CS/SWE 332 Assignment 12
Fall 2019
Goal:
Applying lessons learned
You have a choice of possible assignments.
In each case, the deliverable is a story.
Write a brief report,
and include enough evidence
(output, screen shots, etc.)
that the GTA can figure out that you actually completed the assignment.
-
Consider one of the
copyOf()
methods in the java
Arrays utility class.
Bloch uses this method in his Stack
example.
Code a corresponding method in C++, changing the argument list as necessary.
Provide a specification for the C++ code by
translating the JavaDoc and adding preconditions as necessary.
Explain what this exercise demonstrates about C++ type safety.
-
For most of the semester, we have focused on
design considerations for constructing software
that does something we want it to do.
For this last assignment, I would like students
to appreciate just how vulnerable software is
to malicious parties intent on attacking their
software.
Students who find this assignment amusing might
wish to take ISA/SWE 681: Secure Software Design and Programming.
There are two attacks documented in Bloch's
Item 88: Write readObject()
methods defensively.
One is called BogusPeriod
,
and the other is called MutablePeriod
.
Implement either (your choice) of these attacks (basically involves
typing in code from Bloch) and verify that the attack takes place.
-
A different source of security vulnerabilities in Java also involve
serialization.
Bloch (and others) recommend "cross-platform
structured data representations" (e.g. JSON or Protocol Buffers)
as safe alternatives.
Develop a simple serialization example in Java and convert it
into a safe alternative (probably, JSON is easier to use, since
it is text-based).
To make the example more interesting, use some objects types that
are not directly supported.
- Find some existing (Java) code that uses the "int enum pattern"
and refactor it to use Java Enums instead.
Identify any type-safety issue you uncover in the existing code.
To make the exercise interesting,
extend your enums beyond simple named-constants
in one of the ways discussed by Bloch in Item 34.