search

jiachen247 / pe

0 stars 0 forks source link

Regex exp used for phone numbers is too permissive #6

Open jiachen247 opened 4 years ago

jiachen247 commented 4 years ago

Currenty the constriants for phone numbers is at least 3 characters which allows things lik '000'.

Screenshot 2020-04-17 at 2.48.09 PM.png

nus-pe-bot commented 4 years ago

Team's Response

We agree that the default data being '000' could be misleading. However, we think that it would instead be too restrictive if we had imposed a fixed phone number length, since different users might have numbers in different lengths. Instead, we decided to set the minimum length to that of a valid phone number (in this case it's 3, like 911). This phone number length is also consistent with the length in AB3.

We do not think that being too permissive in this case would impede the users from making good use of the application. Hence, we will reject this report and change the severity to VeryLow as it does not affect usage.

Items for the Tester to Verify

:question: Issue response

Team chose [response.Rejected]

Reason for disagreement: [replace this with your explanation]

:question: Issue severity

Team chose [severity.VeryLow] Originally [severity.Medium]

Reason for disagreement: [replace this with your explanation]