Bugs found in HERE SaaS: QAwerk Bug Crawl
HERE is a SaaS platform with multi-cloud architecture intended for developers building location-based solutions, and offering live location data both in 2D and 3D for over 200 countries and territories. Enabling spatial intelligence, the HERE ecosystem utilizes more than 21 million vehicles providing real-time data, while over 15 billion probe data points are processed daily.
With the HERE platform, developers can build fully customizable interactive maps, detect location data patterns and generate insights, integrate location intelligence into mobile and web applications, leverage geocoding, rendering, routing, transit and positioning services, create maps of private sites and then connect them to public maps. Another available opportunity is to monetize or exchange location-centric data, services or applications with customers from all over the world. HERE allows transforming location data into business value promptly and effectively, and is frequently adopted in connected and automated driving, network planning, fleet management.
Continuously enhancing our skills, we keep an eye on the evolution of location technology and chose HERE for our weekly bug crawl to detect issues that may affect the usage of the platform. Take a closer look at the results.
The user is redirected to a 404 page after clicking a few links
Severity:
Critical
Steps to Reproduce:
- Navigate to https://legal.here.com/en-gb/privacy/here-application-and-here-maps-privacy-supplement page.
- Scroll to the “Information about Service usage” section.
- 2.1. Click on link “Your privacy in the HERE Improvement Program“ in the 1st sub-paragraph.
- Scroll to the “Your choices” section.
- 3.1. Click on link “HERE Improvement Program.”
- Observe the following results.
Environment:
Microsoft Windows 10 Corporate – 20H2 – x64
Chrome – 93.0.4577.82
Affected links:
https://legal.here.com/en-gb/privacy/here-wego-here-application-or-here-maps-privacy-supplement-updated >> contained in “Information about Service usage” , “Your choices” sections >> https://www.here.com/privacy/improvementprogram/ (404)
https://legal.here.com/en-gb/privacy/here-wego-here-application-or-here-maps-privacy-supplement-updated >> contained in “Information about Service usage” , “Your choices” sections
http://here.com/privacy/improvementprogram (404)
Actual Result:
The user is redirected to a 404 page.
Expected Result:
After clicking upon a link, the user is able to browse the page successfully.
A few domains are redirected to the misconfigured domain
Severity:
Major
Steps to Reproduce:
- Visit https://www.here.com/partners/find-partner page.
- Scroll to the “Find a partner” section.
- Click the “Visit website: link under the “4MAPS BILGI TEKNOLOJILERI, MMC” partner.
- Observe the following results.
Environment:
Microsoft Windows 10 Corporate – 20H2 – x64
Chrome – 93.0.4577.82
Affected section “Partners” with the next blocks:
- “Acrelec GmbH”
- “CNID”
- “DATAKART KFT.”
- “frameLOGIC Sp. z o.o.”
- “GDi GROUP LLC.”
Actual Result:
The user is redirected to the misconfigured domain.
Expected Result:
The user is redirected to the partner website.
Poor email validation
Severity:
Major
Steps to Reproduce:
- Go to https://www.here.com/contact page.
- Enter an incorrect email address (—-@—-.com in this case) into the “Email” field.
- Fill out all other fields correctly.
- Click the “Submit” button.
- Observe the following results.
Environment:
Microsoft Windows 10 Corporate – 20H2 – x64
Chrome – 93.0.4577.82
Actual Result:
It is possible to send the contact us form using an invalid email.
Expected Result:
It is impossible to send the contact us form using an invalid email.
A missing favicon
Severity:
Trivial
Steps to Reproduce:
- Go to https://legal.here.com/en-gb/compliance page.
- Click the “ ISO/IEC 27001:2013 certification” link in the 1st sub-paragraph.
- Observe the following results.
Environment:
Microsoft Windows 10 Corporate – 20H2 – x64
Chrome – 93.0.4577.82
Scope of ISO/IEC 27001:2013
Actual Result:
There is no favicon on the https://here-legal-files-prd.s3.amazonaws.com/files/ISO27001_2013+certificate.pdf page.
Expected Result:
There is a favicon on the https://here-legal-files-prd.s3.amazonaws.com/files/ISO27001_2013+certificate.pdf page.
Step 2. “Scope of ISO/IEC 27001:2013” link
“Scope of SOC2 Type 2” link.
The footer is not pinned to the bottom of the screen
Severity:
Trivial
Steps to Reproduce:
- Go to the https://here.navigation.com/cms/page.FAQsTroubleshoot/en_GB/HEREEMEA/EUR page.
- Observe the following results.
Environment:
Microsoft Windows 10 Corporate – 20H2 – x64
Chrome – 93.0.4577.82
Actual Result:
The footer is not pinned to the bottom of the screen.
Expected Result:
The footer is pinned to the bottom of the screen.
No validation for the “Email address” field in the subscription form
Severity:
Trivial
Steps to Reproduce:
- Navigate to https://360.here.com/.
- Scroll down to the “Get in the moment updates” form.
- Fill out incorrect data in the “Email address” field.
- Fill out other required fields and submit the form.
- Observe the following results.
Environment:
Windows 10 corporate – 20H2
Chrome – 93.0.4577.82
Actual Result:
The subscription form is submitted successfully.
Expected Result:
The subscription form is not submitted.
Validation messages overlap each other in the billing details form
Severity:
Trivial
Precondition:
The user has an account
Steps to Reproduce:
- Go to https://developer.here.com/billing-management page.
- Click the “Edit” button next to the “Billing details” title.
- Enter one symbol in the “First name” field.
- Click the save button next to the “Billing details” title.
- Take a look at the next result.
Environment:
Windows 10 corporate – 20H2
Chrome – 93.0.4577.82
Actual Result:
Validation messages overlap each other.
Expected Result:
Each validation message is readable.
The HERE team has translated 35 years of experience in mapmaking into the world's leading location platform. I detected a few non-existent pages (404). Also, I found several bugs in the validation and UI: it's possible to send Contact Us form using an invalid email, missed and displaced UI elements. Ad-hoc and smoke testing are effective for finding similar defects because they start with exploring the main product functions and also cover non-standard tests. These types of checks allow revealing critical malfunctions and layout issues early on.
