Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exposed Information in GET /years Endpoint for Unreleased Tasks #225

Open
Olda-Hal opened this issue Nov 18, 2024 · 0 comments
Open

Exposed Information in GET /years Endpoint for Unreleased Tasks #225

Olda-Hal opened this issue Nov 18, 2024 · 0 comments

Comments

@Olda-Hal
Copy link
Contributor

The GET /years endpoint (https://rest.ksi.fi.muni.cz/years) currently exposes the following properties:

  • sum_points: Includes points for tasks that have not yet been released.
  • tasks_cnt: Includes a count of tasks that have not yet been released.

This behavior allows anyone to deduce how many tasks are unreleased and the potential points they might earn from these tasks.

Steps to Reproduce

  1. Access the endpoint https://rest.ksi.fi.muni.cz/years without any specific restrictions or permissions.
  2. Observe that the response includes the properties sum_points and tasks_cnt with values reflecting both released and unreleased tasks (e.g., there is a greater number of tasks than the user can see).

Expected Behavior

  • The properties sum_points and tasks_cnt should only account for tasks that are already released.
  • Unreleased tasks should not influence the response data in any way.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Olda-Hal