Detailed information about defect clone:
09-C0.H0.M1.L0_T_S_10.war
Nickname of the defect
false-success-alert
Brief desctiption
When creating a new exam date in New Exam Date with negative number of participants, the exam date is not created, but success allert is displayed. So this non existing exam date is not visible for teacher in My Exam Dates nor for student in Other Exam Dates.
How to activate the defect
-
Click on Login in the header
-
Username
easyrider, password pass, click on Login button
-
Click on New Exam Date
-
Enter
-1 in Max participants
-
Enter valid data in Date and time of examination
-
Click on Save new exam date
-
Click on My Exam dates
-
Click on Logout in the header
-
Username
pink, password pass, click on Login button
-
Click on Other Exam Dates
Visibility of the defect
Parts
| StudentService |
TeacherService |
DateUtility |
GradeDAO |
UserDAO |
|
BaseStudentService
|
E10TeacherService
|
BaseDateUtility
|
GradeTypeDaoCriteria
|
UserDaoCriteria
|
URL to the defect source code
https://gitlab.kiv.zcu.cz/herout/TbUIS-UIS/blob/master/src/main/java/cz/zcu/kiv/matyasj/dp/service/users/error/E10TeacherService.java
Source code with the injected defect
<![CDATA[
/**
* DELIBERATE ERROR
*
* This error method creates new exam date for particular teacher and for subject
* even if maxParticipants is negative. Negative number of maxParticipants is not validated but
* it triggers fail on saving exam term into database.
*
*
* @param teacher Teacher who wants to create a new exam
* @param subjectId New exam date will be created for subject with this database id
* @param dateOfTerm Date of new examination
* @param maxParticipants Maximal number of participants
* @return true if operation will be successfully completed, false otherwise
*/
@Override
@ErrorMethod(errorMessage = "This method causes no verification of negative numbers which leads to at saving examination term into db.")
public boolean createNewExaminationTerm(Teacher teacher, Long subjectId, String dateOfTerm, String maxParticipants) {
if (teacher == null) {
log.error("Creating new examination term failed.");
return false;
}
log.info("Creating new examination term for subject with id " + subjectId + ", teacher with id " + teacher.getId() + ", date " + dateOfTerm + " and maximal number of participants " + maxParticipants + ".");
Date tmpDateOfTerm = dateUtility.stringToDate(dateOfTerm);
// Test if date is null
if (tmpDateOfTerm == null) {
log.warn("Date of new examination term is null! Creation of new examination term is being canceled.");
return false;
}
// Test if date is in future
if (!tmpDateOfTerm.after(new Date())) {
log.warn("Date of new examination term is not in future! Creation of new examination term is being canceled.");
return false;
}
int maxParticipantsInt = 0;
try {
maxParticipantsInt = Integer.parseInt(maxParticipants);
} catch (Exception e) {
log.warn("Maximal number of exam date participants exceeded! Creation of new examination term is being canceled.");
}
// Enabling verification only if max participants number is positive
if (maxParticipantsInt >= 0) {
// Test if maximal number of participants is too low
if (maxParticipantsInt < Integer.parseInt(propertyLoader.getProperty("examTermMinParticipants"))) {
log.warn("Maximal number of exam date participants too low! Creation of new examination term is being canceled.");
return false;
}
// Test if maximal number of participants is not exceeded
if (maxParticipantsInt > Integer.parseInt(propertyLoader.getProperty("examTermMaxParticipants"))) {
log.warn("Maximal number of exam date participants exceeded! Creation of new examination term is being canceled.");
return false;
}
}
Subject subject = subjectDao.findOne(subjectId);
if (subject == null) {
log.error("Creating new examination term failed.");
return false;
}
List<ExaminationDate> examinationDates = getAllExaminationTermsBySubject(subject);
final int millisecondsInMinute = 60000;
final int minutesInDay = 24 * 60;
if (examinationDates.size() != 0) {
ExaminationDate lastExam = null;
int registeredExamsCount = 0;
for (ExaminationDate exam : examinationDates) {
if (exam.getTeacher().getUsername().equals(teacher.getUsername())) {
