Open AjayArvind2207 opened 2 months ago
This output message does not show much about the inner implementation and structure of the jar. Furthermore, this information is already what is displayed in the UI as well as the local data file which is in the same json format. Knowing the directories to a certain class will not have a severe impact on the security of the application. We would reclassify this as a Functionality Bug of Very Low severity rather than a feature flaw as this issue is primarily cosmetic and can be improved in a future iteration.
Team chose [type.FunctionalityBug
]
Originally [type.FeatureFlaw
]
Reason for disagreement: [replace this with your explanation]
I ran the following command
editnote 9 1 Test
Instead of getting the normal success message, which I would imagine would look like the following:
Note edited for Startup: D; Industry: A; Funding Stage: S; Phone: 123; Email: c@de; Address: A; Valuation: 1; Notes: Test Hello ; Tags:
I get the following:
Note edited for Startup: seedu.address.model.startup.Startup{name=D, industry=A, funding stage=S, phone=123, email=c@de, address=A, valuation=1, tags=[], persons=[], notes=[Test, Hello]}
While aesthetically this is not a big deal, this is especially dangerous because it reveals the inner implementation and structure of your jar, which could potentially make it vulnerable.