Project Details

super-admin

solutionbowl/super-admin · Bitbucket · Default branch main
Back to Projects

Security Findings

Low security scores and security-related AI review notes.
CommitSecurity ScoreFindingDate
23ec28e6 60 The commit introduces role-based filtering for exposure details, focusing on super and master roles. It adds several utility functions and integrates role checks across components. The code appears logically consistent, but lacks detailed commit message and comments, which could improve maintainability and clarity. 11 Jul 2026
d971f360 60 The commit introduces user role based filtering of exposure data, enhancing feature granularity. It generally improves business value by securing access controls based on role and implementing role normalization. However, there are some areas lacking thorough input validation and explicit role management, which could cause bugs or security issues. 11 Jul 2026
846680ae 80 This commit adds UI improvements including date/time display, timezone switcher in the navbar, and refresh toggle features. The clock uses hooks and memoization appropriately. Important controls implement proper state and logout functionality. Some redundant or copy-pasted code is present that could be simplified. Refresh toggling and staleTime/refetchOnMount settings improve API freshness but could impact performance if not calibrated. Security is reasonably handled with user info display and logout, but no explicit security enhancements or risks are introduced. 10 Jul 2026
5d2cc225 85 This commit introduces enhancements to the navbar including current time display with timezone support and user session info. It also updates multiple components to enable consistent auto-refresh behaviors with appropriate refetch policies. The code is generally well structured but can benefit from minor improvements in readability and possibly caching the GMT offset for performance. The security and bug risk are low as no critical changes or sensitive data handling is introduced. Business value is high due to improved user experience and UI clarity. 10 Jul 2026
317403f1 70 This commit adds comprehensive handling for multiple profit-loss event aliases in the socket listener, improving coverage and robustness. It includes normalization and checks for event names, along with appropriate callbacks to refresh the reports. Logging is added for visibility. However, the implementation could benefit from improved code comments, input validation, and better error handling to reduce risk further. 10 Jul 2026
87fd5281 75 The commit introduces handling for multiple aliases of the profit-loss socket event in a React app, with adequate logging and event normalization for consistency. The changes enhance maintainability and robustness against event name variations, reducing bug risk related to missing or misnamed socket events. However, some minor risks remain due to use of JSON.parse without try-catch and reliance on console.info for logging rather than more robust logging or error capture. Business value is good given the fix is targeted at a core functionality (profit-loss reporting). Security is moderate due to potential parsing risks. 10 Jul 2026
8a6ae6e2 50 The commit adds functionality to fetch and normalize net bets data from an API, integrating it with existing queries using useQuery React hooks. The normalization function robustly handles varying key names and data shapes. Some duplication exists between two files (net-exposure-detail.tsx and user-exposure-detail.tsx) with highly similar normalization and fetching logic. The code introduces detailed mapping of bet data fields improving data handling quality and robustness. However, there is limited input validation beyond type coercion, and userId extraction differs between files without clear consistency. Error handling in async calls is not evident. The commit message is sparse, providing no context. 10 Jul 2026
f790f431 60 This commit adds fetching and normalization of net bets data in two components, improving data handling and UI reactivity with useQuery hooks. The normalization functions are robust in handling varied response shapes. However, the commit message is uninformative, and some minor function duplications exist between files. There is also no explicit error handling or input validation in fetch functions which could reduce robustness. 10 Jul 2026
595e9701 40 The commit adds route state monitoring for tab switch API calls to refetch data when certain route parameters change, which improves user experience by timely updates. It also includes utility functions to deduplicate bet data which improves performance and data consistency. However, reliance on routeHref state as a dependency, minimal error handling, and verbose console logging present risks to maintainability and potential debugging noise in production. The absence of security considerations and type validation reduces security score. The commit message lacks detail about the precise API calls made or outcomes expected, limiting business context. 10 Jul 2026
9d8b2c30 40 The commit adds hooks to trigger API refetches when the route changes in two key detail components and introduces utility functions to filter duplicate bets. The improvements enhance data freshness and UI responsiveness to navigation changes, increasing business value. The code uses set-based uniqueness filtering, reducing potential duplicated data. However, several console logging statements remain, which is low quality for production and may leak info. The commit message is vague and lacks clarity on implementation details. No obvious security improvements or bug fixes are present, and refetch logic may lead to excessive calls if route changes rapidly. 10 Jul 2026
