3_2_12 Robust and Secure Programming

You should be able to:

  • Be able to write simple data validation routines.
  • Be able to write simple authentication routines.
  • Be able to select suitable test data that covers normal (typical), boundary (extreme) and erroneous data.
  • Be able to justify the choice of test data.

REVISE:

Data Validation

A brief introduction to this can be found here: 7_3_2

The most common input error that you will come across is a ValueError. This can be seen in the example:

try:
    num1 = int(input("Type a number :"))
except ValueError:
    print ("You must enter a number")
    num1 = int(input("Type a number :"))
try:
    num2 = int(input("Type another number :"))
except ValueError:
    print ("You must enter a number")
    num2 = int(input("Type another number :"))

print (num1+num2)

Try and except has been used to ask the user again if they make an error. This would only work once. It is better to have it set up in a while loop.

dataInvalid=True
while dataInvalid:
    try:
        num1=int(input("Number :"))
        dataInvalid=False
    except ValueError:
        print ("Type a number")
print ("Thank you")
print ("You entered a number")

A good programmer would also put a count in there giving the user a limit to how many times they can get it wrong.

Another type of check is to ask for a specific word or character from a list of options. For example,

while input().upper() not in ["YES","NO"]:
    print ("Type YES or NO")
print ("Thanks")

This code automatically converts an input to capitals so that the user can't get this wrong. It then checks if they have typed YES or NO, if they haven't it will keep asking them.

PROGRAMMING CHALLENGE!

Create a data validation check for a registration plate or a post code.

Authentication

You need to know how to add a password to your application. The simplest way to do this is with a while loop. The code below gives the user three attempts to get the password right before the account is locked. 

password = "four"
checkpass = input("Password :")
attempts = 1
passwordIncorrect = (password != checkpass and attempts<3)
while passwordIncorrect:
     print ("invalid")
     checkpass = input("Password :")
     attempts+=1
     passwordIncorrect = (password != checkpass and attempts<3)
if password!=checkpass:
     print ("Your account has been locked")
else:
     print ("Access Granted")

Try to work out how this piece of code is working and use #hashtags to explain it.

Error Checking

A brief introduction to this can be found here: 7_3_6 re-visit this first.

You need to understand the definitions of:

  • Boundary test data - if the data entry is a number, can I type a number that is higher or lower without it breaking? If the data is a word, can I type a really long word or no words and it still works? Can I type in an unexpected word?
  • Erroneous test data - If I type in something completely wrong like "hfdsjk" when it is expecting an integer, does the code break?
  • Normal test data - If I type in the data that I expect to work, does it work?

When you are testing your applications, you must consider each of these test data types. Don't be complacent and use only "normal test data" because this could cause issues for your user.

Test Data and Why we use it

When you test your applications you should create a test plan. This test plan should cover all types of test data. A test plan for the code in the password authentication example would be:

  • Boundary test data

Can I type in a very long string (over two lines of input)?

" jdskl; djjska l;djskal; djsakl; djkla;JD ;JK;JDL;J;L KSLA; JLS;ADKL; KL; ASJL;S ;lajDL;JK;LAJSL; DKS; JKAL JKL;SJDL;AJ DKSL; SALJDKSAL;d kasLs "

Can I type in nothing?

""

What happens if I get the password wrong three times?

"five"

"five"

"five"

What happens if I get the password wrong two times and right the third time?

"five"

"five"

"four"

  • Erroneous data

What happens if I type in integers?

23214

What happens if I type in real numbers / float?

321.12

What happens if I type a hashtag or a forward slash?

##//

  • Normal data

What happens if I get the password right first time?

"four"

You could try all of this test data yourself in Python to see if it still works!

It is good practice to test your programs as you are working on them using these three types of test data.

TEST:

  1. Download and print the test paper here: https://drive.google.com/open?id=0B5fLtQ0Xgr2PQnd1MWQ4T3RWZHc
  2. Try the mock test yourself.
  3. Use the 3.2.12 Walking Talking Mock below to guide you through answering the questions.

SOURCE RECOGNITION - PLEASE NOTE: The examination examples used in these walking talking mocks are samples from AQA from their non-confidential section of the public site. They also contain questions designed by TeachIT for AQA as part of the publicly available lesson materials.