|
|
|
|
|
|
There are some errors in the _CPF_ constraint and _ModCheck_, first the constraint format pattern treat non digit characters as optional, but the exclusion patterns don't. i.e. *000.000.000-00* is invalid, but *00000000000* is valid.
The exclusion patterns are missing some other known cases, all document number that is composed only by the same digit is a invalid document that passes the Mod11 check, not only those composed by only zeros or nines.
The the method mod11 used for CPF is giving false positives, accepts invalid check digits as valid.
As an example the document number *000.000.000-01* is know to be invalid, same occurs with the number *000.000.000-19*, other examples would be *378.796.950-01* and *378.796.950-02* and others.
Two different check digits yet both are valid when put against the Mod11 algorithm used here. That happens because the check digit is being used in the checksum, this can create a condition where the digit validates it self.
----
I've wrote a patch and some tests, to ensure compatibility I didn't change any return type nor the method signature, passing on all previous tests.
I will send a pull request, after cleaning the code.
Having done that I think it would be wise to change that, pass the check digit separated from the verification list or not passing at all, the mod11 method should calculate the mod not validate it.
Samples for tests and validation are found in this site: [http://www.geradorcpf.com/] and [http://www.geradorcpf.com/validar-cpf.htm] both in Brazilian Portuguese.
Excuse my poor English and thanks for the awesome job.
|
|
|
|
|
|