2618eddb 80 The commit introduces a well-structured export feature for bets to Excel with support for multiple layouts and detailed bet leg breakdowns. The code is modular with multiple helper functions improving maintainability and readability. It adds useful features likely increasing business value by enabling better reporting and data export. There is a minor bug risk if the mapping functions (getBet, etc.) are flawed or if the XLSX library usage is incorrect, but overall risk is low. Security could be improved via validation or sanitization of input data before exporting. The commit message could be more descriptive regarding the layout parameter and specific features. 10 Jul 2026
6c2ec1b3 50 This commit adds a comprehensive Excel export feature for bets with multiple layouts accommodating different report styles. The code modularizes the export functionality and dynamically builds Excel sheets with relevant headers and rows based on layout. It also integrates linking between main bets and their legs. However, it lacks comments and type safety checks that could improve maintainability and reduce risks. No security-critical functionality was changed, but exporting potentially sensitive info (like IP addresses) requires careful consideration. The commit message is vague and lacks detail on changes. 10 Jul 2026
1804989f 50 The commit implements a custom React hook for managing socket connections with well-defined event listeners and reconnection logic. It cleanly abstracts complex behavior with references and conditions. However, there are commented out lines related to auth configuration which could weaken security. Some sensitive operations and error handling could be improved. 09 Jul 2026
f7a28381 50 The commit introduces a new hook for socket implementation with detailed event handling and logging for a reporting feature. While it adds useful real-time functionality, there are concerns due to commented out authentication lines, inconsistent payload handling, and extensive console logging which could affect security and production readiness. 09 Jul 2026
68f217fe 60 The commit adds filtering functionality based on user IDs in the user exposure detail component and updates navigation logic accordingly. The filtering uses React's useMemo for performance optimization. The addition of socket.io-client is noted in the package.json. The implementation is straightforward and enhances user-specific data views, adding business value. However, the commit message is vague, lacking detail about the purpose or impact of these changes. Some lines handling navigation could become buggy if user IDs are undefined or improperly passed. The security posture is moderate because no explicit security controls or validations are evident in the commit. There is also a modest risk of confusion or bugs if the filtering logic or navigation does not handle edge cases. 09 Jul 2026
5a1692a1 50 The commit introduces filtering of bets based on a user ID, navigation enhancements, and UI improvements to display filtered bets and user details. The useMemo hook is used appropriately for memoization. However, there is minor duplication with userId navigation logic and lack of validation on userId input, which could pose a slight security risk. The commit message is vague and does not clearly describe the changes, reducing clarity. 09 Jul 2026
90eb17ef 90 The commit removes refresh button functionality by commenting out relevant code instead of deleting it. This reduces interactivity and utility for users while leaving potentially confusing commented code in the source. The change slightly reduces business value and clarity, but does not introduce security risks. Bug risk is moderate as stale or unrefreshed data may cause issues. 09 Jul 2026
eda2216f 80 This commit removes a refresh button feature by commenting out related code instead of deleting it outright. While removing unused features can reduce complexity, leaving large blocks of commented code can reduce codebase cleanliness and maintainability. The commit message is vague and provides little context. The change decreases business value by removing a user-initiated refresh feature, and may increase bug risk if this causes stale data confusion. The security impact is minimal. 09 Jul 2026
c9f40bb3 70 This commit introduces a refresh toggle component and integrates it into various parts of the app, improving user control over refresh behavior. The code uses hooks and localStorage to preserve toggle state across sessions. The implementation is clean and uses proper React patterns. However, the commit message is too brief and vague. Also, the refresh toggle is stored in localStorage with a simple true/false string, which may have limitations on security or data integrity. The impact on security is limited but could be improved with better validation or isolation of the stored value. Despite extensive usage, there is minor potential risk for race conditions or inconsistent UI state if the window event handling is not robust. Overall, the change adds real business value by enhancing UX for auto-refresh functionality and seems well implemented. 09 Jul 2026
eb780348 80 This commit introduces a centralized refresh toggle feature with a UI component, hook, and localStorage sync across many parts of the app. The toggle allows users to enable or disable automatic refreshes, which can improve UX by controlling data fetching behavior. The implementation includes proper syncing of state on storage and custom events. However, there is mild risk of subtle bugs if state read/write from localStorage is inconsistent or if the window object is not available (e.g., server-side rendering). No immediate security concerns are apparent since the feature deals mostly with UI state and local storage without sensitive data exposure. The commit message is minimal and could be more descriptive. The widespread integration indicates good business value by improving user control over refresh behavior across features. 09 Jul 2026
935221a1 50 The commit adds refresh capabilities with disabled states on fetch-related UI elements, improving UX by preventing multiple refreshes while fetching. However, the commit message is vague and some repeated patterns could be abstracted to reduce code duplication. 09 Jul 2026
