search

V4Vern / pe

0 stars 0 forks source link

New article dates can be bypassed by changing the text file. #6

Open V4Vern opened 4 weeks ago

V4Vern commented 4 weeks ago

Description: There is no storage validation check on "saved_news.txt". There is no validation check on storage to check for the authenticity of the article date or url. I was able to change it to Feb 31, 2024 (non-existent date). Program cannot handle corrupted/modified text file. I can modify the URL or change it to something else but the program does not detects it.

Steps to reproduce:

Edit the text file "saved_news.txt" and change the date of any article to Feb 31 2024

Actual Result: When I list the load command, it shows the changes that I have made, which is shown below

Screenshot:

image.png

image.png

soc-pe-bot commented 3 weeks ago

Team's Response

Ah, I see what's happened here. You edited the saved_news file, which isn't quite what we had in mind. Thanks for bringing it to our attention, though. Perhaps clearer documentation about not tinkering with the file would help prevent this.

However, I feel that the program did handle the corrupted file quite gracefully as it did not exit or crash, and it was still able to reproduce the contents of the file. This is my opinion only so correct me if I'm wrong :')

Items for the Tester to Verify

:question: Issue response

Team chose [response.NotInScope]

Reason for disagreement: The UG doesn't state any potential known issue for storage in the UG. CS2113 Website mentioned that "The user cannot attempt to use the missing feature or when the user does so, the software fails gracefully, possibly with a suitable error message".

However, in this case, there is no suitable error message informing the user that the dates for the article are wrong or any potential URLs or text are invalid. It does not check the authenticity of the loaded file or new articles or even dates which can be quite misleading for the user in the event that the fille somehow got corrupted.

## :question: Issue type Team chose [`type.DocumentationBug`] Originally [`type.FeatureFlaw`] - [x] I disagree **Reason for disagreement:** It should be a feature flaw since storage is not well handled and well tested. ![image.png](https://raw.githubusercontent.com/V4Vern/pe/main/files/f990cc19-27ff-4cd4-8f15-1fdcbfdb31e9.png)
## :question: Issue severity Team chose [`severity.VeryLow`] Originally [`severity.Medium`] - [x] I disagree **Reason for disagreement:** Some users may occasionally experience inconvenience if the saved_news txt file is corrupted due to a system error or malware. For example, they might load the file and see that there is an article in "February 31 204" but when they try to run the daily command, it does show any news. Thus, this may be misleading for the user. It is not a comestic flaw and it does affect usage by giving the user wrong details or information. ![image.png](https://raw.githubusercontent.com/V4Vern/pe/main/files/c21623d5-52f0-4b8f-84b4-6f4d78563265.png) ![image.png](https://raw.githubusercontent.com/V4Vern/pe/main/files/2a4e99fd-0cb7-4394-8387-3b28b48a5c19.png)