khjgfd

123445

@@ -0,0 +1 @@
+fbdfnadf

BUILD_BREAK

@@ -0,0 +1 @@
+BUILD_BREAK

LJ IH UGV

@@ -0,0 +1 @@
+LDF 'LM V

NEWWW

@@ -0,0 +1 @@
+JHOUV

NEW_BUILD_BREAK

@@ -0,0 +1 @@
+ JVHVLYVIU;V

QTEST.TXT

@@ -0,0 +1 @@
+JHVHGC

TEST.TXT

@@ -0,0 +1 @@
+JHJH

add

@@ -0,0 +1 @@
+cdscwe

app/routes/contributions.js

@@ -1,80 +1,82 @@
 const ContributionsDAO = require("../data/contributions-dao").ContributionsDAO;
-const {
-    environmentalScripts
-} = require("../../config/config");
+const { environmentalScripts } = require("../../config/config");
 
 /* The ContributionsHandler must be constructed with a connected db */
 function ContributionsHandler(db) {
-    "use strict";
+  "use strict";
 
-    const contributionsDAO = new ContributionsDAO(db);
+  const contributionsDAO = new ContributionsDAO(db);
 
-    this.displayContributions = (req, res, next) => {
-        const {
-            userId
-        } = req.session;
+  this.displayContributions = (req, res, next) => {
+    const { userId } = req.session;
 
-        contributionsDAO.getByUserId(userId, (error, contrib) => {
-            if (error) return next(error);
+    contributionsDAO.getByUserId(userId, (error, contrib) => {
+      if (error) return next(error);
 
-            contrib.userId = userId; //set for nav menu items
-            return res.render("contributions", {
-                ...contrib,
-                environmentalScripts
-            });
-        });
-    };
-
-    this.handleContributionsUpdate = (req, res, next) => {
+      contrib.userId = userId; // set for nav menu items
+      return res.render("contributions", {
+        ...contrib,
+        environmentalScripts,
+      });
+    });
+  };
 
-        /*jslint evil: true */
-        // Insecure use of eval() to parse inputs
-        const preTax = eval(req.body.preTax);
-        const afterTax = eval(req.body.afterTax);
-        const roth = eval(req.body.roth);
+  this.handleContributionsUpdate = (req, res, next) => {
+    // ✅ SAFE: Never use eval() for user input
+    // Parse and validate numeric inputs
+    const parseNumber = (val) => {
+      if (typeof val === "number") return val;
+      if (typeof val === "string") {
+        const num = Number(val.trim());
+        return Number.isFinite(num) ? num : NaN;
+      }
+      return NaN;
+    };
 
-        /*
-        //Fix for A1 -1 SSJS Injection attacks - uses alternate method to eval
-        const preTax = parseInt(req.body.preTax);
-        const afterTax = parseInt(req.body.afterTax);
-        const roth = parseInt(req.body.roth);
-        */
-        const {
-            userId
-        } = req.session;
+    const preTax = parseNumber(req.body.preTax);
+    const afterTax = parseNumber(req.body.afterTax);
+    const roth = parseNumber(req.body.roth);
 
-        //validate contributions
-        const validations = [isNaN(preTax), isNaN(afterTax), isNaN(roth), preTax < 0, afterTax < 0, roth < 0];
-        const isInvalid = validations.some(validation => validation);
-        if (isInvalid) {
-            return res.render("contributions", {
-                updateError: "Invalid contribution percentages",
-                userId,
-                environmentalScripts
-            });
-        }
-        // Prevent more than 30% contributions
-        if (preTax + afterTax + roth > 30) {
-            return res.render("contributions", {
-                updateError: "Contribution percentages cannot exceed 30 %",
-                userId,
-                environmentalScripts
-            });
-        }
+    const { userId } = req.session;
 
-        contributionsDAO.update(userId, preTax, afterTax, roth, (err, contributions) => {
+    // ✅ Validate contributions
+    const validations = [
+      isNaN(preTax),
+      isNaN(afterTax),
+      isNaN(roth),
+      preTax < 0,
+      afterTax < 0,
+      roth < 0,
+    ];
 
-            if (err) return next(err);
+    const isInvalid = validations.some(Boolean);
+    if (isInvalid) {
+      return res.render("contributions", {
+        updateError: "Invalid contribution percentages",
+        userId,
+        environmentalScripts,
+      });
+    }
 
-            contributions.updateSuccess = true;
-            return res.render("contributions", {
-                ...contributions,
-                environmentalScripts
-            });
-        });
+    // ✅ Prevent excessive total contributions
+    if (preTax + afterTax + roth > 30) {
+      return res.render("contributions", {
+        updateError: "Contribution percentages cannot exceed 30%",
+        userId,
+        environmentalScripts,
+      });
+    }
 
-    };
+    contributionsDAO.update(userId, preTax, afterTax, roth, (err, contributions) => {
+      if (err) return next(err);
 
