Skip Menu |

This queue is for tickets about the Data-Password-Filter CPAN distribution.

Report information
The Basics
Id: 106940
Status: resolved
Priority: 0/
Queue: Data-Password-Filter
People
Owner: MANWAR [...] cpan.org
Requestors: HKCLARK [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 0.12
Fixed in: 0.13

History Show all quoted text
  Mon Sep 07 15:51:08 2015 HKCLARK [...] cpan.org - Ticket created
Subject: Logic error in _checkVariation()
Thanks for the helpful module. Unless I'm looking at how the variation check should work, I believe there is a logic error here in "sub _checkVariation()": foreach (@{$self->{'word_list'}}) { ($self->{result}->{'check_variation'} = 0 && return) if /$regexp/i; } I think it should be: foreach (@{$self->{'word_list'}}) { ($self->{result}->{'check_variation'} = 0 || return) if /$regexp/i; } Because "$self->{result}->{'check_variation'} = 0" always returns "false", the return never executes if they are connected via a "&&", so the loop always falls through to the "$self->{result}->{'check_variation'}" shown below the loop. Or use: foreach (@{$self->{'word_list'}}) { if (/$regexp/i) { $self->{result}->{'check_variation'} = 0; return); } } Here is a test that demonstrates it: #!/usr/bin/env perl use strict; use warnings; use Data::Password::Filter; use Test::More; my $password = Data::Password::Filter->new(); # Need at least one passing call _checkDictionary() first or _checkVariation() # skips its checking ok(!$password->_checkDictionary('appliance'), "'Fail: seed _checkDictionary()"); ok( $password->_checkDictionary('aB4Ds4Xfj'), "'Pass: seed _checkDictionary()"); ok(!$password->_checkVariation('appliance'), "Fail: Straight dictionary word"); ok(!$password->_checkVariation('Xppliance'), "Fail: Change one char (first)"); ok(!$password->_checkVariation('applXance'), "Fail: Change one char (mid)"); ok(!$password->_checkVariation('appliancX'), "Fail: Change one char (final)"); ok( $password->_checkVariation('applXXnce'), "Pass: Change two chars (mid)"); ok( $password->_checkVariation('XppliancX'), "Pass: Change two chars (first & final)"); ok( $password->_checkVariation('applXancX'), "Pass: Change two chars (mid & final)"); done_testing(); Also, a few other comments that might help others get up to speed in it's use: 1) Would help to document that the dictionary test is not case sensitive (it's good you made it that way, but might help others know you covered that case) 2) Would be good to explain what the "variation" check is doing (looking for passwords that only vary by one character from a dictionary word) 3) I found it helpful to call the various methods like _checkDictionary(), _checkVariation(), _checkLength(), _checkUppercaseLetter(), etc. directory to have more granular feedback on where the failure occurred. It might be helpful to make these "non private" and document there use in the POD for others. Thanks again
  Tue Sep 08 06:29:39 2015 MANWAR [...] cpan.org - Taken
  Tue Sep 08 06:30:18 2015 MANWAR [...] cpan.org - Severity Important added
  Tue Sep 08 09:41:47 2015 MANWAR [...] cpan.org - Correspondence added
Hi, Thanks for reporting the issue. I picked the alternate solution you provided. (there was a typo in it though) ;-) Thanks for submitting the unit test as well, much appreciated. I have patched the package in v0.13. I have also updated the document with regard to your suggestions except making methods "public". I need to think about a better way of doing it. Best Regards, Mohammad S Anwar
  Tue Sep 08 09:41:47 2015 The RT System itself - Status changed from 'new' to 'open'
  Tue Sep 08 09:41:50 2015 MANWAR [...] cpan.org - Status changed from 'open' to 'resolved'
  Tue Sep 08 09:41:50 2015 MANWAR [...] cpan.org - Fixed in 0.13 added
  Tue Sep 08 09:46:42 2015 HKCLARK [...] cpan.org - Correspondence added
Sounds good. Thanks. Oh yeah... so much for "editing on the fly"... I didn't notice the extra ")". Thanks again, KC On Tue Sep 08 09:41:47 2015, MANWAR wrote: Show quoted text
> Hi, > > Thanks for reporting the issue. > > I picked the alternate solution you provided. (there was a typo in it > though) ;-) > Thanks for submitting the unit test as well, much appreciated. > > I have patched the package in v0.13. > > I have also updated the document with regard to your suggestions > except making methods "public". I need to think about a better way of > doing it. > > Best Regards, > Mohammad S Anwar