mirror of
https://github.com/MichMich/MagicMirror.git
synced 2026-05-09 06:08:34 +00:00
9386c44928
**[#24](https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/24) – `js/class.js`** `fnTest` works by serialising a function to a string and checking if `"xyz"` appears in it - the function is never actually called. The bare `xyz;` is never executed, so CodeQL is right to flag it. `return xyz;` makes the intent clear. So this is purely a cosmetic change. **[#26](https://github.com/MagicMirrorOrg/MagicMirror/security/code-scanning/26) – `tests/e2e/helpers/global-setup.js`** CodeQL flagged `if (exec) exec;` as a useless expression - and it was right. But the real find was one level deeper. `startApplication` hardcoded `const port = 8080`, so `MM_PORT` was always overwritten before the app started. The test named "Set port 8100 on environment variable MM_PORT" was actually testing port 8080 the whole time - it just happened to pass anyway. Removed the dead `exec` parameter, made `startApplication` read `MM_PORT` from the environment, and fixed the test so it actually checks what it says it checks.