purivirakarin / pe

0 stars 0 forks source link

Delete Policy: Error Message for Invalid Policy ID #5

Open purivirakarin opened 4 months ago

purivirakarin commented 4 months ago

How to reproduce

Type a negative integer as a policy ID e.g. deletepolicy 1 i/-1

Actual Policy ID should only contain numbers, and it should be at least 1 digit long

Expected If the application does not allow negative number, then it should show Policy ID should only contain non-negative integer ... or Policy ID should only contain positive integer ...

Screenshot 2567-04-19 at 16.49.09.png

soc-pe-bot commented 4 months ago

Team's Response

In real world context, there are no policy IDs with negative numbers. The likelihood of users inputting a negative policy ID is also very very small, and thus has low severity. As the error message could be more specific, it is a feature flaw.

Items for the Tester to Verify

:question: Issue severity

Team chose [severity.Low] Originally [severity.Medium]

[ ] I disagree

Reason for disagreement: [replace this with your explanation]