Skip to content

fix: add transaction protection to card dealing to prevent game state corruption#2348

Open
Arunodoy18 wants to merge 4 commits intoOWASP:masterfrom
Arunodoy18:fix/2343-transactional-card-dealing
Open

fix: add transaction protection to card dealing to prevent game state corruption#2348
Arunodoy18 wants to merge 4 commits intoOWASP:masterfrom
Arunodoy18:fix/2343-transactional-card-dealing

Conversation

@Arunodoy18
Copy link

Fixes issue #2343.

  • Wraps card dealing logic in Ecto.Multi transaction
  • Replaces insert! with safe insert operations
  • Ensures atomic game initialization
  • Prevents partial state corruption
  • Adds graceful error handling to LiveView

Complies with ASVS V2.3.3 for business-logic-level transaction integrity.

Fixes OWASP#2133

Problem:
The first suit table (VE - Data Validation & Encoding) in both guide
template variants had inconsistent row heights compared to all other
suit tables, causing text overflow in translations with longer content.

Standard template (owasp_cornucopia_webapp_ver_guide_bridge_lang.odt):
- Table10.2: 3.501cm (should be 4.001cm)
- Table10.3: 4.501cm (should be 4.001cm)

QR template (owasp_cornucopia_webapp_ver_guide_bridge_qr_lang.odt):
- Table11.4: 3.501cm (should be 4.001cm)

All other suit tables (17/18 through 87/95) use 4.001cm uniformly.

Solution:
Normalized the inconsistent row heights to 4.001cm to match the
standard used by all other suit tables. This provides consistent
vertical spacing across all card descriptions and prevents text
overflow issues in non-English translations.

Changes:
- Fixed row heights in both guide template variants
- Added fix_templates_issue_2133.py script for reproducibility
- Updated .gitignore to exclude .backup files
@sydseter
Copy link
Collaborator

@Arunodoy18 Make sure your commits have a verified signature

@sydseter
Copy link
Collaborator

Make sure you update your branch as well.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems to be unrelated to transaction protection. Please remove file.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please revert change.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please revert change.

@Arunodoy18
Copy link
Author

Hi @sydseter, I've addressed all the requested changes:

Resolved the merge conflict in show.ex, combining your upstream 3-player validation with the transactional card dealing logic
Removed fix_templates_issue_2133.py
Reverted changes to both .odt template files
Branch is now up to date with upstream/master.

@Arunodoy18
Copy link
Author

Hi @sydseter, I've addressed all the requested changes:

  • Resolved merge conflict in \show.ex: combined your upstream 3-player minimum validation with the transactional card dealing logic from this PR, so the \cond do\ guard now checks \started_at, then player count (< 3), then proceeds with the atomic \deal_cards_for_game/3\ transaction.
  • Removed \ ix_templates_issue_2133.py\ — unrelated to transaction protection.
  • Reverted
    esources/templates/owasp_cornucopia_webapp_ver_guide_bridge_lang.odt\ to upstream version.
  • Reverted
    esources/templates/owasp_cornucopia_webapp_ver_guide_bridge_qr_lang.odt\ to upstream version.

Branch is now up to date with \upstream/master. Ready for re-review.

@immortal71
Copy link
Contributor

@Arunodoy18 serious ?!!, it was assigned to me , please make sure to only work on issue assign to u

@immortal71
Copy link
Contributor

immortal71 commented Feb 27, 2026

@Arunodoy18 hope u will close the pr and wonot create dublicate pr for the issue found by other(me) and assign to other !! 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants