.items[0].submenu;
let indx = 0; let indx = 0;
menu.menuItems.forEach((menuItem) => { menu.menuItems.forEach((menuItem) => {
let submenu = getSubMenu(menuItem); let submenu = getSubMenu(menuItem);
@ -652,7 +650,7 @@ function refreshMenuItems(menu) {
} }
menu.menuItems.forEach((item) => { menu.menuItems.forEach((item) => {
var submenu = new gui.Menu(); let submenu = new gui.Menu();
if (item.menu_items) { if (item.menu_items) {
item.menu_items.forEach((subItem) => { item.menu_items.forEach((subItem) => {
submenu.append(new gui.MenuItem({ submenu.append(new gui.MenuItem({

9
web/pgadmin/__init__.py
View File

@ -68,6 +68,8 @@ socketio = SocketIO(manage_session=False, async_mode='threading',
logger=False, engineio_logger=False, debug=False, logger=False, engineio_logger=False, debug=False,
ping_interval=25, ping_timeout=120) ping_interval=25, ping_timeout=120)
_INDEX_PATH = 'browser.index'
class PgAdmin(Flask): class PgAdmin(Flask):
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
@ -126,8 +128,8 @@ class PgAdmin(Flask):
# into endpoints # into endpoints
############################################################# #############################################################
wsgi_root_path = '' wsgi_root_path = ''
if url_for('browser.index') != '/browser/': if url_for(_INDEX_PATH) != '/browser/':
wsgi_root_path = url_for('browser.index').replace( wsgi_root_path = url_for(_INDEX_PATH).replace(
'/browser/', '' '/browser/', ''
) )
@ -540,7 +542,7 @@ def create_app(app_name=None):
# Make the Session more secure against XSS & CSRF when running in web mode # Make the Session more secure against XSS & CSRF when running in web mode
if config.SERVER_MODE and config.ENHANCED_COOKIE_PROTECTION: if config.SERVER_MODE and config.ENHANCED_COOKIE_PROTECTION:
paranoid = Paranoid(app) paranoid = Paranoid(app)
paranoid.redirect_view = 'browser.index' paranoid.redirect_view = _INDEX_PATH
########################################################################## ##########################################################################
# Load all available server drivers # Load all available server drivers
@ -717,7 +719,6 @@ def create_app(app_name=None):
except Exception as e: except Exception as e:
print(str(e)) print(str(e))
db.session.rollback() db.session.rollback()
pass
@user_logged_in.connect_via(app) @user_logged_in.connect_via(app)
@user_logged_out.connect_via(app) @user_logged_out.connect_via(app)

33
web/pgadmin/authenticate/mfa/authenticator.py
View File

@ -29,6 +29,7 @@ from pgadmin.utils.constants import MessageType
_TOTP_AUTH_METHOD = "authenticator" _TOTP_AUTH_METHOD = "authenticator"
_TOTP_AUTHENTICATOR = _("Authenticator App") _TOTP_AUTHENTICATOR = _("Authenticator App")
_OTP_PLACEHOLDER = _("Enter code")
class TOTPAuthenticator(BaseMFAuth): class TOTPAuthenticator(BaseMFAuth):
@ -113,7 +114,7 @@ class TOTPAuthenticator(BaseMFAuth):
if totp.verify(code) is False: if totp.verify(code) is False:
raise ValidationException("Invalid Code") raise ValidationException("Invalid Code")
def validation_view(self) -> str: def validation_view(self) -> dict:
""" """
Generate the portion of the view to render on the authentication page Generate the portion of the view to render on the authentication page
@ -125,10 +126,10 @@ class TOTPAuthenticator(BaseMFAuth):
"Enter the code shown in your authenticator application for " "Enter the code shown in your authenticator application for "
"TOTP (Time-based One-Time Password)" "TOTP (Time-based One-Time Password)"
), ),
otp_placeholder=_("Enter code"), otp_placeholder=_OTP_PLACEHOLDER,
) )
def _registration_view(self) -> str: def _registration_view(self) -> dict:
""" """
Internal function to generate a view for the registration page. Internal function to generate a view for the registration page.
@ -164,31 +165,7 @@ class TOTPAuthenticator(BaseMFAuth):
auth_description=_( auth_description=_(
"Scan the QR code and the enter the code from the " "Scan the QR code and the enter the code from the "
"TOTP Authenticator application" "TOTP Authenticator application"
), otp_placeholder=_("Enter code") ), otp_placeholder=_OTP_PLACEHOLDER
)
return "".join([
"<h5 class='form-group text-center'>{auth_title}</h5>",
"<input type='hidden' name='{auth_method}' value='SETUP'/>",
"<input type='hidden' name='VALIDATE' value='validate'/>",
"<img src='data:image/jpeg;base64,{image}'" +
" alt='{qrcode_alt_text}' class='w-100'/>",
"<div class='form-group pt-3'>{auth_description}</div>",
"<div class='form-group'>",
"<input class='form-control' " +
" placeholder='{otp_placeholder}' name='code'" +
" type='password' autofocus='' autocomplete='one-time-code'" +
" pattern='\\d*' require>",
"</div>",
]).format(
auth_title=_(_TOTP_AUTHENTICATOR),
auth_method=_TOTP_AUTH_METHOD,
image=img_base64.decode("utf-8"),
qrcode_alt_text=_("TOTP Authenticator QRCode"),
auth_description=_(
"Scan the QR code and the enter the code from the "
"TOTP Authenticator application"
), otp_placeholder=_("Enter code")
) )
def registration_view(self, form_data) -> Union[str, None]: def registration_view(self, form_data) -> Union[str, None]:

