Modify the codebase

dakshina99 · dakshina99 · commit 6a68ccca0b19 · 2025-03-27T15:20:49.000+05:30
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -3,7 +3,7 @@ name: Run Tests
 on:
   pull_request:  # Runs on pull requests
     branches:
-      - dev
+      - main
 
 jobs:
   test:
@@ -26,4 +26,4 @@ jobs:
         run: |
           python -m unittest discover -s tests -p "test_*.py" -v
         env:
-          PYTHONPATH: src  # Adds src/ to the module search path
+          PYTHONPATH: src  # Adds src/ to the module search path
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+.idea
+*.DS_Store
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file.
 ## [Unreleased]
 - Upcoming features and bug fixes.
 
-## [1.0.0] - YYYY-MM-DD
+## [1.0.0] - 2025-03-19
 ### Added
 - Initial project structure with source code.
 - Basic functionality in `main.py`.
@@ -16,6 +16,6 @@ All notable changes to this project will be documented in this file.
 - Issue and Pull Request templates.
 - Open-source license (`LICENSE`).
 
-## [0.1.0] - YYYY-MM-DD
+## [1.0.1] - 2025-03-20
 ### Added
 - Project initialization with Git and GitHub setup.
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,18 @@
+# Use official Python image
+FROM python:3.11
+
+# Set the working directory inside the container
+WORKDIR /app
+
+# Copy dependencies file and install dependencies
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy the rest of the application files
+COPY . .
+
+# Run tests before starting the application
+RUN pytest tests/
+
+# Command to run the main application after successful tests
+CMD ["python", "src/main.py"]
diff --git a/LICENSE.md b/LICENSE.md
@@ -0,0 +1,22 @@
+# MIT License
+
+Copyright (c) 2025 CodeX
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
diff --git a/README.md b/README.md
@@ -1 +1,50 @@
-"# secure-code-game" 
+# Secure Code Game
+## Welcome to Secure Code Game - CodeX! 👋
+To get started, please follow the 🛠️ [set up guide](#setup-guide) (if you haven't already).
+Refer to the [Hints](#hints) for helpful information and [Tasks](#time-to-start) to head to the challenge directly.
+
+## Overview
+This program validates transactions in systems where orders consist of multiple items and payments. It ensures that the financial records are consistent and highlights any discrepancies.
+
+## 📝 Storyline
+In another part of the world, a quaint local bookstore was buzzing with excitement as the annual Book Fair approached. Eager to expand their reach, they hastily launched an online platform, hoping to attract book lovers far and wide. However, in their rush, they overlooked critical security measures, leaving their website vulnerable. Now, with hackers lurking in the shadows, the fate of their online store hangs in the balance. Can you uncover and fix the vulnerabilities before it's too late?
+
+## ⌨️ What's in the repo?
+For each level, you will find the same file structure:
+- `src/` includes the vulnerable code to be reviewed.
+- `tests/` contains the unit tests that should still pass after you have implemented your fix.
+
+## 🚦 Time to start!
+- [ ] Observe the **Github Workflow** logs, and identify the failing test cases.
+- [ ] Open a new **Github Issue** to address the problem and your observations.
+- [ ] Create a new **Git Branch** and work on the fix.
+    1. Review the code in `src/main.py`. Can you spot the bug(s)?
+    2. Try to fix the bug(s). Ensure that unit tests are still passing 🟢.
+- [ ] Make a new **Pull Request** with a description of what you fixed.
+- [ ] Observe the GitHub Workflow logs, and ensure that the code is error free.
+- [ ] Once all workflows pass, **merge** the pull request.
+
+> [!NOTE]
+> You successfully completed the level when the Github Workflow passes 🟢.
+
+## 💡 Hints
+The program currently has vulnerabilities related to floating-point arithmetic. Pay close attention to how decimal values are handled during transaction validation.
+
+<!-- Additional hints will be provided if needed -->
+
+# Setup Guide
+## Local Installation
+```bash
+git clone https://github.com/kgchinthana/secure-code-game.git
+cd secure-code-game
+```
+
+## Usage
+```bash
+python src/main.py [arguments]
+```
+
+## Running Tests
+```bash
+python -m pytest
+```
diff --git a/src/main.py b/src/main.py
@@ -1,37 +1,21 @@
 from collections import namedtuple
-from decimal import Decimal
 
+Order = namedtuple("Order", "id, items")
+Item = namedtuple("Item", "type, description, amount, quantity")
 
-Order = namedtuple('Order', 'id, items')
-Item = namedtuple('Item', 'type, description, amount, quantity')
-
-
-MAX_ITEM_AMOUNT = 100000 # maximum price of item in the shop
-MAX_QUANTITY = 100 # maximum quantity of an item in the shop
-MIN_QUANTITY = 0 # minimum quantity of an item in the shop
-MAX_TOTAL = 1e6 # maximum total amount accepted for an order
-
-
-def validorder(order):
-    payments = Decimal('0')
-    expenses = Decimal('0')
 
+def validorder(order: Order):
+    net = 0
 
     for item in order.items:
-        if item.type == 'payment':
-            # Sets a reasonable min & max value for the invoice amounts
-            if -MAX_ITEM_AMOUNT <= item.amount <= MAX_ITEM_AMOUNT:
-                payments += Decimal(str(item.amount))
-        elif item.type == 'product':
-            if type(item.quantity) is int and MIN_QUANTITY < item.quantity <= MAX_QUANTITY and MIN_QUANTITY < item.amount <= MAX_ITEM_AMOUNT:
-                expenses += Decimal(str(item.amount)) * item.quantity
+        if item.type == "payment":
+            net += item.amount
+        elif item.type == "product":
+            net -= item.amount * item.quantity
         else:
             return "Invalid item type: %s" % item.type
-    
-    if abs(payments) > MAX_TOTAL or expenses > MAX_TOTAL:
-        return "Total amount payable for an order exceeded"
 
-    if payments != expenses:
-        return "Order ID: %s - Payment imbalance: $%0.2f" % (order.id, payments - expenses)
+    if net != 0:
+        return "Order ID: %s - Payment imbalance: $%0.2f" % (order.id, net)
     else:
-        return "Order ID: %s - Full payment received!" % order.id
+        return "Order ID: %s - Full payment received!" % order.id
diff --git a/tests/test_main.py b/tests/test_main.py
@@ -51,6 +51,5 @@ def test_5(self):
         order_1 = c.Order(id="1", items=[service])
         self.assertEqual(c.validorder(order_1), "Invalid item type: service")
 
-
 if __name__ == "__main__":
     unittest.main()
