I created some little app that get args and use them to create report file.
but i got medium checkmarx.
this is my code (after i tried to fix the checkmarx with Math.min):
import reporter from 'cucumber-html-reporter';
/*******************************************************
* Only for local run, this comes from the base docker
*/
const options = {
theme: 'bootstrap',
jsonFile: 'report/reportData.json',
output: 'report/report.html',
reportSuiteAsScenarios: true,
scenarioTimestamp: false,
launchReport: false,
brandTitle: 'Puppeteer Tests Report',
columnLayout: 1,
metadata: {
Name: 'Puppeteer Tests'
}
};
const total = Math.min(parseInt(process.argv.length), 1000);
if(total < 0) {
throw new Error('Invalid userInput');
}
// getting the IP
for (let i = 0; i < total; i++) {
const arg = process.argv[i];
if (arg.includes('--ip')) {
options.metadata.IP = process.argv[i + 1];
}
}
reporter.generate(options);
and this is the checkmarx:
The application goes into a loop with total at base_ond_puppeteer_jsreporter.js in line 27. However, to determine the amount of iterations that this loop performs, the application relies on the user input argv at base_ond_puppeteer_jsreporter.js in line 21. Similarity ID: 954597347
and one more checkmarx for same line:
Method Math.min at line 21 of base_ond_puppeteer_jsreporter.js gets user input from element argv . This element’s value flows through the code without being validated, and is eventually used in a loop condition in for at line 27 of base_ond_puppeteer_jsreporter.js. This constitutes an Unchecked Input for Loop Condition. Similarity ID: 954683830
i tried a lot of things to validate the argv but nothing worked.
TNX a lot đŸ™‚