It's UWAweek 47

help3007

This forum is provided to promote discussion amongst students enrolled in CITS3007 Secure Coding. If posting a question, it's suggested you check first whether your question is answered in the unit Frequently Asked Questions (FAQ) list, and use the search box (on the right) to see if an answer to your question has already been posted.

Please consider offering answers and suggestions to help other students! And if you fix a problem by following a suggestion here, it would be great if other interested students could see a short "Great, fixed it!"  followup message.

Note that any posts must comply with the UWA Code of Conduct and the UWA Academic Conduct Policy. That means you should (a) treat everyone with respect and courtesy, and (b) not post your solutions to an assessment that's in progress.

If asking a programming question, it's recommended you read How do I ask a good question? If reporting or troubleshooting a bug in software used in the unit, it's recommend you read How to report bugs effectively.
91 articles posted by this person
Showing 91 of 170 articles.
Currently no other people reading this forum.


 UWA week 27 (mid-year break) ↓
SVG not supported 2:09pm Fri 5th Jul, Arran S.

Hi all, Marks for all components have been released, and should be available in csmarks. I've had some technical difficulties uploading detailed breakdowns of project results, but hope to have them on Moodle either today or by Monday COB at the latest....


 UWA week 23 (1st semester, 1st exam week) ↓
SVG not supported 6:12pm Wed 5th Jun, Arran S.

Hi all, Just some hopefully useful information about the exam tomorrow The University recommends you arrive for any exam at least 15 minutes before the start time. That's especially important for lab-based exams, since you need to make sure you're l...


SVG not supported 12:22pm Tue 4th Jun, Arran S.

Hi Joel, Unfortunately not - though I'd love to have project marks and feedback available before the exam, I'm constrained by the marking resources available to me. Cheers Arran


SVG not supported 12:09pm Tue 4th Jun, Arran S.

Hi, The exam won't have any questions requiring you to use a compiler or IDE (unlike the quiz and mid-semester test, which were open-book, and encouraged you to make use of a compiler or IDE, and did have questions where information about e.g. data ...


SVG not supported 12:07pm Tue 4th Jun, Arran S.

Yes, if you check the Moodle server, the week 4 quiz feedback is available now. You should copy and paste anything particularly important you want from it, though, since the quiz won't be accessible during the exam, nor during "clash" exam sessions be...


SVG not supported 12:07pm Tue 4th Jun, Arran S.

Hi, There wasn't sufficient time to cover them in detail, so no, those slides won't be examinable. IPC concepts have come up a few times in relation to other topics, though, so it wouldn't hurt to look through the slides anyway. The Goodrich and Tama...


 UWA week 22 (1st semester, study break) ↓
SVG not supported 2:18pm Fri 31st May, Arran S.

ANONYMOUS wrote Just "Arran" is fine. I don't believe I'm in any danger of receiving a knighthood. I've added them to the "Resources" web page. As a tip the whole time this semester, you could've looked at solutions for any lab you wanted by viewing t...


SVG not supported 2:37pm Tue 28th May, Arran S.

Hi all, I just noticed the "Exam venue" link in the LMS wasn't visible to students. My apologies - I've made it visible. Cheers Arran


SVG not supported 2:54pm Mon 27th May, Arran S.

Hi, You can put anything you like in your notes. That said, there's usually not much time in an exam to look through and use written materials - so instead of planning to make use of notes or lab sheets in the exam, it's often a better idea to try and...


 UWA week 21 (1st semester, week 12) ↓
SVG not supported 1:24pm Fri 24th May, Arran S.

Hi, Sure, just email me - you're correct, the late submissions area isn't open by default. (If I make it open by default, Moodle starts warning all the people with on-time submissions that they have an assessment due.) Cheers Arran


SVG not supported 6:07pm Thu 23rd May, Arran S.

Hi, The cli function is expected to print output to stdout and stderr, so printing to those file-streams won't interfere with the marking scripts. The marking scripts capture your function's output by creating in-memory "files" using memfd create(...


SVG not supported 5:58pm Thu 23rd May, Arran S.

Hi, Well, what do you think the difference is? A C textbook, or a man page, or the cppreference website might be good places to look for information. (I'll gently point you towards the "How do I ask a good question?" link at the top of the forum i...


