Inappropriate coding practices - Unused properties - TypeScript

Inappropriate coding practices - Unused properties - TypeScript

Need

Elimination of unused properties in the codebase

Context

  • Usage of TypeScript for statically typed JavaScript development
  • Usage of Express for building web applications and APIs

Description

Non compliant code

        import express from 'express';

const app = express();

class User {
  private name: string;
  private age: number;
  private email: string;

  constructor(name: string, age: number, email: string) {
    this.name = name;
    this.age = age;
    this.email = email;
  }

  getName(): string {
    return this.name;
  }
}

app.get('/user', (req, res) => {
  const user = new User('John Doe', 25, 'john.doe@example.com');

  // Unused properties: age and email
  res.json({ name: user.getName() });
});

app.listen(3000, () => {
  console.log('Server is running on port 3000');
});

The vulnerability in this code is related to inappropriate coding practices of having unused properties in the User class. The properties age and email are defined but not used anywhere in the code. This adds unnecessary complexity to the source code and can hinder its maintainability.

Having unused properties in the code can also lead to unoptimized source code, which may affect the performance of the application. These unused properties consume memory and processing power without providing any benefit.

To address this vulnerability, it is recommended to remove the unused properties ( age and email) from the User class. This will simplify the code and improve its maintainability.

Steps

  • Identify the unused properties in the User class: age and email.
  • Remove the unused properties from the User class.
  • Update the constructor and any other relevant methods to remove references to the removed properties.
  • Test the application to ensure it functions as expected without the unused properties.

Compliant code

        import express from 'express';

const app = express();

class User {
  private name: string;

  constructor(name: string) {
    this.name = name;
  }

  getName(): string {
    return this.name;
  }
}

app.get('/user', (req, res) => {
  const user = new User('John Doe');

  res.json({ name: user.getName() });
});

app.listen(3000, () => {
  console.log('Server is running on port 3000');
});

The fixed code addresses the vulnerability by removing any unused properties from the application source code.

In the code, we import the 'express' module and create an instance of the express application.

We define a class called 'User' with a private property 'name' and a constructor that takes a 'name' parameter and assigns it to the 'name' property.

The class also has a method called 'getName()' that returns the value of the 'name' property.

In the route handler for the '/user' endpoint, we create a new instance of the 'User' class with the name 'John Doe'. We then send a JSON response with the user's name by calling the 'getName()' method.

Finally, we start the server on port 3000 and log a message to indicate that the server is running.

This fixed code removes any unused properties, ensuring that the source code is more maintainable and optimized for performance.

References