CS/SWE 332 Assignment 12
Fall 2019

Goal: Applying lessons learned

You have a choice of possible assignments.

In each case, the deliverable is a story. Write a brief report, and include enough evidence (output, screen shots, etc.) that the GTA can figure out that you actually completed the assignment.

  1. Consider one of the copyOf() methods in the java Arrays utility class. Bloch uses this method in his Stack example. Code a corresponding method in C++, changing the argument list as necessary. Provide a specification for the C++ code by translating the JavaDoc and adding preconditions as necessary. Explain what this exercise demonstrates about C++ type safety.
  2. For most of the semester, we have focused on design considerations for constructing software that does something we want it to do. For this last assignment, I would like students to appreciate just how vulnerable software is to malicious parties intent on attacking their software. Students who find this assignment amusing might wish to take ISA/SWE 681: Secure Software Design and Programming.

    There are two attacks documented in Bloch's Item 88: Write readObject() methods defensively. One is called BogusPeriod, and the other is called MutablePeriod. Implement either (your choice) of these attacks (basically involves typing in code from Bloch) and verify that the attack takes place.

  3. A different source of security vulnerabilities in Java also involve serialization. Bloch (and others) recommend "cross-platform structured data representations" (e.g. JSON or Protocol Buffers) as safe alternatives. Develop a simple serialization example in Java and convert it into a safe alternative (probably, JSON is easier to use, since it is text-based). To make the example more interesting, use some objects types that are not directly supported.
  4. Find some existing (Java) code that uses the "int enum pattern" and refactor it to use Java Enums instead. Identify any type-safety issue you uncover in the existing code. To make the exercise interesting, extend your enums beyond simple named-constants in one of the ways discussed by Bloch in Item 34.