search

pipipipi2002 / pe

0 stars 0 forks source link

program crash, when data in [buildname].txt is deleted #2

Open pipipipi2002 opened 1 year ago

pipipipi2002 commented 1 year ago

I tried to tamper the newpc.txt by removing a data point and it failed to run the program afterwards

Screen Shot 2022-11-11 at 19.39.44.png

Screen Shot 2022-11-11 at 19.44.55.png

soc-se-bot commented 1 year ago

Team's Response

We do not believe the severity should high as in the first place a user should not be tampering with the save file of the program. Analogously it would be like a user tampering with the source files of the program and expecting it to still work the same. In this case it is highly unlikely that a normal and non malicious user would tamper with the save files.

Items for the Tester to Verify

:question: Issue response

Team chose [response.Rejected]

Reason for disagreement: CS2113 requires any database to be user editable, and the txt file is a user editable file. Screen Shot 2022-11-16 at 00.29.38.png

Thus, it is expected that users can edit the data and potentially cause an invalid format in the file itself. Thus, regardless of the probability that a normal user would tamper the file, a good software practices is always to check for valid file, so as to prevent any malicious intent or security threats. It is not enough to assume user would do what they normally do.

Thus I diagree with the team response.

:question: Issue severity

Team chose [severity.Low] Originally [severity.High]

Reason for disagreement: As this is violating the CS2113 TP constraint, Screen Shot 2022-11-16 at 00.29.38.png

I maintain my severity level at High.