Content deleted Content added
gets() doesn't read a "source string" but a file, so you can't check beforehand with strlen() |
link to articles on "defensive programming" |
||
Line 3:
Here are some hints on defensive programming techniques to avoid creating security problems.
Many of these techniques also improve general quality of code, because almost any major bug can be potentially used by a [[cracker (computing)|cracker]] for a [[denial-of-service attack]] or other attack.
<!-- So is defensive programming *only* used to avoid creating security problems? Or is it also used to avoid bugs when trusted users make silly mistakes? -->
Note that the techniques below are ''not'' sufficient to ensure security: see the articles [[computer insecurity]] and [[secure computing]] for more information.
Line 23 ⟶ 24:
Preconditions, postconditions and invariants validation are also part of defensive programming. This may involve checking arguments to a function or method for validity before execution of the body of the function. After the body of a function, doing a check of object state (in OO languages) or other held data and the return value before exits (break/return/throw/error code) is also wise.
Within functions, you may want to double check that you are not referencing something that is not valid (i.e., null) and that array lengths are valid before referencing elements with indexes on all temporary/local instantiations. A good heuristic is to not trust the libraries you did not write either. So any time you call them, check what you get back from them. It often helps to create a small library of "asserting" and "checking" functions to do this along with a logger so you can trace your path and reduce the need for extensive [[debugging]] cycles in the first place. With the advent of logging libraries and [[aspect oriented programming]], many of the tedious aspects (yes, a pun) of defensive programming are mitigated.
Generally speaking then, it is preferable to throw intelligible exception messages that enforce part of your [[application programming interface|API]] contract and guide the client [[programmer]] instead of returning values that a client programmer is likely to be unprepared for and hence minimize their complaints and increase robustness and security of your software.
Line 34 ⟶ 35:
External references:
* [http://www.dwheeler.com/secure-programs "Secure Programming for Linux and Unix HOWTO"] by [[David A. Wheeler]]
* [http://embedded.com/showArticle.jhtml?articleID=9900044 "Proactive Debugging"] article by Jack Ganssle 2001-02-26 <!-- would this be more appropriate in the [[debugging]] article? -->
* [http://www.embedded.com/1999/9912/9912feat1.htm Rules for Defensive C Programming] by Dinu Madau 1999
* [http://codeproject.com/gen/design/defensiveprogramming.asp "Defensive programming"] article by Rob Manderson 2004-08-06
* [http://word.mvps.org/FAQs/MacrosVBA/MaintainableCode.htm "The art of defensive programming: Or how to write code that will be easy to maintain"] article by Jonathan West
{{soft-eng-stub}}
| |||