https://blog.abhipraya.dev/tags/coverage/Recent content in Coverage on Daffa AbhiprayaHugoen-us© Daffa AbhiprayaMon, 23 Mar 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-b/s2w1-code-quality/Mon, 23 Mar 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-b/s2w1-code-quality/<h2 id="what-i-worked-on"> <a class="anchor" href="#what-i-worked-on" data-anchor="what-i-worked-on" aria-hidden="true">#</a> What I Worked On </h2> <p>This week I enforced strict quality gates across the entire CI pipeline. The project previously had <code>allow_failure: true</code> on SonarQube and security scans, meaning violations were reported but never blocked merges. I changed that.</p> <h2 id="sonarqube-31-violations--0"> <a class="anchor" href="#sonarqube-31-violations--0" data-anchor="sonarqube-31-violations--0" aria-hidden="true">#</a> SonarQube: 31 Violations → 0 </h2> <h3 id="the-violations"> <a class="anchor" href="#the-violations" data-anchor="the-violations" aria-hidden="true">#</a> The Violations </h3> <p>SonarQube flagged 31 issues across the codebase:</p> <ul> <li><strong>1 CRITICAL vulnerability</strong>: <code>jwt.get_unverified_header()</code> reading JWT headers without signature verification</li> <li><strong>3 CRITICAL code smells</strong>: duplicated string literals, nested component definitions</li> <li><strong>27 other issues</strong>: unused variables, missing <code>Readonly&lt;&gt;</code> on props, duplicate CSS blocks, array index keys</li> </ul> <h3 id="the-fixes"> <a class="anchor" href="#the-fixes" data-anchor="the-fixes" aria-hidden="true">#</a> The Fixes </h3> <p><strong>Backend</strong> (3 files): Refactored JWT decode to try HS256 first and fall back to asymmetric on <code>DecodeError</code>, eliminating the unverified header call entirely. Extracted duplicated literals to constants.</p>