ArithmeticError when starting game with zero players

[immortal71]

Description

The start_game event handler in GameLive.Show will crash with an ArithmeticError if a game is started without any players. This occurs because the code attempts to use modulo division rem/2 by the player count without first validating that players exist.

Location

File: copi.owasp.org/lib/copi_web/live/game_live/show.ex

Vulnerable Code

def handle_event("start_game", _, socket) do
  game = socket.assigns.game

  if game.started_at do
    # Do nothing, game's already started
  else
    all_cards = Copi.Cornucopia.list_cards_shuffled(game.edition, game.suits, latest_version(game.edition))
    players = game.players  # Could be empty!

    all_cards
    |> Enum.with_index
    |> Enum.each(fn({card, i}) ->
      Copi.Repo.insert! %DealtCard{
        card_id: card.id,
        player_id: Enum.fetch!(players, rem(i, Enum.count(players))).id  # ArithmeticError if count = 0
      }
    end)
  end
end

Problem Analysis

Issue 1: Division by Zero

• Enum.count(players) returns 0 when no players have joined
• rem(i, 0) throws ArithmeticError (bad argument in arithmetic expression)
• This causes the LiveView process to crash

Issue 2: No Validation

• No check to ensure game.players is non-empty before starting
• No minimum player count validation (games should require at least 2 players)
• No user-friendly error message

Reproduction Steps

1. Create a new game at /games/new
2. Navigate to the game page /games/:game_id without adding any players
3. Click "Start Game" button
4. Result: LiveView crashes with ArithmeticError

[immortal71]

@sydseter what do u think ?, is it worth ? should i work on it ?

[sydseter]

Thank you for your support!

[immortal71]

@sydseter the pr is ready for review