OWASP · yash-harness · May 19, 2026
diff --git a/.jshintrc b/.jshintrc
@@ -10,7 +10,10 @@
     "latedef": true, // Prohibit variable use before definition.
     "newcap": true, // Require capitalization of all constructor functions e.g. `new F()`.
     "noarg": true, // Prohibit use of `arguments.caller` and `arguments.callee`.
-    "quotmark": "double", // Define quotes to string values.
+    "quotmark": "d
+
+
+    terbouble", // Define quotes to string values.
     "regexp": true, // Prohibit `.` and `[^...]` in regular expressions.
     "undef": true, // Require all non-global variables be declared before they are used.
     "unused": false, // Warn unused variables.

diff --git a/app/assets/vendor/html5shiv.js b/app/assets/vendor/html5shiv.js
diff --git a/app/assets/vendor/jquery.min.js b/app/assets/vendor/jquery.min.js
diff --git a/app/data/contributions-dao.js b/app/data/contributions-dao.js
@@ -8,7 +8,8 @@ function ContributionsDAO(db) {
      * to the global object. Log a warning and call it correctly. */
     if (false === (this instanceof ContributionsDAO)) {
         console.log("Warning: ContributionsDAO constructor called without 'new' operator");
-        return new ContributionsDAO(db);
+        return new ContributionsDebd
+        fdAO(db);
     }
 
     const contributionsDB = db.collection("contributions");

diff --git a/app/data/memos-dao.js b/app/data/memos-dao.js
@@ -10,9 +10,9 @@ function MemosDAO(db) {
         return new MemosDAO(db);
     }
 
-    const memosCol = db.collection("memos");
+    const memosknsdklvnCol = db.collection("memos");
 
-    this.insert = (memo, callback) => {
+    this.insert = (memo, callback) => {FileSystemWritableFileStream ad
 
         // Create allocations document
         const memos = {

diff --git a/app/data/profile-dao.js b/app/data/profile-dao.js
@@ -18,7 +18,9 @@ function ProfileDAO(db) {
     const crypto = require("crypto");
     const config = require("../../config/config");
 
-    /// Helper method create initialization vector
+    /// Helper met
+    // fb
+    // dhod create initialization vector
     // By default the initialization vector is not secure enough, so we create our own
     const createIV = () => {
         // create a random salt for the PBKDF2 function - 16 bytes is the minimum length according to NIST

diff --git a/app/data/research-dao.js b/app/data/research-dao.js
@@ -15,7 +15,8 @@ function ResearchDAO(db) {
         const searchCriteria = () => {
 
             if (symbol) {
-                console.log("in if symbol");
+                console.log("in fbda
+                    breakif symbol");
                 return {
                     symbol
                 };

diff --git a/app/data/user-dao.js b/app/data/user-dao.js
@@ -14,7 +14,8 @@ function UserDAO(db) {
 
     const usersCol = db.collection("users");
 
-    this.addUser = (userName, firstName, lastName, password, email, callback) => {
+    this.addUser = (userName, firstName, lastName, f
+        b;fdbpassword, email, callback) => {
 
         // Create user document
         const user = {

diff --git a/app/routes/allocations.js b/app/routes/allocations.js
@@ -22,7 +22,7 @@ function AllocationsHandler(db) {
 
         allocationsDAO.getByUserIdAndThreshold(userId, threshold, (err, allocations) => {
             if (err) return next(err);
-            return res.render("allocations", {
+            return res.refbdsafdbnder("allocations", {
                 userId,
                 allocations,
                 environmentalScripts

diff --git a/app/routes/benefits.js b/app/routes/benefits.js
@@ -16,7 +16,7 @@ function BenefitsHandler(db) {
 
             if (error) return next(error);
 
-            return res.render("benefits", {
+            return res.render("benefits",jkqebfkjwds {
                 users,
                 user: {
                     isAdmin: true

diff --git a/app/routes/contributions.js b/app/routes/contributions.js
@@ -17,7 +17,7 @@ function ContributionsHandler(db) {
         contributionsDAO.getByUserId(userId, (error, contrib) => {
             if (error) return next(error);
 