SVG not supported 5:52pm Thu 23rd May, Arran S.

Hi Shashwat, That's not what the Moodle logs say. They say that you were still using the testbed area up until 4 58 01 PM. At 4 59 55 PM, you opened the project submission area for the first time ever. And at 5 00 pm, having failed to make a submissi...


SVG not supported 5:38pm Thu 23rd May, Arran S.

Hi Shashwat, The late submissions area should be open now. Cheers Arran


SVG not supported 1:03pm Thu 23rd May, Arran S.

ANONYMOUS wrote My suggested process is - Make sure you have a Makefile for building your project. - Install bear sudo apt-get install bear . Clang analysers work best with a "compilation database" that tells them how your code is built (e.g. wher...


SVG not supported 12:16pm Thu 23rd May, Arran S.

It's nearly always a good idea to include newlines at the end of output to stdout or stderr. Besides the fact that it makes the output more legible, output to a file stream is buffered - see here https www.gnu.org software libc manual html node B...


SVG not supported 12:03pm Thu 23rd May, Arran S.

Yes, this has already been answered. ANONYMOUS wrote


SVG not supported 3:52pm Wed 22nd May, Arran S.

Your question is already answered in the documentation for the Vigen re functions. Cheers Arran ANONYMOUS wrote


SVG not supported 3:41pm Wed 22nd May, Arran S.

You are correct - that's an error in the specification, since it fails to state what you should do in such a case and is therefore incomplete. Well spotted ) You should indeed check that the Vigen re key meets the criteria for validity, and should ...


SVG not supported 3:13pm Wed 22nd May, Arran S.

Answered off-forum. But in brief what we're writing in the project isn't really a program , but a library (admittedly a very small one) - a set of functions serving some common purpose. So as library maintainers, we can just declare caesar decry...


SVG not supported 3:08pm Wed 22nd May, Arran S.

This student contacted me off-forum, so I won't make a full reply here, but briefly - Anything from the lectures is non-normative (https developer.mozilla.org en-US docs Glossary Non-normative) - it's the project spec you should be working off - Wh...


SVG not supported 2:09pm Wed 22nd May, Arran S.

Hi, In C, the only way you can check if a string is null-terminated is if you know the size of the array that it's in. If you know the array is, say, N elements long, you can just write a loop bool is null terminated false; for(size t i 0; i...


SVG not supported 10:11am Wed 22nd May, Arran S.

Hi, The cli function is the only one you're required to write a Doxygen-processable documentation block for. API documentation is essential for any public-facing function, and cli is one of those. For helper functions even though these are intern...


SVG not supported 10:04am Wed 22nd May, Arran S.

This is already answered in the project specification. Removing. ANONYMOUS wrote


SVG not supported 6:01pm Tue 21st May, Arran S.

Hi Siya, No worries. Your mark (and the mark of anyone else who did that question) should now have been corrected, on both Moodle and csmarks. cheers Arran


SVG not supported 5:10pm Tue 21st May, Arran S.

Hi all, In tomorrow's lecture, I'll aim to finish discussion of any topics I didn't get a chance to cover fully in previous lectures. Other than that, it is an opportunity to ask questions about any topic you like related to the unit. So if there are q...


SVG not supported 3:41pm Tue 21st May, Arran S.

Hi Luke, That doesn't sound right. Where do you see that stipulation? Can you please give the relevant part of the project specification? Also, can you clarify, what do you mean by "the program"? The specification doesn't ask you to submit a "program"...


SVG not supported 2:53pm Tue 21st May, Arran S.

Hi Hugo. Well, where are you getting the requirement from that the Vigen re key shouldn't contain digits or characters outside the range? That might provide some clue as to how a violation needs to be handled. Cheers Arran


SVG not supported 2:07pm Tue 21st May, Arran S.

Hi, Those questions explicitly state that markers will use them for allocating marks. So no, I don't suggest removing those from the total score. Cheers Arran


SVG not supported 2:03pm Tue 21st May, Arran S.

Hi, No worries. To clarify just paste your implementations (including any documentation for cli ) into Moodle. As the header file itself says, it isn't to be submitted, so just include your documentation block for cli with the source. (It's common t...


SVG not supported 1:44pm Tue 21st May, Arran S.

