Open MonkeScripts opened 5 months ago
From the only screenshot provided, it's shown that your inputs were sanitized and parsed correctly.
Your first two inputs were correctly invalidated as they do not fit our command format.
For your last input: search -q 0.. -e 17-09-2022..23-11-2024 ..23-11-2025
, we see that your input was accepted. Why is this so? Well, this is because search -q 0.. -e 17-09-2022..23-11-2024
is a completely valid command. The only caveat is that you added some extra junk characters to the end of your command (..23-11-2025
).
Ultimately, as you've provided a valid search command, our application is right to accept your input. Now that your command has passed the input validation check, it will be sanitized and parsed accordingly.
Evidently, the last part of your input (..23-11-2025
) was correctly ignored by the application (given the fact that it is junk input and redundant), and the command was only executed on the valid parameters provided. Do note, that as a part of our input sanitization process, we delete unwanted characters from valid inputs, to handle typos from users. In this case, the trailing junk characters which you've included have been deleted and ignored by the application.
Therefore, your input has been validated and sanitized appropriately.
We'll reduce the severity of this bug to Low as this bug evidently has no severe impact on the functionality of the application. The initially assigned High severity is completely unjustified and unwarranted.
Team chose [response.Rejected
]
Reason for disagreement: I feel that the inputs are not sanitiesed properly in the sense that the additional characters at the end of commands are still allowed and the command still runs. This would be a problem when we try to reread the logs and backtrack the search the queries. For the additional characters after the command, they would also be confusing to look at in the log,.The user could have errorneously assumed that he had mistyped the ranges and choose the 'fake range' after the command