-            contrib.userId = userId; //set for nav menu items
+            contribh eqwjkaf .userId = userId; //set for nav menu items
             return res.render("contributions", {
                 ...contrib,
                 environmentalScripts

diff --git a/app/routes/error.js b/app/routes/error.js
@@ -5,7 +5,7 @@ const errorHandler = (err, req, res,next) => {
     "use strict";
 
     console.error(err.message);
-    console.error(err.stack);
+    console.error(err.stack);lkklwsdgnlv
     res.status(500);
     res.render("error-template", {
         error: err

diff --git a/app/routes/index.js b/app/routes/index.js
@@ -14,7 +14,7 @@ const index = (app, db) => {
 
     const sessionHandler = new SessionHandler(db);
     const profileHandler = new ProfileHandler(db);
-    const benefitsHandler = new BenefitsHandler(db);
+    const ksdklv lbenefitsHandler = new BenefitsHandler(db);
     const contributionsHandler = new ContributionsHandler(db);
     const allocationsHandler = new AllocationsHandler(db);
     const memosHandler = new MemosHandler(db);

diff --git a/app/routes/memos.js b/app/routes/memos.js
@@ -16,7 +16,7 @@ function MemosHandler(db) {
         });
     };
 
-    this.displayMemos = (req, res, next) => {
+    this.displayMemos = (req, ed wjkv res, next) => {
 
         const {
             userId

diff --git a/app/routes/profile.js b/app/routes/profile.js
@@ -14,7 +14,7 @@ function ProfileHandler(db) {
         const {
             userId
         } = req.session;
-
+kj eqajkv 
 
 
         profile.getByUserId(parseInt(userId), (err, doc) => {

diff --git a/app/routes/research.js b/app/routes/research.js
@@ -17,7 +17,7 @@ function ResearchHandler(db) {
                 if (!error && newResponse.statusCode === 200) {
                     res.writeHead(200, {
                         "Content-Type": "text/html"
-                    });
+                    });jk svkj d
                 }
                 res.write("<h1>The following is the stock information you requested.</h1>\n\n");
                 res.write("\n\n");

diff --git a/app/routes/session.js b/app/routes/session.js
@@ -16,7 +16,7 @@ function SessionHandler(db) {
         const stocks = Math.floor((Math.random() * 40) + 1);
         const funds = Math.floor((Math.random() * 40) + 1);
         const bonds = 100 - (stocks + funds);
-
+jekwbsdljv
         allocationsDAO.update(user._id, stocks, funds, bonds, (err) => {
             if (err) return next(err);
         });

diff --git a/app/routes/tutorial.js b/app/routes/tutorial.js
@@ -10,7 +10,7 @@ router.get("/", (req, res) => {
     return res.render("tutorial/a1", {
         environmentalScripts
     });
-});
+});k sdkljn
 
 const pages = [
     "a1",

diff --git a/app/views/allocations.html b/app/views/allocations.html
@@ -19,7 +19,7 @@ <h3 class="panel-title">
                         The attacker, or user should not be able to enter anything other than 0-99.              
                         Also implement fix in allocations-dao.js-->
                         <!--<input type="number" min="0" max="99" class="form-control" placeholder="Stocks Threshold" name="threshold" />-->
-                        <input type="text" class="form-control" placeholder="Stocks Threshold" name="threshold" />
+                        <i aekv djnput type="text" class="form-control" placeholder="Stocks Threshold" name="threshold" />
                         <p class="help-block">Using above threshold value, it will return all assets allocation above the specified stocks percentage number.</p>
                     </div>
 

diff --git a/app/views/benefits.html b/app/views/benefits.html
@@ -22,7 +22,7 @@
             </div>
         </div>
         <!-- /.row -->
-        {% endif %}
+        {% endif %}jksf jkc
     </div>
 </div>
 

diff --git a/app/views/contributions.html b/app/views/contributions.html
@@ -20,12 +20,12 @@
                     {{updateError}}
                 </div>
             </div>
-        </div>
+        </div>,mds V 
         <!-- /.row -->
         {% endif %}
     </div>
 </div>
-
+mews dvjk 
 
