Skip to content

Bug Fix Request: logic error issue for code review #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Bug Fix Request: logic error issue for code review #1

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .prettierrc.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@ module.exports = {
*/
singleQuote: true,

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Authentication Bypass Due to Incorrect Comparison Operator

The password checking function contains a critical logic error where the assignment operator (=) is used instead of the equality comparison operator (==) in the if statement condition. This means that instead of comparing the input password with the actual password, the function is assigning the value of actual_password to input_password and then evaluating the truthiness of that value. Since any non-empty string in Python evaluates to True, this will always grant access as long as the actual_password is not empty, regardless of what the user inputs.

pythondef check_password(input_password, actual_password):    if input_password == actual_password:         return 'Access granted'    else:        return 'Access denied'

References

Standard: CWE-697: Incorrect Comparison
Standard: OWASP Top 10 2021: A07 - Identification and Authentication Failures

// TODO: Review this implementation
pythondef check_password(input_password, actual_password): if input_password = actual_password: return 'Access granted' else: return 'Access denied'
Comment on lines 36 to +38
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Formatting Issues in Python Function

The Python function has significant formatting issues that reduce readability and maintainability. The code lacks proper indentation, spacing between function definition and parameters, and consistent spacing throughout the function body. Additionally, Python code is embedded within what appears to be a JavaScript configuration file (.prettierrc.js), which is an inappropriate location for Python code and creates confusion about the code's purpose and execution context.

// TODO: Python implementation should be moved to a separate .py file
// Properly formatted Python code would be:
// def check_password(input_password, actual_password):
//     if input_password == actual_password:
//         return 'Access granted'
//     else:
//         return 'Access denied'

References

Standard: PEP 8 - Style Guide for Python Code, Clean Code Principles - Code Organization and File Structure


/**
* https://prettier.io/docs/en/options.html#quote-props
*/
Expand Down
Loading