if (lastExam == null || lastExam.getDateOfTest().before(exam.getDateOfTest())) {
lastExam = exam;
registeredExamsCount++;
}
}
}
if (lastExam != null) { // Teacher has already registered exam
// Calculated time for exam dates comparing
long latestExamTime = lastExam.getDateOfTest().getTime() / millisecondsInMinute;
long newExamTime = tmpDateOfTerm.getTime() / millisecondsInMinute;
// Test if date is same as previous examination date
if (latestExamTime == newExamTime) {
log.warn("Date of new examination term is same as the date of previous term! Creation of new examination term is being canceled.");
return false;
}
// Test if date is at least 24 hours after previous examination date
if ((newExamTime - latestExamTime) < minutesInDay) {
log.warn("Date of new examination term is set sooner than 24 hours after previous exam date! Creation of new examination term is being canceled.");
return false;
}
// Test max exam dates for this subject and teacher
int maxExamTermNumber = Integer.parseInt(propertyLoader.getProperty("subjectMaxExamDate"));
if (registeredExamsCount >= maxExamTermNumber) {
log.warn("Teacher " + teacher.getFirstName() + " " + teacher.getLastName() + " is trying to create more than " +
"max count of exam dates for this subject(" + maxExamTermNumber + ")!");
return false;
}
}
}
ExaminationDate newExaminationDate = new ExaminationDate();
newExaminationDate.setDateOfTest(tmpDateOfTerm);
newExaminationDate.setMaxParticipants(maxParticipantsInt);
newExaminationDate = examinationDateDao.save(newExaminationDate);
Teacher tmpTeacher = (Teacher) userDao.findOne(teacher.getId());
Subject tmpSubject = subjectDao.findOne(subjectId);
if (tmpSubject == null) {
log.error("Creating new examination term failed.");
return false;
}
newExaminationDate.setTeacher(tmpTeacher);
newExaminationDate.setSubject(tmpSubject);
if (maxParticipantsInt >= 0) {
newExaminationDate = examinationDateDao.save(newExaminationDate);
}
if (newExaminationDate != null && newExaminationDate.getId() != null) {
log.error(propertyLoader.getProperty("log.E10TeacherService.createNewExaminationTerm"));
return true;
}
log.error("Creating new examination term failed.");
return false;
}
]]>
URL to the correct source code
https://gitlab.kiv.zcu.cz/herout/TbUIS-UIS/blob/master/src/main/java/cz/zcu/kiv/matyasj/dp/service/users/correct/BaseTeacherService.java
Correct source code
<![CDATA[
/**
* This method creates new exam date for particular teacher and for subject.
*
* @param teacher Teacher who wants to create a new exam
* @param subjectId New exam date will be created for subject with this database id
* @param dateOfTerm Date of new examination
* @param maxParticipants Maximal number of participants
* @return true if operation will be successfully completed, false otherwise
*/
@Override
public boolean createNewExaminationTerm(Teacher teacher, Long subjectId, String dateOfTerm, String maxParticipants) {
if (teacher == null) {
log.error("Creating new examination term failed.");
return false;
}
log.info("Creating new examination term for subject with id " + subjectId + ", teacher with id " + teacher.getId() + ", date " + dateOfTerm + " and maximal number of participants " + maxParticipants + ".");
Date tmpDateOfTerm = dateUtility.stringToDate(dateOfTerm);
// Test if date is null
if (tmpDateOfTerm == null) {
log.warn("Date of new examination term is null! Creation of new examination term is being canceled.");
return false;
}
// Test if date is in future
if (!tmpDateOfTerm.after(new Date())) {
log.warn("Date of new examination term is not in future! Creation of new examination term is being canceled.");
return false;
}
int maxParticipantsInt = 0;
try {
maxParticipantsInt = Integer.parseInt(maxParticipants);
} catch (Exception e) {
log.warn("Maximal number of exam date participants exceeded! Creation of new examination term is being canceled.");
}
// Test if maximal number of participants is too low
if (maxParticipantsInt < Integer.parseInt(propertyLoader.getProperty("examTermMinParticipants"))) {
log.warn("Maximal number of exam date participants too low! Creation of new examination term is being canceled.");
return false;
}
// Test if maximal number of participants is not exceeded
