[PE-D][Tester C] Apply Command inadvertently shows internal implementation details #122
Labels
severity.Low
A flaw that is unlikely to impact the app usage and/or only rarely occurs (CS2103T label)
type.FeatureFlaw
A flaw with functionality (CS2103T label)
Comments
wxwern
added
severity.Medium
|
Remarks: Added to DG under planned enhancements |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Title: High Severity Bug: Apply Command Reveals Internal Implementation Details
Details:
The "apply 4 --title SWE" command triggers an issue where the system displays an error message containing internal implementation details. While the intended behavior is to notify the user that "SWE" is not a valid command, the error message exposes internal class attributes and data, as shown below:
Attempted to apply to a non-organization: seedu.address.model.contact.Recruiter{name=Roy Balakrishnan, type=recruiter, id=roy_balakrishnan, phone=Optional[92624417], email=Optional[[email protected]], url=Optional[www.nus.edu.sg], address=Optional.empty, tags=[[friendly]], organization=Optional.empty
Severity/Type Labels:
The bug is of high severity due to the inadvertent disclosure of sensitive internal implementation details, which may pose security and privacy risks.
Improvement Suggestion:
To address this issue, I recommend modifying the error message so that it only provides essential information, such as a generic error message indicating the command is invalid. This will help protect internal implementation details and improve the overall security and user experience of the application.
Thank you for your attention to this matter.
Labels:
severity.Hightype.FunctionalityBugoriginal: eyelessrhyme7/ped#3
The text was updated successfully, but these errors were encountered: