This forum is provided to promote discussion amongst students enrolled in
CITS3007 Secure Coding.
If posting a question, it's suggested you check first whether your question
is answered in the unit Frequently Asked Questions (FAQ) list, and use the search box
(on the right) to see if an answer to your question has already been posted.
Please consider offering answers and suggestions to help other students!
And if you fix a problem by following a suggestion here,
it would be great if other interested students could see a short
"Great, fixed it!" followup message.
Hoping to get some clarification as to how we should be handling cases where an out of range int is passed into the caesar functions.
From crypto.h, we know that a precondition of key is that it must fall within the range of (range low - range hig...
You are correct - that's an error in the specification, since it fails to state what you should do in such a case and is therefore incomplete. Well spotted ) You should indeed check that the Vigen re key meets the criteria for validity, and should ...
Answered off-forum.
But in brief what we're writing in the project isn't really a program , but a library (admittedly a very small one) - a set of functions serving some common purpose. So as library maintainers, we can just declare caesar decry...
This student contacted me off-forum, so I won't make a full reply here, but briefly
- Anything from the lectures is non-normative (https developer.mozilla.org en-US docs Glossary Non-normative) - it's the project spec you should be working off
- Wh...
Hi,
In C, the only way you can check if a string is null-terminated is if you know the size of the array that it's in. If you know the array is, say, N elements long, you can just write a loop
bool is null terminated false;
for(size t i 0; i...
I also have a follow up question regarding the Vigenere cipher, if a character does not fall within the acceptable encrypting range and we have to copy it over, do we still advance in our progression along the key or do we not change our position unt...
Hi,
When we are validating the key input for the cli function, the spec only mentions that we must check if it is an appropriate int for Caesar encryption and decryption.
It does not state about checking if Vigenere is given an appropriate string wher...
Hi Arran,
I wanted to check whether a string from user input is null terminated before passing it to strlen or other operation which could cause undefined behaviour, but I couldn't find a way to check this. Based on my understanding, checking for nul...
Hi,
The cli function is the only one you're required to write a Doxygen-processable documentation block for. API documentation is essential for any public-facing function, and cli is one of those.
For helper functions even though these are intern...
The project brief mentions
'you may also write whatever helper functions you wish.'
I was wondering if we were required to write up Doxygen-processable comments for these helper functions or if it is only needed for the cli function.
An addition to this question is how the similar pre condition for Caesar works if a key outside the range of -26 and 26 is passed, do we modulo to bring it back into range, or check this condition before calling the function and return? To me it see...
Based on the project spec and the most recent lecture, the vigenere function can accept a key that contains both numbers and letters. What is the expected logic to process such a key, and could you please explain how this would allowed with the pre c...
Reimplementing the logic seems unecessary and redundant, as suitable code already exists in another function. It potentially also improves the readability of the function. On the other hand, it prevents any potential separation of caesar decrypt from...
Hi Siya,
No worries. Your mark (and the mark of anyone else who did that question) should now have been corrected, on both Moodle and csmarks.
cheers
Arran