if (maxParticipantsInt > Integer.parseInt(propertyLoader.getProperty("examTermMaxParticipants"))) {
log.warn("Maximal number of exam date participants exceeded! Creation of new examination term is being canceled.");
return false;
}
Subject subject = subjectDao.findOne(subjectId);
if (subject == null) {
log.error("Creating new examination term failed.");
return false;
}
List<ExaminationDate> examinationDates = getAllExaminationTermsBySubject(subject);
final int millisecondsInMinute = 60000;
final int minutesInDay = 24 * 60;
if (examinationDates.size() != 0) {
ExaminationDate lastExam = null;
int registeredExamsCount = 0;
for (ExaminationDate exam : examinationDates) {
if (exam.getTeacher().getUsername().equals(teacher.getUsername())) {
if (lastExam == null || lastExam.getDateOfTest().before(exam.getDateOfTest())) {
lastExam = exam;
registeredExamsCount++;
}
}
}
if (lastExam != null) { // Teacher has already registered exam
// Calculated time for exam dates comparing
long latestExamTime = lastExam.getDateOfTest().getTime() / millisecondsInMinute;
long newExamTime = tmpDateOfTerm.getTime() / millisecondsInMinute;
// Test if date is same as previous examination date
if (latestExamTime == newExamTime) {
log.warn("Date of new examination term is same as the date of previous term! Creation of new examination term is being canceled.");
return false;
}
// Test if date is at least 24 hours after previous examination date
if ((newExamTime - latestExamTime) < minutesInDay) {
log.warn("Date of new examination term is set sooner than 24 hours after previous exam date! Creation of new examination term is being canceled.");
return false;
}
// Test max exam dates for this subject and teacher
int maxExamTermNumber = Integer.parseInt(propertyLoader.getProperty("subjectMaxExamDate"));
if (registeredExamsCount >= maxExamTermNumber) {
log.warn("Teacher " + teacher.getFirstName() + " " + teacher.getLastName() + " is trying to create more than " +
"max count of exam dates for this subject(" + maxExamTermNumber + ")!");
return false;
}
}
}
ExaminationDate newExaminationDate = new ExaminationDate();
newExaminationDate.setDateOfTest(tmpDateOfTerm);
newExaminationDate.setMaxParticipants(maxParticipantsInt);
newExaminationDate = examinationDateDao.save(newExaminationDate);
Teacher tmpTeacher = (Teacher) userDao.findOne(teacher.getId());
Subject tmpSubject = subjectDao.findOne(subjectId);
if (tmpSubject == null) {
log.error("Creating new examination term failed.");
return false;
}
newExaminationDate.setTeacher(tmpTeacher);
newExaminationDate.setSubject(tmpSubject);
newExaminationDate = examinationDateDao.save(newExaminationDate);
if (newExaminationDate != null && newExaminationDate.getId() != null) {
return true;
}
log.error("Creating new examination term failed.");
return false;
}
]]>
Logged information up to failure
<![CDATA[
2019-10-12 16:49:24.153 -- INFO LogHelper:31 - HHH000204: Processing PersistenceUnitInfo [name: cz.zcu.kiv.matyasj.dp]
2019-10-12 16:49:24.387 -- INFO Version:46 - HHH000412: Hibernate Core {5.4.1.Final}
2019-10-12 16:49:24.794 -- INFO Version:49 - HCANN000001: Hibernate Commons Annotations {5.1.0.Final}
2019-10-12 16:49:25.234 -- INFO C3P0ConnectionProvider:116 - HHH010002: C3P0 using driver: com.mysql.jdbc.Driver at URL: jdbc:mysql://localhost:3306/uis-web-db
2019-10-12 16:49:25.234 -- INFO C3P0ConnectionProvider:117 - HHH10001001: Connection properties: {password=****, useUnicode=true, handling_mode=DELAYED_ACQUISITION_AND_HOLD, characterEncoding=UTF-8, user=uis-web}
2019-10-12 16:49:25.234 -- INFO C3P0ConnectionProvider:120 - HHH10001003: Autocommit mode: false
2019-10-12 16:49:25.437 -- INFO C3P0ConnectionProvider:200 - HHH10001007: JDBC isolation level: <unknown>
2019-10-12 16:49:25.812 -- INFO Dialect:158 - HHH000400: Using dialect: org.hibernate.dialect.MySQL55Dialect
2019-10-12 16:49:27.562 -- INFO access:47 - HHH10001501: Connection obtained from JdbcConnectionAccess [org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator$ConnectionProviderJdbcConnectionAccess@6d88a3f4] for (non-JTA) DDL execution was not in auto-commit mode; the Connection 'local transaction' will be committed and the Connection will be set into auto-commit mode.