+      contributions.updateSuccess = true;
+      return res.render("contributions", {
+        ...contributions,
+        environmentalScripts,
+      });
+    });
+  };
 }
 
 module.exports = ContributionsHandler;

artifacts/cert/server.key

@@ -1,15 +1 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQCfn8uP4FuHaaAPrMkcl1fNMQM5EGMT4nnNSVoaEVdiDLc6P0mC
-AZtUO9W0OjWow+TwGk3HkqoSJOA9KRMrzK7MtEKfwNgzpsHo4m+mHaPg5DUyicnU
-/hfUDvjGcHvTQjW8O4/chtMVl2h7P8QtPi9QDcWqxmEXCLqTB6BZXrVkjQIDAQAB
-AoGAEfIdKKfIooi1fg2m7pf1PxRrkFbPTMUBfJrqjlO0x0k2sE29LeiQVgAEHqcM
-sVSUwIm0hONwS2np6/ZaOWphnGSRt5r0FoHSt8AEakQjh5Oajkn7xw+/IxwFhzSa
-fMPkG/xbAlo0zTGGLWtHa0oLhEpvZ/gQ/nk48iFVz+YZ5gECQQDNzGeWyX1FKbNF
-8wUzZyBQd7e9UyDSaSCj1x9vWhK0tI6Oyl/p85Izh48gHTKlGjCKOe8ktJQtudJ3
-xq9nApZ9AkEAxo/srNkEARmu+/W9P16IvM3QQJQhkF23Mz1WC1uFIDyG4iyng+Le
-nmkoqwT6jA9YArj06Mw/ylh4fcjxi4KTUQJBALWXO4CN4f95QDrkqR4mTRkzyelA
-xKFlKevoElDLBd51w6SzZdalmcfmQaBwoxOT/Gi7ngyhWm7OnKwboQIgAnECQQCY
-H/gxzOoWdbjsbK8a97BHBl/AujykwEf1R86+UNXDhtvIOHH2xz/LmcGAlQXnfHHv
-VAi+uo08118o72Svf9ChAkEApRCZgczlNNQpvEsWTUBmNAHqj9hgmLTrJv4ywsPK
-kTwqg6U9lF+NaLWVfvSIb1LY+M63juJHafAGKQvH+/di+g==
------END RSA PRIVATE KEY-----
+

asdvas

@@ -0,0 +1 @@
+abasfdbadsbdsfb

bbON

@@ -0,0 +1 @@
+BBON

build break on patch 1

@@ -0,0 +1 @@
+test git bui;dbreak

config/env/all.js

@@ -1,14 +1,13 @@
-// default app configuration
+
 const port = process.env.PORT || 4000;
-let db = process.env.MONGODB_URI || "mongodb://localhost:27017/nodegoat";
 
 module.exports = {
     port,
     db,
     cookieSecret: "session_cookie_secret_key_here",
     cryptoKey: "a_secure_key_for_crypto_here",
     cryptoAlgo: "aes256",
-    hostName: "localhost",
+    hostName: "",
     environmentalScripts: []
 };
 

config/env/test.js

@@ -2,7 +2,5 @@ module.exports = {
    // If you want to debug regression tests, you will need the following.
    zapHostName: "192.168.56.20",
    zapPort: "8080",
-   // Required from Zap 2.4.1. This key is set in Zap Options -> API _Api Key.
-   zapApiKey: "v9dn0balpqas1pcc281tn5ood1",
    zapApiFeedbackSpeed: 5000 // Milliseconds.
 };

csadcsaav

@@ -0,0 +1 @@
+kjsdbojdwb

cwec

@@ -0,0 +1 @@
+wcwecewc

dfb

@@ -0,0 +1 @@
+bsdb

fdbadf

@@ -0,0 +1 @@
+dfsvv

hjgciy

@@ -0,0 +1 @@
+ktycyt

ihougyftk

@@ -0,0 +1 @@
+gjhgfxdfsd

jcubpiu

@@ -0,0 +1 @@
+ljgcycy

jlhk.jg,hmgnf

@@ -0,0 +1 @@
+edgrthfjhygkhj.l

kj

@@ -0,0 +1 @@
+,j 

kjhgfhuytr

@@ -0,0 +1 @@
+etrbtafgvytyrt54

ljhgv

@@ -0,0 +1 @@
+ljh  f

nnnnnnnnnn

@@ -0,0 +1 @@
+fsdvsd

off

@@ -0,0 +1 @@
+off

ouiyujthrg

@@ -0,0 +1 @@
+piouyjthrg

r360_Buildbreak

@@ -0,0 +1 @@
+jyufdistrdtliis

re

@@ -0,0 +1 @@
+ rtg

sample.txt

@@ -0,0 +1 @@
+mgcjy

sample1

@@ -0,0 +1 @@
+

sdcdsc

@@ -0,0 +1 @@
+sdvfsavasv

sdfv

@@ -0,0 +1 @@
+bbqfq