Jc/fix code smells

[johnpcooke94]

Fixes the rest of the code smells in the front-end.

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

0.0% Coverage
0.0% Duplication

[johnpcooke94]

@jasekiw @Cliftonz Sonarcloud thinks this is a security issue because we aren't verifying the origin of the message that we're listening to. But this is a reference to a window that we opened ourselves, so I don't think there's any real security risk here? I could be wrong, just wanted to check before I marked the issue resolved on Sonarcloud.

[Cliftonz]

Someone could intercept our call back to a users and put their own vnc messages in there.
I remember talking about this with Jason but I do not remember what we decided on.

[johnpcooke94]

Normally the solution is to just verify the event origin, which I tried, but the BeforeUnloadEvent type that we're using doesn't seem to have a origin property. So I'm not sure what the proper solution here would be, at least not without some significant refactoring.

Let's see if Jason has any ideas, he built this component.

[jasekiw]

@Cliftonz How could someone intercept our callback? They would have to do cross site scripting which would be an even worse exploit.

[jasekiw]

@Cliftonz We're talking about an event handler that asks the user if they are sure if they want to exit, how much damage could exploiting this method really do?

[johnpcooke94]

@jasekiw I'm with you here, I think. I can mark this as won't fix if you're okay with that.

[jasekiw]

we are ok with this

[jasekiw]

This is a dangerous suggestion, it breaks the validation message but it was also broken before in a different way.

it should be this:

Suggested change

	file: object() as ObjectSchema<File>
	file: object<File>().nullable().required('File is required')

[johnpcooke94]

Committed this change.

[jasekiw]

@Cliftonz How could someone intercept our callback? They would have to do cross site scripting which would be an even worse exploit.

[jasekiw]

@Cliftonz We're talking about an event handler that asks the user if they are sure if they want to exit, how much damage could exploiting this method really do?

[jasekiw]

This is how redux is designed to be used, this code smell needs to be disabled

[Cliftonz]

from what I see it is just saying to put the defaults at the end.
https://sonarcloud.io/project/issues?id=ius-csg_cslabs-webapp&issues=AXsiTV_Kw3kkXW2HHOS-&open=AXsiTV_Kw3kkXW2HHOS-

[johnpcooke94]

Jason is right, if you try to flip it, it breaks redux. I marked this as a false positive.

[jasekiw]

This used to break without ts-ignore, it doesn't any more?

[johnpcooke94]

Well, it was working when I opened this PR. But now I've merged dev in and the linter is mad, so I'm not sure what changed. Either way I'll just put it back.

[jasekiw]

This is completely false, it does change the type expressions and is necessary

[johnpcooke94]

Yeah, that's why I removed this comment. I was using the comments to help me keep track of what code smells I hadn't fixed yet. Once I realized this was a false positive I removed the comment and marked the smell resolved.

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

0.0% Coverage
0.0% Duplication

[Cliftonz]

lgtm