Validate that submitted cards actually form a Set#186
Open
adotdong29 wants to merge 1 commit into
Open
Conversation
Event handlers checked that cards were distinct and on the board, but never verified they form a Set. Any three distinct on-board cards could be submitted and counted as a Set, inflating scores and Elo.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
hello! I am an avid set enjoyer, and enjoy the game setwithfriends, which helps me connect with my friends too! I noticed this issue when I was playing and thought I could try to help out a game I love! I appreciate any feedback or criticism you have!
Bug
Event handlers in
src/util.jsandfunctions/src/game.tsonly check that submitted cards are distinct and on the board. They don't check that the cards actually form a Set. So a player can submit any three on-board cards (e.g.0000,0001,0010, where attribute 2 sums to 1 mod 3) and get credit for a Set, inflating their score and Elo.The server-side gap is the load-bearing one: a player can POST directly to
gameData/<id>/eventswithout going through the client.Fix
Adds
checkSet(c1, c2, c3)(andcheckSetUltrafor ultraset mode) to:processEventNormal,processEventChain,processEventUltrainsrc/util.jsreplayEventNormal,replayEventChain,replayEventUltrainfunctions/src/game.tsBoth sides need it: client to keep the local UI honest, server to keep the database honest.
Tests
Added 6 tests in
src/util.test.jscovering normal, set-chain, and ultraset modes. Each verifies that non-Set submissions leave history empty and score at zero, and that real Sets still register. All 14 tests in the file pass.