Programming safe and secure code - generic and Project Contest: Difference between pages

From Computer Science at Indiana State University
(Difference between pages)
Jump to navigation Jump to search
VisualWikitext
wiki_previous>Jkinne
 
wiki_previous>Jkinne
 
Line 1: Line 1:
One should always write safe and secure code. Students should not get in the habit of writing insecure or buggy code. The following are minimum standards to follow.
The goal of the computer science fall project contest is to showcase the types of work that ISU CS students work on. We thank all who submit a project.  This is great experience for you and helps the department show off your work to the outside world.


=General Guidelines=
Awards may be given for the following categories: 100 level coursework, 200 level coursework, 3/4/500 level coursework, 600 level coursework, games, data science, algorithms, teaching. And if deemed appropriate we may declare a "best" project in some other categories as well.
* '''User input''': user input should be validated to make sure it is within the range expected by the program. When user input is not valid, the program should either ask again or notify the user of the bad input and exit gracefully.
* '''Edge cases''': the program should properly handle edge cases. For example, if computing an average of grades, the program should be correct if there are 0 grades (see above - that may be considered bad input), 1 grade, or more.
* '''Files''': when opening a file for reading, the program should make sure it was opened successfully (i.e., that the file exists). When opening a file for writing, the program should make sure it was opened successfully (i.e., that it was a valid file name that the program has permission to write to). On failure, the program should notify the user and either ask again for a valid file name or exit gracefully.
* '''Function return values''': for any (built in) functions that are used, the program should check their return value to make sure they completed successfully. If a function fails, the program should handle this appropriately (what to do depends on the individual case). For example, if using a function to open and read a website url, the program should check to make sure the link was read successfully before using the result.


=C Programs=
Note that you can submit any of your work.  It can be a project/assignment from a course (at ISU or otherwise), a personal project, something you have done for research, etc.
The following are specific to writing C programs.
 
* '''Inputting C strings''': never use a method that reads arbitrarily long strings because this can result in a buffer overflow. For example: don't ever use <code>gets</code>, and if using <code>scanf</code> then do not do something like <code>scanf("%d", &s);</code> but instead do something like <code>char s[100]; scanf("%99s", s);</code>. Note that this also applies to reading from files or other devices.
== Format and Submission ==
* '''C string size''': always allocate enough space for the largest string you will need + 1 for the terminating NULL character. For example, the following is not ok: <code>char s[5]; strcpy(s, "hello");</code> because <code>s</code> should have been declared with size at least 6.
Each submission should be a one page slide (pdf preferred, exported/saved from powerpoint, google slides, etc.). The slide should contain the following information.  ''You can check '''[https://cs.indstate.edu/info/files/project_contest_sample_2021.pdf sample submissions]''' to see two example slides (thanks to Zach Noble for providing these).''
* '''Array size''': any time your code accesses an array, make sure the index is valid (not negative and not past the end of the array). If the array index is ultimately coming from the user, then there needs to be a check somewhere to make sure it is in range.
 
* '''Large arrays''': any array that takes up more than 10k bytes or so should be created using dynamic memory (i.e., <code>malloc</code>). Do not do something like this: <code>char buffer[10000000];</code> because variables that are declared like this are in the "memory stack" which does not have enough space to hold large arrays (this can result in a "stack overflow").
* '''Project name'''
* '''Malloc'ed memory''': any memory that is from the "memory heap" (e.g., coming from using <code>malloc</code>, <code>realloc</code>, or other functions like <code>getline</code> that returns memory from the memory heap) needs to be free'ed before the program ends. Not free'ing malloc'ed memory is a memory leak which can result in poor performance or your program crashing.  
* '''Category''' - if done as part of a course, indicate which course, and if not then you could put "personal project" or something along those lines.
* '''Dereferencing pointers''': always make sure that a pointer you are dereferencing is valid (.e.g, not NULL). Note that pointers are typically dereferenced with <code>*</code>, <code>-></code>, or <code>[ ]</code>, or by passing the pointer to a built in function.
* '''Link to sourcecode''' - on github, gitlab.indstate.edu, gitlab.com, or somewhere you have posted the code that is publicly accessible.
* '''Goal''' - what problem is trying to be solved / what is the purpose of the project.
* '''Description''' - a few bullet points or sentences describing the project.
* '''Graphic''' - some screenshot, chart, or some kind of figure related to the project. Include a caption if the figure is not self explanatory.
 
