Diya 🔥 fix(sonarqube): Fixed Sonarqube Duplication Issues

[DiyaWadhwani]

Description

Fixes SonarQube Quality Gate failures blocking the CI pipeline. This PR addresses code quality and security issues flagged by SonarCloud on the main branch analysis PR #2206

Fixes: SonarQube Quality Gate – Security Rating D → A, and Duplication > 3%

Related PRs (if any):

This PR is related to the PR #2206

Main changes explained:

• src/controllers/lbdashboard/bidsController.js — Replaced ...req.body spread with an explicit field allowlist when constructing newBidsData to prevent mass assignment of user-controlled data into database operations (line 89)
• src/controllers/bmdashboard/bmEquipmentController.js — Removed user-controlled createdBy value from console.error log to prevent logging of user-controlled data (line 301)
• src/controllers/calendarController.js — Replaced parseInt with Number.parseInt on lines 10–11 per SonarQube best practices
• src/helpers/userHelper.js — Refactored assignBlueSquareForTimeNotMet (line 534) to reduce Cognitive Complexity from 90 to within the allowed limit of 15, by extracting the following helper functions:
  • buildHistoryInfringements — formats past infringement HTML
  • checkIsNewUser — determines new user status
  • buildInfringementDescription — builds infringement description strings
  • updateCategoryTangibleHrs — handles category hours DB updates
  • processUserForBlueSquare — handles all per-user processing logic
• src/helpers/userHelper.js — Replaced .filter((assignment) => assignment.assignedTo && assignment.assignedTo.isActive === true) with optional chaining assignment.assignedTo?.isActive === true (line 581)
• src/helpers/userHelper.js — Replaced for loop with for...of loop in emailWeeklySummariesForAllUsers (line 466)
• src/helpers/userHelper.js — Removed commented-out code (lines 2057, 2063, 2074, 2088, 2090, 2109, 2111, 2199, 2315, 2319) to satisfy SonarCloud

Note:

SonarCloud Quality Gate before this PR:

• 5.0% Duplication on New Code (required ≤ 3%) ❌
• D Security Rating on New Code (required ≥ A) ❌
• SonarCloud only analyzes the main branch on the current free plan, so the Quality Gate result will update after this PR is merged into development and then into main.
• The continue statement behavior in the original assignBlueSquareForTimeNotMet category update block has been intentionally changed: cache clearing now runs for all users regardless of whether category data exists, which is the safer behavior. Flag this with the team if the original skip behavior needs to be preserved.