Skip to content

fix: add transaction protection to card dealing to prevent game state corruption#2348

Open
Arunodoy18 wants to merge 4 commits intoOWASP:masterfrom
Arunodoy18:fix/2343-transactional-card-dealing
Open

fix: add transaction protection to card dealing to prevent game state corruption#2348
Arunodoy18 wants to merge 4 commits intoOWASP:masterfrom
Arunodoy18:fix/2343-transactional-card-dealing

Conversation

@Arunodoy18
Copy link

@Arunodoy18 Arunodoy18 commented Feb 22, 2026

Fixes issue #2343.

  • Wraps card dealing logic in Ecto.Multi transaction
  • Replaces insert! with safe insert operations
  • Ensures atomic game initialization
  • Prevents partial state corruption
  • Adds graceful error handling to LiveView

Complies with ASVS V2.3.3 for business-logic-level transaction integrity.

@Arunodoy18
fix: normalize Table10/Table11 row heights in guide templates
740d299 
Fixes OWASP#2133

Problem:
The first suit table (VE - Data Validation & Encoding) in both guide
template variants had inconsistent row heights compared to all other
suit tables, causing text overflow in translations with longer content.

Standard template (owasp_cornucopia_webapp_ver_guide_bridge_lang.odt):
- Table10.2: 3.501cm (should be 4.001cm)
- Table10.3: 4.501cm (should be 4.001cm)

QR template (owasp_cornucopia_webapp_ver_guide_bridge_qr_lang.odt):
- Table11.4: 3.501cm (should be 4.001cm)

All other suit tables (17/18 through 87/95) use 4.001cm uniformly.

Solution:
Normalized the inconsistent row heights to 4.001cm to match the
standard used by all other suit tables. This provides consistent
vertical spacing across all card descriptions and prevents text
overflow issues in non-English translations.

Changes:
- Fixed row heights in both guide template variants
- Added fix_templates_issue_2133.py script for reproducibility
- Updated .gitignore to exclude .backup files
@Arunodoy18
fix(game): add transactional protection to card dealing (fixes OWASP#…
fc3c07b 
…2343)
@sydseter
Copy link
Collaborator

sydseter commented Feb 25, 2026

@Arunodoy18 Make sure your commits have a verified signature

@sydseter
Copy link
Collaborator

sydseter commented Feb 25, 2026

Make sure you update your branch as well.

sydseter
sydseter requested changes Feb 26, 2026
View reviewed changes
fix_templates_issue_2133.py Outdated
Copy link
Collaborator

@sydseter sydseter Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems to be unrelated to transaction protection. Please remove file.

resources/templates/owasp_cornucopia_webapp_ver_guide_bridge_lang.odt
Copy link
Collaborator

@sydseter sydseter Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please revert change.

resources/templates/owasp_cornucopia_webapp_ver_guide_bridge_qr_lang.odt
Copy link
Collaborator

@sydseter sydseter Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please revert change.

@Arunodoy18
Copy link
Author

Arunodoy18 commented Feb 26, 2026

Hi @sydseter, I've addressed all the requested changes:

Resolved the merge conflict in show.ex, combining your upstream 3-player validation with the transactional card dealing logic
Removed fix_templates_issue_2133.py
Reverted changes to both .odt template files
Branch is now up to date with upstream/master.

@Arunodoy18
Copy link
Author

Arunodoy18 commented Feb 26, 2026

Hi @sydseter, I've addressed all the requested changes:

  • Resolved merge conflict in \show.ex: combined your upstream 3-player minimum validation with the transactional card dealing logic from this PR, so the \cond do\ guard now checks \started_at, then player count (< 3), then proceeds with the atomic \deal_cards_for_game/3\ transaction.
  • Removed \ ix_templates_issue_2133.py\ — unrelated to transaction protection.
  • Reverted
    esources/templates/owasp_cornucopia_webapp_ver_guide_bridge_lang.odt\ to upstream version.
  • Reverted
    esources/templates/owasp_cornucopia_webapp_ver_guide_bridge_qr_lang.odt\ to upstream version.

Branch is now up to date with \upstream/master. Ready for re-review.

@immortal71
Copy link
Contributor

immortal71 commented Feb 27, 2026

@Arunodoy18 serious ?!!, it was assigned to me , please make sure to only work on issue assign to u

@immortal71
Copy link
Contributor

immortal71 commented Feb 27, 2026
edited
Loading

@Arunodoy18 hope u will close the pr and wonot create dublicate pr for the issue found by other(me) and assign to other !! 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sydseter sydseter sydseter requested changes

@rewtd rewtd Awaiting requested review from rewtd rewtd is a code owner

@cw-owasp cw-owasp Awaiting requested review from cw-owasp cw-owasp is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Arunodoy18 @sydseter @immortal71