Programming safe and secure code - generic
One should always write safe and secure code. Students should not get in the habit of writing insecure or buggy code. The following are minimum standards to follow.
General Guidelines
- User input: user input should be validated to make sure it is within the range expected by the program. When user input is not valid, the program should either ask again or notify the user of the bad input and exit gracefully.
- Edge cases: the program should properly handle edge cases. For example, if computing an average of grades, the program should be correct if there are 0 grades (see above - that may be considered bad input), 1 grade, or more.
- Files: when opening a file for reading, the program should make sure it was opened successfully (i.e., that the file exists). When opening a file for writing, the program should make sure it was opened successfully (i.e., that it was a valid file name that the program has permission to write to). On failure, the program should notify the user and either ask again for a valid file name or exit gracefully.
- Function return values: for any built in functions that are used, the program should check their return value to make sure they completed successfully. If a function fails, the program should handle this appropriately (what to do depends on the individual case). For example, if using a function to open and read a website url, the program should check to make sure the link was read successfully before using the result.
C Programs
- Inputting C strings:
- C string size:
- Array size:
- Large arrays:
- Malloc'ed memory:
- Dereferencing pointers: