-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create Password.c #82
Conversation
Reviewer's Guide by SourceryThis PR introduces a new C program that implements a simple PIN-based authentication system. The program allows users three attempts to enter the correct PIN (4008). It uses a do-while loop for PIN entry validation and includes proper error handling for failed attempts. No diagrams generated as the changes look simple and do not need a visual representation. File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @o10a19 - I've reviewed your changes and found some issues that need to be addressed.
Blocking issues:
- Avoid hardcoding sensitive values like PINs in source code (link)
- Use safer input methods instead of scanf to prevent buffer overflow vulnerabilities (link)
Overall Comments:
- Storing the PIN directly in the source code is a serious security risk. Consider reading it from a secure configuration file or environment variable instead.
- The program lacks input validation. scanf() could fail or overflow with invalid input. Consider adding proper error checking and using fgets() with sscanf() for safer input handling.
Here's what I looked at during the review
- 🟡 General issues: 1 issue found
- 🔴 Security: 2 blocking issues
- 🟢 Testing: all looks good
- 🟡 Complexity: 1 issue found
- 🟢 Documentation: all looks good
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
scanf("%d", &pin); | ||
attempt--; | ||
|
||
if (pin != 4008) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚨 issue (security): Avoid hardcoding sensitive values like PINs in source code
Consider storing the PIN in a secure configuration file or environment variable, or using a proper password hashing mechanism.
|
||
do { | ||
printf("Enter your pin: "); | ||
scanf("%d", &pin); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚨 issue (security): Use safer input methods instead of scanf to prevent buffer overflow vulnerabilities
Consider using fgets() with sscanf() or similar safer alternatives that provide better input validation and buffer overflow protection.
printf("Incorrect PIN\n"); | ||
} | ||
|
||
if (attempt == 0 && pin != 4008) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
suggestion: Restructure the attempt checking logic to avoid duplicate messaging
Consider checking remaining attempts first, then validate the PIN to make the flow more logical and eliminate redundant messages.
if (attempt == 0) {
printf("Incorrect PIN and no further attempts left\n");
exit(EXIT_FAILURE);
}
#include <stdio.h> | ||
|
||
int main() { | ||
int pin, attempt = 3; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
issue (complexity): Consider using symbolic constants and a single return path to improve code clarity.
The control flow can be simplified while maintaining all functionality. Here's a cleaner approach:
#include <stdlib.h>
#include <stdio.h>
#define CORRECT_PIN 4008
#define MAX_ATTEMPTS 3
int main() {
int pin;
int attempts_left = MAX_ATTEMPTS;
while (attempts_left > 0) {
printf("Enter your pin: ");
scanf("%d", &pin);
if (pin == CORRECT_PIN) {
printf("Welcome User!\n");
return 0;
}
attempts_left--;
printf("Incorrect PIN\n");
if (attempts_left == 0) {
printf("No further attempts left\n");
return EXIT_FAILURE;
}
}
}
Summary by Sourcery
New Features: