Skip Menu |

This queue is for tickets about the SSN-Validate CPAN distribution.

Report information
The Basics
Id: 19344
Status: resolved
Priority: 0/
Queue: SSN-Validate
People
Owner: Nobody in particular
Requestors: brian.engel [...] unifund.com
Cc:
AdminCc:
Bug Information
Severity: Critical
Broken in:
  • 0.12
  • 0.13
  • 0.14
Fixed in: (no value)

History Show all quoted text
  Thu May 18 08:33:58 2006 Guest - Ticket created
Subject: Group Validation Bug in SSN:Validate Module
There seems to be a serious bug with social security numbers that "wrap over" the high value group number. That is, here is how it is described in the comments in the code... # "Within each area, the group number (middle two (2) digits) ## range from 01 to 99 but are not assigned in consecutive ## order. For administrative reasons, group numbers issued ## first consist of the ODD numbers from 01 through 09 and ## then EVEN numbers from 10 through 98, within each area ## number allocated to a State. After all numbers in group 98 ## of a particular area have been issued, the EVEN Groups 02 ## through 08 are used, followed by ODD Groups 11 through 99." Based upon this reasoning the group numbers in the GROUP_ORDER array are listed in this order. i.e. here is the code snippet.... my $GROUP_ORDER = [ '01', '03', '05', '07', '09', 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, '02', '04', '06', '08', 11, 13, 15, 17, 19, 21, 23, 25, 27, 29, 31, 33, 35, 37, 39, 41, 43, 45, 47, 49, 51, 53, 55, 57, 59, 61, 63, 65, 67, 69, 71, 73, 75, 77, 79, 81, 83, 85, 87, 89, 91, 93, 95, 97, 99 ] As you can see, per the SSA "algorithm" the numbers start going to evens after 98, then to odds etc... (as described in the comment). Here is the problem.... There is a sub in the module called get_group_range. This returns a "sub array" of the values in the GROUP_ORDER array (I presume this is done for speed?). But note that the for loop is limited by 100 ($1<100) and it will return once the current value in the array equals the "high group number". The logic here is that once it hits the high group for a state code then it should exit. But this is the fatal flaw in the program logic. What about the scenario’s when the group numbers "wrap" over? i.e. Take 030-15-XXXX... This is a valid state and group number. Apparently the state of Massachusetts ran out of even group numbers and "wrapped" over per the SSA algorithm (as laid out in the code comments). So now 15 is a valid group number but you can see in the programming logic this sub will say that it is NOT a valid group number. Basically, it will say that any group number that "wraps over" will be INVALID! To put it another way, any groups defined in the GROUP_ORDER array that are in indexes 52 or higher (starting at '02','04' ...) will be INVALID - but this is not the case. So I am not really sure how to fix the group validation bug. The short term solution is to re-order the GROUP_ORDER in numeric order (i.e. '01','02','03') but this will only put every number from 1-100 in the array - which gets you nothing for group validation. The only other way I can see, is if there is a way to determine which states issue the "wrap over" group codes and what is their "high number" wrap over codes. This of course would require some fairly involved re-write of the module. So with the problem this module is not all that useful for validating SSN's. All it can accurately do is check that the group number is not exceeded for a given state code (once the bug is fixed - GROUP_ORDER array re-ordered).
  Thu May 18 09:03:20 2006 Guest - Correspondence added
From: brian.engel [...] unifund.com
I have taken another look at this and I do not think this is a bug. It appears that if a high number did wrap over it would now be listed as even i.e. some have 04 as the high group. This would validate in the current logic to check group numbers. So in the example I gave 030- 15-XXXX is invalid because the high number is 88. On Thu May 18 08:33:58 2006, guest wrote: Show quoted text
> There seems to be a serious bug with social security numbers > that "wrap over" the high value group number. > > That is, here is how it is described in the comments in the code... > > # "Within each area, the group number (middle two (2) digits) > ## range from 01 to 99 but are not assigned in consecutive > ## order. For administrative reasons, group numbers issued > ## first consist of the ODD numbers from 01 through 09 and > ## then EVEN numbers from 10 through 98, within each area > ## number allocated to a State. After all numbers in group 98 > ## of a particular area have been issued, the EVEN Groups 02 > ## through 08 are used, followed by ODD Groups 11 through 99." > > > Based upon this reasoning the group numbers in the GROUP_ORDER array > are listed in this order. i.e. here is the code snippet.... > > my $GROUP_ORDER = [ > '01', '03', '05', '07', '09', 10, 12, 14, 16, 18, 20, 22, > 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, > 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, > 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, > 96, 98, '02', '04', '06', '08', 11, 13, 15, 17, 19, 21, > 23, 25, 27, 29, 31, 33, 35, 37, 39, 41, 43, 45, > 47, 49, 51, 53, 55, 57, 59, 61, 63, 65, 67, 69, > 71, 73, 75, 77, 79, 81, 83, 85, 87, 89, 91, 93, > 95, 97, 99 > ] > > > As you can see, per the SSA "algorithm" the numbers start going to > evens after 98, then to odds etc... (as described in the comment). > > Here is the problem.... > > There is a sub in the module called get_group_range. This returns > a "sub array" of the values in the GROUP_ORDER array (I presume this > is done for speed?). But note that the for loop is limited by 100 > ($1<100) and it will return once the current value in the array
equals Show quoted text
> the "high group number". The logic here is that once it hits the
high Show quoted text
> group for a state code then it should exit. But this is the fatal
flaw Show quoted text
> in the program logic. What about the scenario’s when the group > numbers "wrap" over? > > i.e. Take 030-15-XXXX... This is a valid state and group number. > Apparently the state of Massachusetts ran out of even group numbers > and "wrapped" over per the SSA algorithm (as laid out in the code > comments). So now 15 is a valid group number but you can see in the > programming logic this sub will say that it is NOT a valid group > number. Basically, it will say that any group number that "wraps
over" Show quoted text
> will be INVALID! To put it another way, any groups defined in the > GROUP_ORDER array that are in indexes 52 or higher (starting > at '02','04' ...) will be INVALID - but this is not the case. > > > So I am not really sure how to fix the group validation bug. The
short Show quoted text
> term solution is to re-order the GROUP_ORDER in numeric order > (i.e. '01','02','03') but this will only put every number from 1-100 > in the array - which gets you nothing for group validation. > > The only other way I can see, is if there is a way to determine
which Show quoted text
> states issue the "wrap over" group codes and what is their "high > number" wrap over codes. This of course would require some fairly > involved re-write of the module. > > So with the problem this module is not all that useful for
validating Show quoted text
> SSN's. All it can accurately do is check that the group number is
not Show quoted text
> exceeded for a given state code (once the bug is fixed - GROUP_ORDER > array re-ordered). > > > > > > > > >
  Thu May 18 09:03:21 2006 The RT System itself - Status changed from 'new' to 'open'
  Tue May 23 16:58:29 2006 kmeltz [...] cpan.org - Status changed from 'open' to 'resolved'