🐃 No code to check that review.rating is actually between 1-5 #535

DanielVF · 2018-09-24T13:49:12Z

We currently don't check that a review rating coming from IPFS is between 1-5. This would allow an evil reviewer to mess up any future aggregated review rating score for someone by submitting an out of range review.

franckc · 2018-09-24T17:51:11Z

Good catch. Seems we should add some checks to cap rating between 1-5 in origin-js when writing and reading review data from IPFS.

BTW, what are we deciding on rating value. Is it an integer, one of [1,2,3,4,5] or is it a float between 1.0 and 5.0 ? I'd favor using integer for now to keep things simple. Any objections ?

DanielVF · 2018-09-24T18:02:02Z

I'm good with changing it to an integer.

DanielVF added bug Something isn't working as intended origin.js security labels Sep 24, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🐃 No code to check that review.rating is actually between 1-5 #535

🐃 No code to check that review.rating is actually between 1-5 #535

DanielVF commented Sep 24, 2018

franckc commented Sep 24, 2018

DanielVF commented Sep 24, 2018

🐃 No code to check that review.rating is actually between 1-5 #535

🐃 No code to check that review.rating is actually between 1-5 #535

Comments

DanielVF commented Sep 24, 2018

franckc commented Sep 24, 2018

DanielVF commented Sep 24, 2018