Challenge Overview
Challenge Objectives
-
Fix Checkmarx issues reported by our scanner
Project Background
-
In this project, our client is attempting to create a ChatBot to answer any questions that the user may have.
-
The ChatBot also determines the eligibility or readiness of the end user in using our client’s services by asking a set of questions to the user
Technology Stack
-
Reactjs
-
Expressjs
Code access
This project has two source codes. One for the backend and one for the front end. Only the front end is in scope for this contest. We will share the code base in the contest forum.
Individual requirements
Fix Checkmarx issues reported by our scanner
-
Our checkmarx scanner has reported 4 issues with our code base. We will share the report in the contest forum
-
Three issues deal with headers and we did fix them using helmetjs but yet, we continue to get them as issues in the scanner
-
Fourth issue related to XSRF token is NOT in scope for this contest.
-
You need to fix the other three issues (missing HSTS header, client insufficient clickjacking protection and missing CSP header) only in this contest.
Deployment guide and validation document
We don’t expect any updates to the deployment guide
Important Notes
-
You don’t have to test if the bot works. You only need to resolve the 3 issues reported by checkmarx. This is because we have stopped the backend instances and you will not be able to test the bot iself.
-
To verify that your solution is not causing any side effects, you can launch the front end and wait for a chat window to display. That should be indicative that your changes are not affecting the loading of the front end.
Final Submission Guidelines
Please submit ONLY the changed files.