12
web/pgadmin/browser/server_groups/servers/databases/casts/static/js/cast.ui.js
View File

@ -33,10 +33,14 @@ export default class CastSchema extends BaseUISchema {
let srctype = state.srctyp; let srctype = state.srctyp;
let trgtype = state.trgtyp; let trgtype = state.trgtyp;
if(srctype != undefined && srctype != '' && if(srctype != undefined && srctype != '' &&
trgtype != undefined && trgtype != '') trgtype != undefined && trgtype != '') {
return state.name = srctype+'->'+trgtype; state.name = srctype+'->'+trgtype;
else return state.name;
return state.name = ''; }
else {
state.name = '';
return state.name;
}
} }
get baseFields() { get baseFields() {

7
web/pgadmin/browser/server_groups/servers/databases/publications/__init__.py
View File

@ -169,6 +169,7 @@ class PublicationView(PGChildNodeView, SchemaDiffObjectCompare):
gettext("Could not find the publication information.") gettext("Could not find the publication information.")
node_type = blueprint.node_type node_type = blueprint.node_type
BASE_TEMPLATE_PATH = 'publications/{0}/#{1}#/sql' BASE_TEMPLATE_PATH = 'publications/{0}/#{1}#/sql'
GET_PUB_SCHEMAS_SQL = 'get_pub_schemas.sql'
parent_ids = [ parent_ids = [
{'type': 'int', 'id': 'gid'}, {'type': 'int', 'id': 'gid'},
@ -380,7 +381,7 @@ class PublicationView(PGChildNodeView, SchemaDiffObjectCompare):
if not res['rows'][0]['all_table']: if not res['rows'][0]['all_table']:
if self.manager.version >= 150000: if self.manager.version >= 150000:
schema_name_sql = render_template( schema_name_sql = render_template(
"/".join([self.template_path, 'get_pub_schemas.sql']), "/".join([self.template_path, self.GET_PUB_SCHEMAS_SQL]),
pbid=pbid pbid=pbid
) )
status, snames_list_res = self.conn.execute_dict( status, snames_list_res = self.conn.execute_dict(
@ -736,7 +737,7 @@ class PublicationView(PGChildNodeView, SchemaDiffObjectCompare):
if self.manager.version >= 150000: if self.manager.version >= 150000:
schema_name_sql = render_template( schema_name_sql = render_template(
"/".join([self.template_path, 'get_pub_schemas.sql']), "/".join([self.template_path, self.GET_PUB_SCHEMAS_SQL]),
pbid=pbid pbid=pbid
) )
status, snames_list_res = self.conn.execute_dict( status, snames_list_res = self.conn.execute_dict(
@ -949,7 +950,7 @@ class PublicationView(PGChildNodeView, SchemaDiffObjectCompare):
if self.manager.version >= 150000: if self.manager.version >= 150000:
schema_name_sql = render_template( schema_name_sql = render_template(
"/".join([self.template_path, 'get_pub_schemas.sql']), "/".join([self.template_path, self.GET_PUB_SCHEMAS_SQL]),
pbid=pbid pbid=pbid
) )
status, snames_list_res = self.conn.execute_dict( status, snames_list_res = self.conn.execute_dict(

5
web/pgadmin/browser/server_groups/servers/databases/schemas/domains/static/js/domain.ui.js
View File