Hi, I'm afraid you'll have to work this out for yourself, at this point. I regard ambiguities or contradictions in the spec as already having been clarified (https cits3007.github.io faq how-are-problems-with-the-project-specification-resolved 3F)...


SVG not supported 1:27pm Tue 21st May, Arran S.

Hi, Well, really it's up to you to apply your best understanding of appropriate software development principles, and decide this for yourself. But perhaps expand on your thinking here, a little bit - can you suggest reasons for or against calling cae...


SVG not supported 1:23pm Tue 21st May, Arran S.

Hi Siyu, Questions do get re-used from year to year (sometimes with minor changes), so I've had to hide your post. In this case, it looks like there was an error in the question I'll fix that, and adjust the marks of anyone who did that question. But ...


SVG not supported 1:17pm Tue 21st May, Arran S.

Hi, They don't need to be explicitly called, no. (You can if you want, but tbh it makes the code rather awkward.) The intent is just for you to make use of the logic you came up with while implementing the Caesar functions my apologies, the spec...


SVG not supported 1:12pm Tue 21st May, Arran S.

Hi, I assume you mean "the submission area", not "the test area". It works by compiling your code using GCC, and then linking it against a "main.c" file which calls the implemented functions. If the code fails to compile or link, then that indicates th...


SVG not supported 1:04pm Tue 21st May, Arran S.

Hi all, I've enable a "testbed" area in Moodle as well. It's no substitute for running your own tests (with sanitizers enabled, and at varying optimization levels), and if you rely on it solely, you may well miss errors in your code. But it's there fo...


SVG not supported 6:06pm Mon 20th May, Arran S.

Hi all, Just following up on this - the Moodle feedback should also be available now. Cheers Arran


SVG not supported 5:04pm Mon 20th May, Arran S.

Hi Spencer, The cli function is an important deliverable for the project, and is definitely not "just for" testing You may want to review last week's lecture, since I discussed the cli function and its purpose in a reasonable amount of detail. Als...


SVG not supported 4:53pm Mon 20th May, Arran S.

Hi Spencer, I'll enable the test sandbox shortly. But really, you shouldn't rely on it, and it won't help you much. The project spec and the labs make it clear that part of the work of the project is for students to make use of sanitizers, static anal...


SVG not supported 4:36pm Mon 20th May, Arran S.

Hi, As per the schedule (https cits3007.github.io schedule ), there are no labs this week. The schedule does not, in fact, say anything about labsheets unless I'm missing something? It says "no labs". If you have queries relating to the project...


SVG not supported 1:25pm Mon 20th May, Arran S.

Hi all, Apologies for the delay in getting mid-semester marks back - I unexpectedly short of qualified markers for it. Marks are up in csmarks, and I'll have feedback available in Moodle shortly. Cheers Arran


SVG not supported 1:23pm Mon 20th May, Arran S.

Hi, If anyone has suggestions for addressing this problem, feel free to post. It's not something I'm able to assist with at the moment, as there is not nearly enough information to go on the name of the signal that caused an error isn't sufficient,...


SVG not supported
project Moodle  👍x1  (all 5)
1:15pm Mon 20th May, Arran S.

Hi, Apologies for the delay. The submission area is available on Moodle. I'll also enable the test area - but bear in mind that it won't substitute for your own testing. cheers Arran ANONYMOUS wrote


 UWA week 20 (1st semester, week 11) ↓
SVG not supported 1:34pm Tue 14th May, Arran S.

Hi all, The revised project spec is available there are a few minor improvements to wording, but other than that, no very significant changes beyond what's already been flagged in this forum. You can see the exact changes made to the spec document ...


SVG not supported 1:05pm Mon 13th May, Arran S.

Hi ANONYMOUS wrote Well, based on what was said in the lecture, what do you think? What's your interpretation, and if there are bits of the lecture you didn't understand, what exactly were they? Feel free to give timestamps to exact positions in the ...


 UWA week 19 (1st semester, week 10) ↓
SVG not supported 10:20am Fri 10th May, Arran S.

Hi, A couple of things. The reason you're getting warnings is because the code you're compiling is not, in fact, from the spec. Check the compiler messages carefully You've said you're trying to compile this fragment A char cipher text sizeo...