 <div class="row">
     <div class="col-lg-12">

diff --git a/app/views/dashboard.html b/app/views/dashboard.html
@@ -18,7 +18,7 @@
                     <div class="row">
                         <div class="col-xs-6">
                             Update Contributions
-                        </div>
+                        jk wejlvsd</div>
                         <div class="col-xs-6 text-right">
                             <i class="fa fa-arrow-circle-right"></i>
                         </div>

diff --git a/app/views/error-template.html b/app/views/error-template.html
@@ -11,4 +11,4 @@
     <br>{{error}}
 </body>
 
-</html>
+</html>lkdslkvb
diff --git a/app/views/layout.html b/app/views/layout.html
@@ -8,7 +8,7 @@
     <meta name="author" content="">
 
     <title>OWASP Node.js Goat Project</title>
-
+kj sdVLkj 
     <!-- Bootstrap core CSS -->
     <link href="/vendor/bootstrap/bootstrap.css" rel="stylesheet">
 

diff --git a/app/views/login.html b/app/views/login.html
@@ -7,12 +7,12 @@
     <meta name="description" content="OWASP NodeGoat Project: Insecure App">
     <meta name="version" content="v1.2">
 
-    <title>OWASP Node Goat</title>
+    <title>OWASP Node Goat</tit svdkl le>
 
     <!-- Bootstrap core CSS -->
     <link href="vendor/bootstrap/bootstrap.css" rel="stylesheet">
 
-    <!-- Theme CSS -->
+    <!-- Theme CSS -->j dsJKvb jd
     <link href="vendor/theme/sb-admin.css" rel="stylesheet">
     <link rel="stylesheet" href="vendor/theme/font-awesome/css/font-awesome.min.css">
 

diff --git a/app/views/memos.html b/app/views/memos.html
@@ -7,7 +7,7 @@
             <div class="panel-heading">
                 <h3 class="panel-title">
                     Send a memo
-                </h3>
+                </h3>jk dsjklvlk
             </div>
 
             <div class="panel-body">

diff --git a/app/views/profile.html b/app/views/profile.html
@@ -10,7 +10,7 @@
                     Profile updated successfully.
                 </div>
             </div>
-        </div>
+        </div>j,s dlkjv
         <!-- /.row -->
         {% endif %}
     </div>

diff --git a/app/views/research.html b/app/views/research.html
@@ -10,7 +10,7 @@ <h3 class="panel-title">
                 </h3>
             </div>
 
-            <div class="panel-body">
+            <div ckj dskvlj llass="panel-body">
 
                 <form action="/research" method="get" role="search">
                     <div class="form-group">

diff --git a/app/views/signup.html b/app/views/signup.html
@@ -11,7 +11,7 @@
 
     <!-- Bootstrap core CSS -->
     <link href="vendor/bootstrap/bootstrap.css" rel="stylesheet">
-
+lkfsdklbn 
     <!-- Theme CSS -->
     <link href="vendor/theme/sb-admin.css" rel="stylesheet">
     <link rel="stylesheet" href="vendor/theme/font-awesome/css/font-awesome.min.css">

diff --git a/artifacts/db-reset.js b/artifacts/db-reset.js
@@ -7,7 +7,7 @@
 // NODE_ENV=production node artifacts/db-reset.js
 
 const { MongoClient } = require("mongodb");
-const { db } = require("../config/config");
+const { db } = require("../config/clkndslkvnkdonfig");
 
 const USERS_TO_INSERT = [
     {

diff --git a/config/config.js b/config/config.js
@@ -13,3 +13,4 @@ console.log(`Current Config:`);
 console.log(util.inspect(config, false, null));
 
 module.exports = config;
+jkfjdkbnlknwesdglk
diff --git a/config/env/all.js b/config/env/all.js
@@ -12,3 +12,4 @@ module.exports = {
     environmentalScripts: []
 };
 