@ -40,10 +40,7 @@ export class DomainConstSchema extends BaseUISchema {
type: 'checkbox', type: 'checkbox',
readonly: function(state) { readonly: function(state) {
let currCon = _.find(obj.top.origData.constraints, (con)=>con.conoid == state.conoid); let currCon = _.find(obj.top.origData.constraints, (con)=>con.conoid == state.conoid);
if (!obj.isNew(state) && currCon.convalidated) { return !obj.isNew(state) && currCon.convalidated ? true : false;
return true;
}
return false;
}, },
} }
]; ];

5
web/pgadmin/browser/server_groups/servers/databases/schemas/synonyms/static/js/synonym.ui.js
View File

@ -97,10 +97,7 @@ export default class SynonymSchema extends BaseUISchema {
}; };
}, },
readonly: function() { readonly: function() {
if(!obj.inCatalog()) { return !obj.inCatalog() ? false : true;
return false;
}
return true;
} }
}, { }, {
id: 'is_sys_obj', label: gettext('System synonym?'), id: 'is_sys_obj', label: gettext('System synonym?'),

2
web/pgadmin/browser/server_groups/servers/static/js/server.js
View File

@ -666,8 +666,6 @@ define('pgadmin.node.server', [
// Check the database server against supported version. // Check the database server against supported version.
checkSupportedVersion(_data.version, res.info); checkSupportedVersion(_data.version, res.info);
// obj.trigger('connected', obj, _item, _data);
// Generate the event that server is connected // Generate the event that server is connected
pgBrowser.Events.trigger( pgBrowser.Events.trigger(
'pgadmin:server:connected', _data._id, _item, _data 'pgadmin:server:connected', _data._id, _item, _data

1
web/pgadmin/static/js/pgadmin.js
View File

@ -26,7 +26,6 @@ define([], function() {
_t = i; _t = i;
} }
_t = 'fontSize' === _r ? +t.parentNode || _t : _t; _t = 'fontSize' === _r ? +t.parentNode || _t : _t;
// _t = _f ? _t : 'rem' === _c ? i : 'fontSize' === _r ? +t.parentNode || _t : _t;
_f = _f || parseFloat(a(_t, 'fontSize')); _f = _f || parseFloat(a(_t, 'fontSize'));
_m = parseFloat(_e) * _f; _m = parseFloat(_e) * _f;
} }

1
web/regression/javascript/SecurityPages/ForgotPasswordPage.spec.js
View File

@ -21,7 +21,6 @@ describe('ForgotPasswordPage', ()=>{
/* https://material-ui.com/guides/testing/#api */ /* https://material-ui.com/guides/testing/#api */
beforeAll(()=>{ beforeAll(()=>{
mount = createMount(); mount = createMount();
// spyOn(Notify, 'alert');
}); });
afterAll(() => { afterAll(() => {

1
web/regression/javascript/SecurityPages/LoginPage.spec.js
View File

@ -21,7 +21,6 @@ describe('LoginPage', ()=>{
/* https://material-ui.com/guides/testing/#api */ /* https://material-ui.com/guides/testing/#api */
beforeAll(()=>{ beforeAll(()=>{
mount = createMount(); mount = createMount();
// spyOn(Notify, 'alert');
}); });
afterAll(() => { afterAll(() => {

1
web/regression/javascript/SecurityPages/MfaRegisterPage.spec.js
View File

@ -21,7 +21,6 @@ describe('MfaRegisterPage', ()=>{
/* https://material-ui.com/guides/testing/#api */ /* https://material-ui.com/guides/testing/#api */
beforeAll(()=>{ beforeAll(()=>{
mount = createMount(); mount = createMount();
// spyOn(Notify, 'alert');
}); });
afterAll(() => { afterAll(() => {

1
web/regression/javascript/SecurityPages/MfaValidatePage.spec.js
View File

@ -21,7 +21,6 @@ describe('MfaValidatePage', ()=>{
/* https://material-ui.com/guides/testing/#api */ /* https://material-ui.com/guides/testing/#api */
beforeAll(()=>{ beforeAll(()=>{
mount = createMount(); mount = createMount();
// spyOn(Notify, 'alert');
}); });
afterAll(() => { afterAll(() => {

1
web/regression/javascript/SecurityPages/PasswordResetPage.spec.js
View File

@ -21,7 +21,6 @@ describe('PasswordResetPage', ()=>{
/* https://material-ui.com/guides/testing/#api */ /* https://material-ui.com/guides/testing/#api */
beforeAll(()=>{ beforeAll(()=>{
mount = createMount(); mount = createMount();
// spyOn(Notify, 'alert');
}); });
afterAll(() => { afterAll(() => {