41b3563d 30 This commit adds a new Excel export feature for bets with detailed type definitions and UI integration, improving business value by enabling users to export data easily. The implementation is mostly clean and user-friendly. Dynamic import of the xlsx library is appropriate to reduce initial load. The risk of bugs is low because there is defensive handling of empty datasets. However, security improvements could be made regarding the handling of potentially sensitive data (like IP addresses) and sanitizing data before export. Minor improvements on error handling and clearer commit message would help overall quality and maintainability. 09 Jul 2026
239001ab 70 This commit introduces a new XLSX export feature for bets with well-structured types, dynamic import of the xlsx library, and UI integration. It improves business value by enabling users to export data easily. The code is mostly clean and uses types, but some small improvements in error handling and filename sanitization could enhance robustness and security. 08 Jul 2026
1af2bf90 80 The commit introduces a CsvExportButton component for downloading CSV files and integrates it into the MultiBet route. The implementation uses typed props and memoization for efficient CSV data generation. The new routes for user exposure details and bets are also added. Overall, the quality is good with proper React patterns and error handling. Business value is high given the export feature and new routes. Bug risk is low but could be improved by better validation and tests. Security score is good but depends on underlying exportCsv implementation. The changes appear genuine with meaningful feature additions. 08 Jul 2026
b5f9f31f 70 This commit adds various UI improvements and fixes, refactors some components related to listing and refreshing reports, and introduces utility functions and new data presentation items. It includes commented-out code sections which reduce clarity and could cause confusion. There is a pattern of improving data formatting and state handling with countdown timers for refresh; however, the commit message is minimal and non-descriptive. 07 Jul 2026
ff4de76d 60 The commit adds various UI features, such as adding refresh functionality with countdown timers in report components, and enhancing the balance and user listing pages with additional status fields and formatting. It includes user experience improvements and performance optimizations with automatic refresh. However, some commented out code blocks left in several files reduce clarity and maintenance quality. The creation of a default email in user-listing is simple but may impose incorrect business logic if example.com is seen as a placeholder. There are no obvious severe security risks but input sanitization on email fallback is simplistic. Overall, this commit modestly improves functionality and user interaction with minor issues in code cleanliness. 07 Jul 2026
1b1a9e3b 90 The commit introduces multi-legs odds handling by adding totalLegs/totallegs fields and updating the logic to hide odds display for multi-leg bets. The code adds small utility functions and comments out existing lines. However, there is inconsistency in property naming (totalLegs vs totallegs), some commented-out code left in place, and unclear naming conventions impacting maintainability and potential for bugs. Business value is moderate as it supports multi-leg bets but lacks clear description and test coverage evidence. Security risk is low as no sensitive logic is changed. 07 Jul 2026
2f5b6d4e 90 This commit adds support for multi leg bet odds display by introducing totalLegs/totallegs properties and a getBetLegCount utility. It conditionally formats odds display for multi-leg bets. Some commented-out code suggests incomplete cleanup. The code is reasonably clear, but inconsistent casing (totalLegs vs totallegs) risks bugs. The commit message is minimal and not descriptive. There is no evident new security concern. 07 Jul 2026
9b2387c4 60 The commit adds a refresh countdown and a refresh button with hover effect in the MultiBet.tsx file. Also includes minor UI improvements such as text truncation and user input processing in user-listing.tsx. However, input handling lowercases usernames without clear validation, and the refresh countdown is fixed at 30 seconds without configuration. 06 Jul 2026
fc43700f 60 The commit adds a refresh countdown timer with automatic data refetching and a manual refresh button in MultiBet.tsx, improving UI responsiveness and data accuracy. It also refines user input handling by normalizing usernames to lowercase and enhances UI with hover effects and truncated text tooltips. However, the commit lacks input validation and error handling around the refetch functionality, which could lead to bugs or poor user experience. Security improvements through input sanitization are minimal and could be enhanced. 06 Jul 2026
ebe4f41d 80 This commit improves the bet-list UI by adding more detailed bet information columns, formatting, and status display improvements. It enhances user experience and business value by showing potential wins, profit/loss, and status with color-coded labels. The risk of bugs appears low as changes are UI-focused and use existing helper functions for formatting. Security score is reasonable given no sensitive data handling changes are introduced, but no explicit security improvements are made. 03 Jul 2026
1c66682d 40 The commit adds a bet ticker feature displaying various bet related data. It improves user information visibility but lacks input validation and type safety in certain areas. The code formatting and naming conventions are generally good. There are no obvious security fixes or input sanitizations noted. The commit message is very brief and not descriptive. 03 Jul 2026