This content originally appeared on HackerNoon and was authored by Maximiliano Contieri
\ This is your reminder: Don't forget to check strings with special characters like underscores
TL;DR: Underscore and special characters can lead to validation errors
Problems
- Incomplete Validation
- Security Risks
- Missed Tests
- Incorrect Setup
- System Inconsistency
- Breaking changes with legacy data
Solutions
- Use consistent prefix
- Implement strict validation
- Check system outputs
- Create migration tests
- Test with legacy data
Context
In digital certificate validation, ensuring domain control is critical. An incomplete validation and potential security issues.
DigiCert recently encountered such a problem, where they missed adding an underscore prefix. This resulted in certificates being issued without proper validation and a cascade of broken sites with few advancement notices.
\
Sample Code
Wrong
// Incorrect random value without underscore
let random_value = format!("{}", generate_random_value());
setup_dns_record(
&format!("_{}.example.com", random_value),
"dcv.digicert.com");
Right
// Correct random value with underscore
let random_value = format!("_{}", generate_random_value());
setup_dns_record(&random_value, "dcv.digicert.com");
Detection
- [x] Manual
You can detect this smell by reviewing the validation process and checking if all required prefixes are consistently applied.
You should also store historical data and check the new rules applied to them.
Tag(s)
- Security
Level
- [x] Advanced
AI Generation
AI-generated code might miss adding specific prefixes unless explicitly instructed.
This can lead to security risks if the generated code is not thoroughly reviewed.
AI Detection
With proper examples and instructions, AI tools can be trained to detect missing prefixes in generated or existing code.
Conclusion
Skipping an essential part of the validation process, like an underscore prefix, can lead to significant issues.
Ensuring such steps are consistently applied and reviewed is crucial for maintaining system integrity and security.
Relations
https://hackernoon.com/how-to-find-the-stinky-parts-of-your-code-part-xxxviii?embedable=true
More Info
https://www.digicert.com/support/certificate-revocation-incident?embedable=true
https://thehackernews.com/2024/07/digicert-to-revoke-83000-ssl.html?embedable=true
:::warning Disclaimer: Code Smells are my opinion.
:::
:::info Credits: Photo by Markus Spiske on Unsplash
:::
Security is a process, not a product
Bruce Schneier
https://hackernoon.com/400-thought-provoking-software-engineering-quotes?embedable=true
:::tip This article is part of the CodeSmell Series on HackerNoon: How to Find the Stinky Parts of Your Code
:::
\
This content originally appeared on HackerNoon and was authored by Maximiliano Contieri
Maximiliano Contieri | Sciencx (2024-08-04T20:45:58+00:00) Code Smell 261 – DigiCert Underscores. Retrieved from https://www.scien.cx/2024/08/04/code-smell-261-digicert-underscores-2/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.