Project Details
crm-dashbaord
solutionbowl/crm-dashbaord · Bitbucket · Default branch main
Security Findings
Low security scores and security-related AI review notes.
| Commit | Security Score | Finding | Date |
|---|---|---|---|
| 12c3add8 | 90 | The commit fixes an issue where arrow keys are properly consumed to prevent native number input behavior interfering with custom navigation. The fix improves UX by reserving arrow keys for navigation across input fields instead of changing input values. However, the commit message lacks detail and the scope of the change is limited to preventing default behavior on arrow keys with no additional context or tests. There is low bug risk and no apparent security impact. The work is somewhat low value since it's a minor UX fix without description or verification. | 10 Jul 2026 |
| 2d5d0971 | 80 | The commit fixes arrow key handling issues by stopping event propagation and wrapping navigation within UI tables. While this addresses a user interaction bug, the lack of detailed commit message and tests lower overall quality and business value scores slightly. The changes reduce risk of unintended browser behavior and potential bugs in navigation. Security risk is low since event handling is local to UI behavior. | 10 Jul 2026 |
| e4b603c4 | 70 | The commit introduces a nuanced handling for numeric input fields that can optionally allow decimals, improving input validation and user input handling. It makes the decimal allowance configurable via data attributes, reducing bugs with numeric input in admin pages. However, some edge cases like multiple decimal points or unexpected input sequences might still need further validation. The commit message is minimal and somewhat generic. | 09 Jul 2026 |
| cc1ac223 | 80 | The commit introduces advanced handling for market types and runner selections in a horse racing context. It adds utility functions for formatting and building market names based on selected runners and fancy types, enhances UI behavior with condition checks, and integrates validation with user feedback (toasts) for runner selections. The changes overall improve business logic and user interface functionality, though some reused strings and magic values could be made more robust. The risk of bugs is low but string handling could be prone to corner cases. Security impact is moderate due to UI logic only without direct input handling vulnerabilities. | 09 Jul 2026 |
| 26f4345c | 80 | The commit implements responsive CSS styling changes to the AdminRacepage, improving layout adaptability on various screen sizes without introducing functional changes. The work is valuable for usability but lacks explanatory commit message and test coverage. The styling changes focus on flex and grid layouts and media queries for better responsiveness. No new logic or backend functionality was added, reducing security or bug risk. However, the very brief commit message 'responsivie work' is vague and contains a typo, lowering clarity and maintainability. Also, the absence of comments or tests reduces quality confidence. | 09 Jul 2026 |
| 1f0426ed | 80 | This commit adds functionality related to managing 'fancy' market types for horses with additional UI controls and helper functions for managing runner selections and formatting runner numbers. The changes include multiple UI updates and CSS enhancements. The implementation is fairly clean with logical separations in helper functions, improving code readability and maintainability. However, some minor validation and error handling improvements could be considered for safety. Security risk is low assuming UI input is properly validated elsewhere. Business value is moderate given the feature-specific nature of changes. Bug risk is low but some edge cases in list operations and UI conditional rendering warrant attention. | 09 Jul 2026 |
| 110a1376 | 70 | The commit adds extensive CSS styling along with a set of utility functions and handlers for admin input navigation and digit-only input enforcement. The code improves UI interaction quality and constrains input values, which can reduce bugs and improve user experience. However, the diff lacks tests or error handling for edge cases and could improve documentation. The commit message lacks detail on the purpose and scope of changes. The CSS changes have no direct impact on security or bug risk, while JS input handling reduces risk of invalid data. No security-sensitive code changes are visible. | 09 Jul 2026 |
| d3041e07 | 20 | The commit adds a column configuration for displaying race names with ellipsis styling for overflow. This improves UI clarity and fixes display issues, thereby enhancing user experience. However, there is minimal impact on security and bug risks are low since it's a UI only change. | 09 Jul 2026 |
| cd3da077 | 90 | The commit adds a column definition for displaying race names in a table with styling to handle overflow and show tooltips. It improves UI readability and fixes the 'race name' display issue as stated, with low risk of bugs or security flaws. The commit message is minimal and lacks detail on what the exact issue was or other context. | 09 Jul 2026 |
| 840ec5b9 | 80 | The commit introduces comprehensive responsive CSS styles for the AdminRacepage and AdminMarketPage in horse racing modules, improving UI adaptability across devices. This enhances user experience but mostly involves UI layout changes with no code or logic updates, which limits business value impact and poses minimal bug or security risk. | 08 Jul 2026 |
| 34ad8622 | 80 | The commit adds functionality to toggle visibility of Back and Lay static volume data on AdminRacepage and AdminMarketPage components using checkbox inputs and state hooks. The implementation uses Sets to track hidden markets, with callbacks to toggle membership. This improves user customization and UI clarity without notable bug risk or security issues. However, code repetition occurs across two similar pages and some inline styles could be extracted. | 03 Jul 2026 |
| 00808c24 | 90 | This commit improves user experience by making volume checkboxes unchecked by default, hiding the volumes unless explicitly shown. It introduces new state handling for tracking visible volumes with Sets, applied consistently in two components. The implementation seems straightforward and unlikely to introduce bugs or security issues. However, the commit message is brief and could provide more context. The code could benefit from comments explaining the rationale, and unit tests to cover this behavior. | 03 Jul 2026 |
