nus-pe-bot
commented
1 year ago Team's Response
As stated in the UG, leading and trailing whitespaces of parameters would be trimmed.
As it is not a major issue compared to other more important features such as hashing the password, we will consider it not in scope. The only possibility that you would miss a space is when you know that the parameter would still accept the value without a space or because of a typo. These are highly unlikely.
Items for the Tester to Verify
:question: Issue response
Team chose [response.NotInScope]
- [ ] I disagree
Reason for disagreement: [replace this with your explanation]
## :question: Issue severity Team chose [`severity.Low`] Originally [`severity.Medium`] - [ ] I disagree **Reason for disagreement:** [replace this with your explanation]
For eg. executing the update command with the secretQn and answer as such is successful: update --secretQnlol --answerhuh
but when trying to recover the account, this works: recover account --answer huh --password yourNewPassword --confirmPass yourNewPassword
While this might be alright for parameters for contacts in the app itself, I think checks should be stricter for account and account retrieval details like username, password, and secretAns because most users would expect that these fields require the exact format it was typed in. So this could cause a problem with security.