SVG not supported 10:02am Thu 9th May, Arran S.

Hi, It's entirely up to you how you organize your code. What you need to submit is definitions for the 5 required functions (and any helper functions you might define). Anything extra you submit will be ignored, unless it hinders readability or causes...


SVG not supported 3:27pm Tue 7th May, Arran S.

Hi, Just to clarify, my suggestion was that you come up with (ideally multiple) ways the apparent contradiction might be resolved the idea here is for students to actively engage with the project specification, and think about how project requirem...


SVG not supported 2:35pm Tue 7th May, Arran S.

Hi, For students in today's 9am lab unfortunately the usual lab facilitator was not available, and I didn't realize this until it was too late to arrange for someone else to facilitate my apologies. I've scheduled a replacement session for 2-3 30p...


SVG not supported 1:29pm Tue 7th May, Arran S.

Hi all, Just FYI, exam venues have been confirmed. The main venue is the MATH 123 math123 lab, and students with alternative exam arrangements will be in one of the CSSE labs. I will post full details on the LMS. math123 https link.mazemap.com ...


SVG not supported 1:21pm Tue 7th May, Arran S.

Just "Arran" is fine. I'm going to ask you to reflect a bit more on your question. Can you think of any ways of resolving this possible contradiction? What are they? Suggest some ideas. Cheers Arran


SVG not supported 10:33am Tue 7th May, Arran S.

Gotcha - the crypto.h version is the correct one (for the reasons I gave - the output parameter comes last). So that's how you need to code your implementation - does that help? Cheers Arran


SVG not supported 4:08pm Mon 6th May, Arran S.

Hi all, I'll likely post the revised project spec towards the end of this week. After that point, the spec can be considered "frozen" (as per the guidelines here spec ). spec https cits3007.github.io faq how-are-problems-with-the-project-specif...


SVG not supported 1:13pm Mon 6th May, Arran S.

Hi, Sure, that sounds mostly right. The code really should be pretty easy, so there should be plenty of time to focus on making sure your code is correct, covers edge cases, and is clear and understandable. Therefore markers will expect a fairly hig...


SVG not supported 12:54pm Mon 6th May, Arran S.

Hi, I'll amend the spec to clarify this the key must fall in the "encryptable range" specified by range low and range high . For each letter of the plaintext which is to be encrypted, we work out an appropriate caesar cipher by subtracting low ra...


SVG not supported 12:48pm Mon 6th May, Arran S.

Hi Taylah, No, that's not a typo. Typically in related functions, we put input and output parameters in a consistent order. In the encryption function, cipher text is an output. But in the decryption function, plain text is the input, and ciphe...


SVG not supported 12:44pm Mon 6th May, Arran S.

Hi Hugo, You're correct, and I've updated the header file. Cheers Arran


SVG not supported 12:43pm Mon 6th May, Arran S.

Hi, As a first step, I'd suggest you show what you think it might look like - presumably you can make some guesses? Cheers Arran


SVG not supported 12:42pm Mon 6th May, Arran S.

Hi, I think you may have a fairly major misunderstanding of the project specification and the header file you're provided with. My first suggestion would be to first make sure you've read through the whole of the specification and the provided heade...


 UWA week 18 (1st semester, week 9) ↓
SVG not supported 2:44pm Fri 3rd May, Arran S.

No worries. Just to explain why it's done this way often, example presentations of e.g. the Caesar cipher will operate only on uppercase alphabetic characters, and everything else is "passed through". But sometimes you might want to treat, say, pu...


SVG not supported 1:37pm Fri 3rd May, Arran S.

Hi, Can you clarify, what part of the spec or code are you referring to, when you say "The project only mentions that the plain text must be between this range"? I can't spot anything in the spec which imposes such a requirement. Amongst other things, ...


SVG not supported 7:37am Fri 3rd May, Arran S.

Hi all, The project spec is now available on the website at https cits3007.github.io assessment project , together with a zipped header file. I've adjusted the due date to 23 May (week 12), as I wanted to allow more than 2 weeks to do it in. Studen...


SVG not supported 2:12pm Tue 30th Apr, Arran S.