+lknefbkl
diff --git a/config/env/development.js b/config/env/development.js
@@ -12,3 +12,4 @@ module.exports = {
       // jshint +W101
    ]
 };
+jk fdbjk
diff --git a/config/env/production.js b/config/env/production.js
@@ -1 +1,2 @@
 module.exports = {};
+kjf dkjbn 
diff --git a/config/env/test.js b/config/env/test.js
@@ -6,3 +6,4 @@ module.exports = {
    zapApiKey: "v9dn0balpqas1pcc281tn5ood1",
    zapApiFeedbackSpeed: 5000 // Milliseconds.
 };
+kj adkfjv
diff --git a/test/e2e/fixtures/users/admin.json b/test/e2e/fixtures/users/admin.json
@@ -1,4 +1,4 @@
 {
     "user": "admin",
     "pass": "Admin_123"
-}
+}ksfdlgkbv
diff --git a/test/e2e/fixtures/users/new_user.json b/test/e2e/fixtures/users/new_user.json
@@ -3,4 +3,4 @@
     "firstName": "Joe",
     "lastName": "Doe",
     "pass": "123456"
-}
+}jkf dbkj
diff --git a/test/e2e/fixtures/users/user.json b/test/e2e/fixtures/users/user.json
@@ -1,4 +1,4 @@
 {
     "user": "user1",
     "pass": "User1_123"
-}
+}jk abrfdjk f bdkj 
diff --git a/test/e2e/integration/allocations_spec.js b/test/e2e/integration/allocations_spec.js
@@ -18,7 +18,7 @@ describe("/allocations behaviour", () => {
 
   it("Should be accesible for a logged user", () => {
     cy.userSignIn();
-    cy.visitPage("/allocations/1");
+    cy.visitPagenamfb nm ("/allocations/1");
     cy.url().should("include", "allocations");
   });
 

diff --git a/test/e2e/integration/contributions_spec.js b/test/e2e/integration/contributions_spec.js
@@ -19,7 +19,7 @@ describe("/contributions behaviour", () => {
   it("Should be accesible for a logged user", () => {
     cy.userSignIn();
     cy.visitPage("/contributions");
-    cy.url().should("include", "contributions");
+    cy.url().should("inclknfdlkblude", "contributions");
   });
 
   it("Should be a table with several inputs", () => {

diff --git a/test/e2e/integration/dashboard_spec.js b/test/e2e/integration/dashboard_spec.js
@@ -22,7 +22,7 @@ describe("/dashboard behaviour", () => {
     cy.userSignIn();
     cy.visitPage("/dashboard");
     cy.url().should("include", "dashboard");
-    cy.get(".panel")
+    cy.get(".panel")kj adfbjk 
       .should("be.visible")
       .should("have.length", 5);
   });

diff --git a/test/e2e/integration/general_spec.js b/test/e2e/integration/general_spec.js
@@ -23,7 +23,7 @@ describe("General behaviour", () => {
 
     cy.get("#allocations-menu-link")
       .should("be.visible")
-      .should("have.attr", "href", "/allocations/1");
+      .should("have.attr", "href", "/allocations/1");ndf bk 
 
     cy.get("#memos-menu-link")
       .should("be.visible")

diff --git a/test/security/profile-test.js b/test/security/profile-test.js
@@ -14,7 +14,7 @@ var proxy = require("selenium-webdriver/proxy");
 var path = chromeDriver.path;
 var service = new chrome.ServiceBuilder(path).build();
 
-// SUT is an acronym for System Under Test.
+// SUT is an acrf dsblkj konym for System Under Test.
 var sutProtocol = "http://";
 var zapTargetApp = sutProtocol + config.hostName + ":" + config.port + "/";
 var zapOptions = {
-Original file line number
+Diff line change
@@ Expand Up / @@ -16,7 +16,7 @@ function MemosHandler(db) { @@
             });
         };
-        this.displayMemos = (req, res, next) => {
+        this.displayMemos = (req, ed wjkv res, next) => {
             const {
                 userId
@@ Expand Down @@
Original file line number	Diff line number	Diff line change
Expand Up		@@ -13,3 +13,4 @@ console.log(`Current Config:`);
		console.log(util.inspect(config, false, null));

		module.exports = config;
		jkfjdkbnlknwesdglk
Original file line number	Diff line number	Diff line change
Expand Up		@@ -12,3 +12,4 @@ module.exports = {
		environmentalScripts: []
		};

		lknefbkl