help3007 articles all ANNOUNCEMENTS recent articles
login to post a new article
tagged articles (144 / 199) the unit in general (6) software security in the news (1) lectures (5) labs (22) project (78) final exam (17) tests and quizzes (9) trivia (3) the C language (3)
help3007 topics from today and yesterday from the past week from the past two weeks ALL topics, most recent first
  login
chapter0 unitinfo research projects
csforum csse-feedback csbreakdown cssubmit csmarks
2nd semester help fora Algebra Advanced Algorithms Cloud Computing High Performance Computing Intelligent Agents Professional Computing Relational Database Management Systems Systems Programming
  It's UWAweek 47

help3007

This forum is provided to promote discussion amongst students enrolled in CITS3007 Secure Coding. If posting a question, it's suggested you check first whether your question is answered in the unit Frequently Asked Questions (FAQ) list, and use the search box (on the right) to see if an answer to your question has already been posted.

Please consider offering answers and suggestions to help other students! And if you fix a problem by following a suggestion here, it would be great if other interested students could see a short "Great, fixed it!"  followup message.

Note that any posts must comply with the UWA Code of Conduct and the UWA Academic Conduct Policy. That means you should (a) treat everyone with respect and courtesy, and (b) not post your solutions to an assessment that's in progress.

If asking a programming question, it's recommended you read How do I ask a good question? If reporting or troubleshooting a bug in software used in the unit, it's recommend you read How to report bugs effectively.
Displaying selected article
Showing 1 of 170 articles.
Currently 26 other people reading this forum.
 UWA week 20 (1st semester, week 11) ↓
SVG not supported

Login to reply

👍?
helpful
1:34pm Tue 14th May, Arran S.

Hi all,

The revised project spec is available – there are a few minor improvements to wording, but other than that, no very significant changes beyond what's already been flagged in this forum.

You can see the exact changes made to the spec document itself here, and you can see the changes made to crypto.h by downloading it and comparing it to the original (using diff or an equivalent GUI tool such as meld).

Based on code I've seen in labs, here are a few development tips:

  • Remember to enable warnings when compiling your code, or you'll likely miss problems in your code that GCC is telling you about. A reasonable set of warnings is -Wall -Wextra -Wconversion. (You should also, ideally, be running static analysers over your code; but enabling warnings is the absolute bare minimum.)

  • Remember to add the -pedantic-errors flag when compiling - as discussed in last week's lecture, this disables GCC extensions to C. (There is a list of them here. Some I can't see much use for, such as zero-sized structs and arrays, others are quite handy, such as function attributes.)

  • If you don't use the Google sanitizers (especially UBSan and ASan) together with debugging symbols (-g), you're making life needlessly hard for yourself. Without them, debugging C can be difficult and stressful. With them, resolving bugs can often be as easy as it is in, say, Python.

  • Comments that do no more than say what anyone can already see from the code will result in a loss of marks (e.g. "// We call malloc to allocate memory", "// return 0 on success"). This is already pointed out in the standard rubric, but I mention it again in case you missed it.

    Useful comments usually explain not what the code is doing, but why that approach has been taken (e.g. in order to validate untrusted input, or to comply with something in the written spec). Imagine that your code is being read by someone doing a security review of it[*] – how would you justify your approach to them?

  • A small number of students each year attempt to do something "clever" in their code. "Clever" code is nearly always less readable and harder to review for security flaws, and so results in a loss of marks.

  • There should be almost no reason to define your own macros – they, too, just make it harder for a reviewer to check that your code is correct and complies with the spec. In general, function-like macros are more error-prone and harder to review than normal functions, and are only appropriate for large projects (where their utility outweighs the loss in readability), which this is not.

    Don't #define preprocessor symbols like TRUE or FALSE,† either. The spec doesn't refer to any such values (it only talks about functions returning 0 or 1), so your code shouldn't either. (Why would you make it harder for a reviewer to check that your code implements the spec?)

  • When you submit your final code, make sure it's in some sort of logical order. For instance, the functions which form the publicly-accessable API for your code (four cipher functions plus cli) should probably all be next to each other, so a reviewer can access them easily. If you've written helper functions, you could put them before or after the publicly exposed functions, whatever your preference is. (I usually see them put before, but practice varies.)

Hopefully those are useful – let me know if you have any queries about them.

Cheers,
Arran

[*] Because it is.
† I just give this as an example of code I've seen. In modern C versions, we have bool types and properly typed const variables, so there's even less reason for this sort of thing.

The University of Western Australia

Computer Science and Software Engineering

CRICOS Code: 00126G 		Written by [email protected]
Powered by history
Feedback always welcome - it makes our software better!
Last modified  8:08AM Aug 25 2024
Privacy policy