search

DanElbert / vt-middleware

Automatically exported from code.google.com/p/vt-middleware
0 stars 0 forks source link

vt-password NumericalSequenceRule includes violations twice #135

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Create a PasswordValidator that includes the NumericalSequenceRule.
2. Invoke the PasswordValidator.validate method with a password that meets all 
rules except the NumericalSequenceRule by including '1234567' in the password 
data.'
3. Display the failure messages by iterating over PasswordValidator.getMessages.

What is the expected output? What do you see instead?
Expected:
  Password contains the illegal sequence '12345'.
  Password contains the illegal sequence '23456'.
  Password contains the illegal sequence '34567'.
But instead had:
  Password contains the illegal sequence '12345'.
  Password contains the illegal sequence '23456'.
  Password contains the illegal sequence '34567'.
  Password contains the illegal sequence '12345'.
  Password contains the illegal sequence '23456'.
  Password contains the illegal sequence '34567'.
in that the results were found and reported TWICE.

Note that this does not happen for the AlphabeticalSequenceRule - this rule 
reports illegal sequences just once.  One difference in the two rules is that 
the AlphabeticalSequenceRule has an underlying ALL_CHARS array that contains 
the LETTERS array with each entry being the uppercase and lowercase values for 
a letter of the alphabet. The NumericalSequenceRule lowest level DIGITS array 
contains the same digit twice, since there are no lowercase and uppoercase 
variations for digits.

What version of the product are you using? On what operating system?
vt-password 3.1.1 on Linux (Fedora 16).

Please provide any additional information below.

Original issue reported on code.google.com by cwinf...@vt.edu on 9 Jul 2012 at 7:50

GoogleCodeExporter commented 8 years ago 
I will attempt to verify this issue. Looks like we need some more fine-grained 
test coverage to pinpoint whether the problem is in NumericalSequenceRule or 
PasswordValidator or in their interaction.

Original comment by marvin.addison@gmail.com on 10 Jul 2012 at 7:39

GoogleCodeExporter commented 8 years ago 
I have committed test cases in r2451 that demonstrate proper behavior for 
PasswordValidator for the situation described in the issue description.  I 
believe the test case for PasswordValidator makes it clear what is likely 
happening:

'1234567' is both a numerical sequence and a keyboard sequence, so there are 3 
violations of NumericalSequenceRule and 3 violations of QwertySequenceRule for 
a validator configured with both rules.  They appear to be duplicates due to 
the use of the same message strings for both rules.

Perhaps we should document that QwertySequenceRule and NumericalSequenceRule 
should not be used together; QwertySequenceRule alone is sufficient to prevent 
both numerical and keyboard sequences.

Original comment by marvin.addison@gmail.com on 12 Jul 2012 at 3:47

GoogleCodeExporter commented 8 years ago 
This turned out to be a documentation issue.

Original comment by dfis...@gmail.com on 24 Apr 2013 at 9:08