Hi Hugo, Apologies for the delay. Yes, the project will be out tomorrow morning - and I'll extend the deadline by a week. (I'll amend the dates on the website shortly.) Cheers Arran


 UWA week 17 (1st semester, week 8) ↓
SVG not supported 3:30pm Mon 22nd Apr, Arran S.

Hi, The material we actually covered in week 7 (last week) is already up, and the week 8 material will go up prior to the lecture. I normally try to ensure lecture slides are up on the Monday or Tuesday, but during particularly busy weeks (for instanc...


 UWA week 16 (1st semester, week 7) ↓
SVG not supported 4:59pm Wed 17th Apr, Arran S.

Hi all, I mentioned in lectures that you don't need to be a security expert to identify a vulnerability plenty of people have discovered vulnerabilities in existing programs armed with nothing more than a general knowledge of good coding practices...


SVG not supported 4:34pm Wed 17th Apr, Arran S.

Hi all, The mid-semester test should now be visible to you on Moodle (though it can't be started until it unlocks at 5pm) let me know if it's not showing up. The number of questions and marks are listed in the test instructions. (Also, if you're no...


SVG not supported 11:42am Wed 17th Apr, Arran S.

Hi all, Just a note that I won't be available for my usual office hours today (4 5pm), as I'll be preparing the mid-semester test for release. If you need to meet with me, just email instead to arrange a suitable time. Cheers Arran


SVG not supported 10:28am Wed 17th Apr, Arran S.

Hi, Short answer the default shell in your VM was deleted by a command you typed; the best thing to do is throw away your current VM instance, and start a new one. Longer answer The reason you're seeing those errors is due to a failed, prior command t...


 UWA week 15 (1st semester, week 6) ↓
SVG not supported 12:35pm Tue 9th Apr, Arran S.

Hi all, Just a reminder that if for some reason you're regularly unable to attend a lab session, you should email me and let me know. Keeping up with the lab content is an important part of the unit, and (especially for the project) it's a good idea to...


SVG not supported 11:00am Tue 9th Apr, Arran S.

Hi all, I'll discuss the upcoming mid-semester test and the project a bit more in tomorrow's lecture, but here is some basic information about them. Mid-sem test The test will have mostly multi choice and short answer questions, similar to the week ...


 UWA week 14 (1st semester, non-teaching week) ↓
SVG not supported 5:34pm Wed 3rd Apr, Arran S.

Hi all, Over the Easter weekend, malicious code ( CVE-2024-3094 cve ) was discovered in the popular XZ Utils xz compression package which created a backdoor bd into affected Linux systems. The incident has been very widely reported in technical...


 UWA week 13 (1st semester, week 5) ↓
SVG not supported 5:17pm Thu 28th Mar, Arran S.

Hi all, Marks for the quiz are now available on csmarks (https secure.csse.uwa.edu.au run csmarks), and feedback on individual questions should be viewable on Moodle. The average mark for the quiz was 85 , which is excellent. Except for the very las...


SVG not supported 5:18pm Wed 27th Mar, Arran S.

Hi all, As mentioned in today's lecture, the 8am Thursday lab sessions have had very low turnout (only one person last week), which means it's difficult to justify running them. I'll therefore be cancelling that lab slot after this week - if you were ...


SVG not supported 10:27am Wed 27th Mar, Arran S.

Hi all - Apologies for the delay. Just letting you know that quiz marks should be available either later today or tomorrow. Cheers Arran


 UWA week 12 (1st semester, week 4) ↓
SVG not supported 5:36pm Thu 21st Mar, Arran S.

Hi all, The quiz has now closed, and it looks like the average is fairly high, which is great I take it to mean people have a pretty good understanding of basic concepts. (Or that I made the questions too easy.) As per the rubric rubric , short a...


SVG not supported 10:44am Thu 21st Mar, Arran S.

Hi all, Just a reminder regarding student conduct requirements. I allow a fair bit of flexibility regarding when students sit the online tests they can be started at any convenient time in a 24-hour block. However, students must still comply with th...


SVG not supported 10:12am Wed 20th Mar, Arran S.

Hi all, I won't be holding my usual office hours (4-5pm) today, as I'll be preparing to release the Moodle quiz (worth 5 ) that opens at 5pm. I'll discuss the quiz more in today's lecture, but there are some tips and instructions here quiz if needed...


