nus-pe-script
commented
6 months ago Team's Response
Clear attempt of program sabotage as tester added members named Members: and Expenses:. Rejected due with the same reason as issue #1050
The 'Original' Bug
[The team marked this bug as a duplicate of the following bug]
Failed to load group from a file
The program allowed me to add member named
Expenses:into groupabc(which I created earlier.
After adding member
Expenses, I exited the program and run the jar file again. However, I cannot enter groupabcagain.
[original: nus-cs2113-AY2324S2/pe-interim#950] [original labels: type.FunctionalityBug severity.High]
Their Response to the 'Original' Bug
[This is the team's response to the above 'original' bug]
Clear attempt of program sabotage as tester added a member named
Expenses:when it is very highly unlikely that user would have that name. It is also the delimiter used in our storage as the tester would probably have figured.
Items for the Tester to Verify
:question: Issue duplicate status
Team chose to mark this issue as a duplicate of another issue (as explained in the Team's response above)
- [ ] I disagree
Reason for disagreement: [replace this with your explanation]
## :question: Issue response Team chose [`response.Rejected`] - [x] I disagree **Reason for disagreement:** As it can still be a valid user input, I believe it should be filtered out as malicious users may use it to corrupt the data for other users. I do however think that this is such an edge case that a low severity is warranted.
## :question: Issue severity Team chose [`severity.High`] Originally [`severity.Low`] - [ ] I disagree **Reason for disagreement:** [replace this with your explanation]
As a test, I added the following people (Expenses: , Members: , aaaa, bbbb) as shown in the first screenshot. After exiting and re-entering the group, all the members have disappeared. It is however pretty unlikely for someone to have the exact strings to break the save files as their name.