search

jimseah-0116 / pe

0 stars 0 forks source link

Able to manually edit save file to add invalid exam score #8

Open jimseah-0116 opened 5 months ago

jimseah-0116 commented 5 months ago

I manually edited the save file and managed to add an invalid exam score of 21 (more than the maximum of 20), as seen in this screenshot:

image.png

More advanced users might use this method to add or edit data, however the lack of checking on the exam score field may cause invalid data to be added to the app.

nus-pe-script commented 5 months ago

Team's Response

Thank you for identifying this. It is indeed true that advanced users might try to edit the JSON file directly to add or edit data. However, our UG has already given a strict warning that the app might misbehave if the JSON file is directly edited. A screenshot has been attached below with the section highlighted.

image.png

The specific scenario that you have brought up (exam score being greater than the max score) falls under the "value being out of acceptable range" warning that we have given. Should the user wish to not heed our warnings and edit the JSON file directly, we assume that the User is sure that he would not key in invalid values.

Furthermore, as you have identified, this is a niche use case that only advanced users would attempt to use. Considering that we have import functions for both persons and exam scores that can import large datasets at once, it is unlikely that even advanced users would edit data using the JSON file. Hence, it is unlikely that this issue would even cause any inconvenience for many users. We propose that the severity of this issue is lowered to severity.Low

Also, while this is indeed a potential bug, we are rejecting this issue as it has been clearly stated that under course notes that the requirement for our application is to only support edits of the JSON file without guarantee that the application would function properly. We have fulfilled this requirement as our app can still run commands fine and does not crash on modification of the file.

More information on this requirement can be found under "Guidelines for bug triaging" at this link

Items for the Tester to Verify

:question: Issue response

Team chose [response.Rejected]

Reason for disagreement: [replace this with your explanation]

## :question: Issue severity Team chose [`severity.Low`] Originally [`severity.Medium`] - [x] I disagree **Reason for disagreement:** I agree that the issue should be rejected according to the "Handling manual edits to the data file" screenshot provided. However, if the issue _were_ to be accepted, it would definitely be at least a Medium level severity as allowing invalid data could potentially be more than just a "minor inconvenience", e.g. user manually edits the save file to contain invalid scores for an exam, and the recorded scores are used for bell-curving or grading purposes.