search

Jonoans / pe

0 stars 0 forks source link

Hitting CTRL-D on Welcome Screen Logs User In #2

Open Jonoans opened 11 months ago

Jonoans commented 11 months ago

image.png

When prompted with the initial prompt to login or register on MacOS, if the user hits CTRL-D, he will be immediately logged in without the need to key in any user information.

nus-se-bot commented 10 months ago

Team's Response

No details provided by team.

The 'Original' Bug

[The team marked this bug as a duplicate of the following bug]

CTRL-D When Program Expects Command Crashes Program

Hitting CTRL-D on Mac when program expects a command crashes the program

image.png

[original: nus-cs2113-AY2324S1/pe-interim#427] [original labels: type.FunctionalityBug severity.High]

Their Response to the 'Original' Bug

[This is the team's response to the above 'original' bug]

Assuming this is equivalent to cntrl c on windows ,force quitting the programme is not a potential bug, has cleared this with prof before, attached below is a screenshot for reference

image.png

image.png

Items for the Tester to Verify

:question: Issue duplicate status

Team chose to mark this issue as a duplicate of another issue (as explained in the Team's response above)

Reason for disagreement: This is a different issue from the CTRL+D which causes the program to crash.

This allows us to bypass the authentication functionality of the program.

While the steps to exploit the bug are the same, the outcomes are different.

It is also evident that the bug exists in two separate components of the program since the outcomes are different despite the steps being the same.

The other bug, when exploited crashes the program. This means the exception that arose was for the other bug was unhandled.

Whereas, in this bug, there was likely also an exception raised but it was handled, evident from the lack of a crash. But, the handling of the exception was improper as it broke the authentication flow.

## :question: Issue response Team chose [`response.NotInScope`] - [x] I disagree **Reason for disagreement:** As before, I would think that CTRL+C is not the same as CTRL+D. CTRL+C sends interrupt signal to Java VM, causing the VM to terminate. Whereas, CTRL+D sends EOF to standard input. In this case, it allows us to bypass the user authentication feature.
## :question: Issue severity Team chose [`severity.High`] Originally [`severity.Low`] - [ ] I disagree **Reason for disagreement:** [replace this with your explanation]