2019-10-12 16:49:29.796 -- INFO access:47 - HHH10001501: Connection obtained from JdbcConnectionAccess [org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator$ConnectionProviderJdbcConnectionAccess@5aa345a5] for (non-JTA) DDL execution was not in auto-commit mode; the Connection 'local transaction' will be committed and the Connection will be set into auto-commit mode.
2019-10-12 16:49:42.629 -- INFO JtaPlatformInitiator:52 - HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
2019-10-12 16:49:42.879 -- INFO SecurityConfig:75 - SECURITY JDBC authentication process is running
2019-10-12 16:49:45.128 -- INFO SecurityConfig:93 - Authorization configuration process is running
2019-10-12 16:49:45.425 -- INFO BaseInitializer:97 - Initializing ...
2019-10-12 16:49:52.083 -- INFO BaseInitializer:463 - Initialized!
2019-10-12 16:49:52.193 -- INFO BaseInitializer:97 - Initializing ...
2019-10-12 16:53:08.136 -- INFO LoginController:30 - Request for login view
2019-10-12 16:53:17.421 -- INFO UserDaoCriteria:74 - User with username easyrider found.
2019-10-12 16:53:17.453 -- INFO SecurityConfig:121 - Success login - easyrider
2019-10-12 16:53:17.453 -- INFO SecurityConfig:125 - User login role: ROLE_TEACHER
2019-10-12 16:53:17.484 -- INFO UserDaoCriteria:74 - User with username easyrider found.
2019-10-12 16:53:17.499 -- INFO OverviewController:53 - Request for overview of teacher with id 27 for view.
2019-10-12 16:53:20.080 -- INFO UserDaoCriteria:74 - User with username easyrider found.
2019-10-12 16:53:20.095 -- INFO TeachersExamTermsController:48 - Request for retrieving list of exam dates of user with id 27 view.
2019-10-12 16:53:20.095 -- INFO BaseTeacherService:294 - Getting all examination terms without graduate participants for teacher with id 27.
2019-10-12 16:53:20.142 -- INFO ExaminationDateDaoCriteria:118 - Returning list of 1 examination dates for teacher with id 27.
2019-10-12 16:53:20.142 -- INFO UserDaoCriteria:74 - User with username easyrider found.
2019-10-12 16:53:20.173 -- INFO BaseTeacherService:92 - Getting list of taught subjects for teacher with id 27.
2019-10-12 16:53:22.047 -- INFO NewExamDateController:44 - Request for retrieving new exam date form view.
2019-10-12 16:53:22.047 -- INFO UserDaoCriteria:74 - User with username easyrider found.
2019-10-12 16:53:22.078 -- INFO BaseTeacherService:92 - Getting list of taught subjects for teacher with id 27.
2019-10-12 16:54:16.795 -- INFO UserDaoCriteria:74 - User with username easyrider found.
2019-10-12 16:54:16.810 -- INFO NewExamDateController:95 - Request from user with id 27 for saving new exam date with subject id 8, date 2019-10-15 10:00 and maximal number of participants -1.
2019-10-12 16:54:16.810 -- INFO E10TeacherService:68 - Creating new examination term for subject with id 8, teacher with id 27, date 2019-10-15 10:00 and maximal number of participants -1.
2019-10-12 16:54:16.810 -- INFO BaseDateUtility:68 - Parsing string representation of date to Date object
2019-10-12 16:54:16.842 -- INFO BaseTeacherService:274 - Getting all examination terms by subject with id 8.
2019-10-12 16:54:16.873 -- INFO ExaminationDateDaoCriteria:141 - Returning list of 1 examination dates for subject with id 8.
2019-10-12 16:54:16.889 -- INFO BaseTeacherService:342 - Getting all examination terms by subject for subject with id 8.
2019-10-12 16:54:16.998 -- ERROR E10TeacherService:182 - INJECTED_ERROR: E10TeacherService_createNewExaminationTerm_causes_no_verification_of_negative_numbers_which_leads_to_error_at_saving_examination_term_into_db
2019-10-12 16:54:16.998 -- INFO NewExamDateController:99 - Request for saving new exam date with subject id 8, date 2019-10-15 10:00 and maximal number of participants -1 was successful.
]]>
Overview of functional tests full log
Overview of acceptance tests full report
