|
|
|
|
|
|
by OptionOfT
657 days ago
|
|
|
Would branch coverage have helped you here? And I think one of the approaches that helped me to write safer code is to parse, and not validate. That way drastically limit the situations we can get into where we forget to validate certain conditions. e.g. you have a User struct, and you want to do an action which requires you to validate whether the user is an admin. 2 options here * validate whether the user is an admin (which could happen multiple times when you're invoking distinct functions as part of a workflow) * parse the User into an AdminUser. If the user is an admin, the function will work, and then you can pass on your new struct into places that require an admin. If it fails, the user is not an admin. Now you have merged all your checks into 1 place. |
|
|
I do generally like that technique of returning more vetted objects, but I'm not sure that it scales. Our users have close to one hundred different permissions based on the features their admin pays for, having an object for every type seems like a lot. Every combination of types is straight out.
The original issue I was talking about I don't think could have been helped. It was an encoding problem that could have potentially lead to XSS injection with a very specific set of GET parameters. I was frankly surprised that the PEN testers managed to find it.