Creating Trustworthy Data and Objects

1. Assume Data is Unsafe

Always treat incoming data as potentially harmful. Design your code to maintain data integrity and prevent unintentional alterations. This principle applies not only to the original data but also to any data processed by the program. Here are several methods to safeguard your data:

• Defensive Copying

  Implement deep copying of data when necessary. The following example illustrates a vulnerability to accidental data changes:

interface IDate {

year: number;

}

const getPeriod = (startDate: IDate, endDate: IDate) => ({

startDate,

endDate,

});

const startDate: IDate = { year: 2022 };

const endDate: IDate = { year: 2023 };

const period = getPeriod(startDate, endDate);

period.startDate.year = 2021; // This can lead to unexpected behavior.

In this scenario, the getPeriod function could be modified to perform deep copying to prevent this issue.

• Immutable Structures

  Utilize immutable data structures to minimize mutability risks. For example:

const startDate: IDate = Object.freeze({ year: 2022 });

const endDate: IDate = Object.freeze({ year: 2023 });

const period = getPeriod(startDate, endDate);

Many programming languages offer libraries that facilitate data immutability.

• Design by Contract

  This approach, introduced by Bertrand Meyer, emphasizes writing code that clearly states its expectations. There are three types of contracts:

• Preconditions: Conditions that must be satisfied before executing a function.

  • Postconditions: Guarantees about the state of the program after execution.
  • Class Invariants: Conditions that remain true throughout the lifecycle of an object.

Understanding these contracts can help clarify the code's intent, making it easier to reason about its behavior.

To explore more about invariants and their impact on complex software, consider reading Chapter 7 of "Coder at Work" by Peyton Jones.

Video: Defensive Programming: Best Practices - YouTube

This video discusses best practices in defensive programming to help prevent bugs in your software.

2. Assertive Programming

Assertions should not be limited to unit tests; they can also be integrated into application code to catch issues early. As stated in "Code Complete," assertions serve as "executable documentation," helping clarify assumptions made in the code.

There are two main perspectives on using assertions in production code:

• Disable in Production: Rely on error handling exclusively.

  • Keep in Production: Use assertions alongside error handling for better clarity.

Assertion Guidelines:

• Avoid placing executable code within assertions, as this can lead to instability if assertions are disabled.

  • Use assertions to document preconditions and postconditions dynamically.

Different programming languages provide their own assertion mechanisms. For instance, Java has assert, while JavaScript offers console.assert(). Here's how to use assertions in Java:

// Default JVM disables assertions. Use "-ea" to enable.

assert false : "(Optional) Error Message"; // Throws AssertionError.

Assertions can inadvertently create side effects. Always ensure they do not alter the program state unexpectedly. For further insights, refer to Topic 25 of "The Pragmatic Programmer."

3. Input Validation

Proper input validation is essential. Consider these examples:

• String Input: Always sanitize inputs to eliminate harmful characters. Validate lengths to prevent buffer overflow attacks and use regex for format checks.

  • Numeric Input: Ensure that operations do not involve illegal values, such as division by zero.
  • Object Input: Utilize built-in APIs for validation when working with objects, such as checking date ranges in Java:

LocalDate startDate = LocalDate.of(2020, 2, 20);

LocalDate endDate = LocalDate.of(2023, 11, 23);

LocalDate toValidate = LocalDate.of(2021, 12, 24);

boolean isBetween = toValidate.isAfter(startDate) && toValidate.isBefore(endDate);

4. Skepticism Towards Libraries and APIs

Always verify libraries and APIs before trusting them. For instance, the java.io.File class may lead developers to believe that an invalid path will throw an exception, which it does not. This can create vulnerabilities if developers are unaware of such behaviors.

5. Local Exception Handling

Handle exceptions within the function where they occur rather than passing them up the call stack immediately. This practice allows for better error management and prevents issues from propagating to other code sections that may not handle them effectively.

6. Responsible Return Values

Avoid returning null values, as they can lead to confusion and additional error handling. Instead, consider returning sensible defaults or throwing exceptions when necessary. Returning meaningful values can guide developers in writing clearer and more maintainable code.

For more on effective return strategies, see "Error-Handling Techniques" in Chapter 8 of "Code Complete."

7. Logging Exceptions and Errors

Include comprehensive information in your exception messages and logs to aid debugging. Ensure that these messages do not expose sensitive information that could be exploited by malicious actors.

8. Unit Testing as Defense

Writing unit tests is a proactive defense mechanism that ensures code reliability. They encourage developers to produce clean, modular code, making maintenance easier. Stress testing various scenarios is crucial to cover all possible edge cases.

9. Simplicity Over Complexity

Reducing the amount of code can minimize the introduction of bugs. Techniques such as avoiding unnecessary complexity, utilizing declarative programming, and limiting access modifiers can contribute to cleaner, more maintainable code.