| c4489b73 | 70 | This commit introduces start and end betting times for races, including a utility to convert date formats, validation, and UI form changes. The changes improve race management capabilities by allowing more detailed time tracking and validation for betting periods, which supports better business logic and user experience. The validation reduces risk of logical bugs related to time. However, the code could benefit from additional error handling and clarity in some areas, and the commit message is minimal and could be improved for clarity. | 02 Jul 2026 |
| 1f3abf5a | 95 | The commit adds bet start and end time handling to the race creation and market UI, including validation and conversion to ISO string format. This improves the business functionality with proper timestamps for betting periods. Quality is enhanced by conversion and validation logic, though additional edge case testing could further reduce bugs. Security impact is minimal but well done with validation and careful date handling. | 02 Jul 2026 |
| bd044d27 | 90 | The commit introduces a 'void' disable condition across multiple UI elements in RaceDetail.tsx to prevent actions when the race status is 'VOID'. It improves UX by disabling controls and visually indicating the void state through badges and style changes. The changes appear consistent and improve the business logic by handling the void state properly, reducing possible invalid state interactions. The bug risk is low, though extensive usage of the 'isVoid' flag could be reviewed for edge cases. No direct security issues are apparent. | 02 Jul 2026 |
| 07d4596b | 70 | The commit adds a new 'VOID' race status that disables various UI elements across the RaceDetail component, improving user experience by preventing interactions with void races. The implementation is consistent and thorough, touching many relevant UI elements and conditions. | 02 Jul 2026 |
| 4bffd37f | 40 | The commit message is uninformative and the diff snippet shows only one line added with a conditional rendering check. It is unclear what isVoid means or the context of this check, reducing traceability and maintainability. No new tests or detailed logic are shown, limiting the understanding of impact and value. | 02 Jul 2026 |
| 61e5ceee | 85 | The commit adds a permission sync indicator component that shows a visual indicator when permissions are being refreshed. It also includes configuration adjustments for permission refresh intervals and auto-refresh settings, as well as periodic permission refresh logic in the auth hook. The implementation is clear with descriptive comments and well-structured, enhancing user experience by giving real-time feedback on permission sync status. However, the simulated API call with setTimeout in the indicator component can be improved to reflect real API responses, and more explicit error handling could be added for better robustness. There is also a minor typo in the commit message. Overall, the changes moderately increase business value by improving UX and maintaining up-to-date permissions automatically, with relatively low bug risk and decent security considerations. | 16 May 2026 |
| 3b0752ad | 70 | Introduces a PermissionSyncIndicator React component that visually displays when user permissions are being refreshed automatically as per a configured interval. Adds configuration for permission refresh in auth.config and minor enhancements in useAuth hook for permission refreshing. The implementation improves user experience by making permission syncing status transparent and leverages existing app authentication mechanisms. Code is clean and well-commented. However, the commit message is uninformative, and the injecting of CSS via JavaScript can be improved for maintainability. Minor risk of bug if interval controls are not managed carefully. | 18 May 2026 |
| 9ab00989 | 90 | The commit introduces the 'market_odds_type' feature in multiple components with consistent implementation including typing, conditional rendering, and UI changes. The logic to hide/show sections based on the odds type is clear and well-incorporated. However, there are some repeated inline style calculations and conditional logic that could be abstracted for clarity and maintainability. There is some commented code that should be removed to clean the codebase. No significant security issues are found, and the bug risk is low but could be further reduced with additional validations or type strictness. | 06 May 2026 |
| 1015eafb | 70 | The commit brings a comprehensive implementation of the market_odds_type feature across multiple key components related to horse racing markets and stats, enhancing UI behavior and data consistency. However, some redundant or repetitive style and conditional logic patterns reduce maintainability. Some commented-out code remains which may cause confusion and minor clutter. There is no clear indication of added tests or validations for the new marketOddsType logic. Accessibility is addressed for hiding sections but could be improved by ensuring all necessary semantics are properly implemented. | 07 May 2026 |
| f55559fd | 30 | The commit appears to resolve a merge conflict by choosing one version of styles and table rendering code. However, the commit message is uninformative and contains a typical merge conflict marker artifact in the diff, indicating incomplete cleanup. This impacts code readability and maintainability (quality). The changes involve mostly UI styling and table display with no new features or bug fixes, limiting business value. The merge conflict leftover marker could cause build or runtime errors (bug risk). No explicit security fixes or risks addressed aside from showing some user data in UI, so the security score is low. The vague commit message and presence of conflict markers increase the risk of fake or careless work. | 06 Apr 2026 |
| 6301f3af | 80 | The commit adds a custom hook useBets for fetching bet data and many utility functions and state management for a horse race admin page. It improves feature completeness with data handling and UI toggles but could be improved with better type usage, error handling, and documentation. The security posture is decent due to controlled API usage and error toast notifications. Low bug risk overall, though mutable states and dependency handling could be better. Fake work risk is low given meaningful feature additions. | 06 Apr 2026 |
| 997f4204 | 50 | This commit removes a large block of style definitions and replaces styled table components with plain class-based table components, including removal of CSS-in-JS styling. There are leftover conflict markers (e.g., <<<<<<< HEAD, =======, >>>>>>>), indicating an unresolved merge conflict in the code. The commit message is minimal and non-descriptive. The code changes reduce code clarity and styling consistency, and the unresolved conflict markers introduce syntax errors causing build or runtime failures. This dramatically increases bug risks and reduces code quality and business value. | 06 Apr 2026 |