'''Deadline to submit''' is Wednesday Oct 20, 2021.
 
'''To submit''' send your submissions as attachments to [mailto:znoble1@sycamores.indstate.edu?subject=project%20competition&cc=jkinne@cs.indstate.edu znoble1@sycamores.indstate.edu] with subject "project competition" and cc jkinne@cs.indstate.edu.  Make sure to send your submission from your ISU @sycamores.indstate.edu email address.
 
== Other Rules ==
* '''Multiple submissions''' - you may submit as many different submissions as you like.  
* '''Posting of projects''' - by submitting you agree to have your submission posted on the department website/wiki. You can opt-out by asking to not have your submission posted, though this might impact your ability to be declared a winner.
 
== Judging ==
* Winners will be declared based on feedback from CS faculty and/or graduate assistants.  Judging will be based on some combination of the following: functionality of the program, how interesting is the idea, how tricky or complicated is the problem, how elegant is the solution, how well-organized/documented is the code
* Winners will be declared in some subset/superset of the categories mentioned at the top of this page.  Honorable mentions might also be declared.
 
== Results ==
The following is a pdf that contains the projects selected: https://cs.indstate.edu/info/files/project_showcase_2021.pdf. Thanks to all who submitted projects!  And we are certainly very proud of the excellent work being done by students at ISU!

Revision as of 18:28, 22 October 2021

The goal of the computer science fall project contest is to showcase the types of work that ISU CS students work on. We thank all who submit a project. This is great experience for you and helps the department show off your work to the outside world.

Awards may be given for the following categories: 100 level coursework, 200 level coursework, 3/4/500 level coursework, 600 level coursework, games, data science, algorithms, teaching. And if deemed appropriate we may declare a "best" project in some other categories as well.

Note that you can submit any of your work. It can be a project/assignment from a course (at ISU or otherwise), a personal project, something you have done for research, etc.

Format and Submission

Each submission should be a one page slide (pdf preferred, exported/saved from powerpoint, google slides, etc.). The slide should contain the following information. You can check sample submissions to see two example slides (thanks to Zach Noble for providing these).

  • Project name
  • Category - if done as part of a course, indicate which course, and if not then you could put "personal project" or something along those lines.
  • Link to sourcecode - on github, gitlab.indstate.edu, gitlab.com, or somewhere you have posted the code that is publicly accessible.
  • Goal - what problem is trying to be solved / what is the purpose of the project.
  • Description - a few bullet points or sentences describing the project.
  • Graphic - some screenshot, chart, or some kind of figure related to the project. Include a caption if the figure is not self explanatory.

Deadline to submit is Wednesday Oct 20, 2021.

To submit send your submissions as attachments to znoble1@sycamores.indstate.edu with subject "project competition" and cc jkinne@cs.indstate.edu. Make sure to send your submission from your ISU @sycamores.indstate.edu email address.

Other Rules

  • Multiple submissions - you may submit as many different submissions as you like.
  • Posting of projects - by submitting you agree to have your submission posted on the department website/wiki. You can opt-out by asking to not have your submission posted, though this might impact your ability to be declared a winner.

Judging

  • Winners will be declared based on feedback from CS faculty and/or graduate assistants. Judging will be based on some combination of the following: functionality of the program, how interesting is the idea, how tricky or complicated is the problem, how elegant is the solution, how well-organized/documented is the code.
  • Winners will be declared in some subset/superset of the categories mentioned at the top of this page. Honorable mentions might also be declared.

Results

The following is a pdf that contains the projects selected: https://cs.indstate.edu/info/files/project_showcase_2021.pdf. Thanks to all who submitted projects! And we are certainly very proud of the excellent work being done by students at ISU!

Retrieved from "https://cs.indstate.edu/web/index.php?title=Programming_safe_and_secure_code_-_generic&oldid=348"