SVG not supported 1:47pm Tue 19th Mar, Arran S.

Can you clarify exactly what it is you don't understand? Otherwise it's difficult for me to know what needs explaining. (In future, it would also be helpful if you gave the exact slide number you're referring to.) However, I do note that you've quoted...


SVG not supported 12:57pm Tue 19th Mar, Arran S.

I'd suggest working through (and reviewing) the lecture and lab content, first, and referring to the recommended readings if anything is unclear. There are a few topics which are often poorly understood, though, namely - setuid programs, and - integer ...


SVG not supported 12:48pm Tue 19th Mar, Arran S.

There are no incompatibilities between the libvirt disk image and the virtualbox disk image. They contain exactly the same software packages, running on exactly the same Linux kernel, on exactly the same (virtualised) hardware. The hostname (stor...


SVG not supported 12:47pm Tue 19th Mar, Arran S.

Glad to hear you got things working. I'll add the username and password details to the lab sheet. Cheers, Arran


 UWA week 11 (1st semester, week 3) ↓
SVG not supported 4:44pm Thu 14th Mar, Arran S.

Hi all, Just a reminder that the first assessment (an online Moodle quiz, worth 5 ) will be run next week, so you should make sure you've signed up for Moodle and reviewed the content for weeks 1 3. Participating in the quiz is restricted to enrolle...


SVG not supported 2:29pm Wed 13th Mar, Arran S.

In case people are interested although Java and Python both use exceptions, some more recent languages have moved away from exceptions as an approach to error-handling. (For instance, neither Rust nor Go have exceptions.) A big problem with exception...


SVG not supported 5:13pm Tue 12th Mar, Arran S.

Thanks for letting me know. Just to clarify the lab worksheet "Using UTM on M-series Mac laptops" suggests a different process to the one you seem to have used. You've extracted a .vmdk file from your .vagrant.d directory, then used qemu-img to co...


 UWA week 10 (1st semester, week 2) ↓
SVG not supported
labs  ✅ Lab answers.  (both)
11:06am Thu 7th Mar, Arran S.

Hi, Yes, solutions to any problems posed in a lab worksheet will normally get posted on the website the following week. Cheers, Arran ANONYMOUS wrote


SVG not supported 9:19am Wed 6th Mar, Arran S.

Hi all, Just to let you know, slides for this week (and probably part of next week) got published on the website last night apologies for the delay. (But note that you can access previous versions of the unit's material via the Internet Archive a...


SVG not supported
labs  ✅ VM for M-series Mac 👍x1  (all 9)
9:15am Wed 6th Mar, Arran S.

Hi, Just to clarify, have you tried following the lab instructions here utm , which are linked to from the Lab 1 worksheet here lab1 ? Those instructions suggest using - the UTM gallery's ARM64 Ubuntu 22.04 image, which should be fine for most purp...


SVG not supported 1:05pm Tue 5th Mar, Arran S.

Hi, Yes, there's no problem with that, any 5.( something ) version is fine. (In fact, the labs should work with any 4. x kernel as well, and some 3. x kernels. The main changes that affect the labs are differences in security features between kernel ...


 UWA week 9 (1st semester, week 1) ↓
SVG not supported 6:15pm Thu 29th Feb, Arran S.

Hi all, In yesterday's lecture I was asked if using a systems programming language like Rust could help avoid some of the security bugs that are often seen in C code. I mentioned that it can indeed help but it's important to note that it's still...


SVG not supported 12:21pm Mon 26th Feb, Arran S.

Hi all, Lecture slides for this week are available on the unit website lect . I recommend taking at least a brief look at these before the lecture then the concepts won't be completely new to you, and you'll be able to ask any questions that you ...


SVG not supported 4:37pm Fri 23rd Feb, Arran S.

Hi everyone, Welcome to CITS3007 "Secure Coding". I'm your Unit Coordinator, Arran Stewart. I'll be teaching the unit with the help of our facilitators facilitators , Carl, Nicodemus, and Santiago. facilitators https cits3007.github.io facilitat...

The University of Western Australia

Computer Science and Software Engineering

CRICOS Code: 00126G
Written by [email protected]
Powered by history
Feedback always welcome - it makes our software better!
Last modified  8:08AM Aug 25 2024
Privacy policy