-2

Homework Problem:: I came across this question in a quiz of secure coding:

When creating a defensible method in java that accepts a string and compares it to a predefined value, what input validation would make the method defensible?

public static final String SLIDES="Slides";

public static final boolean isAcceptableType(String type){
if(________________________________){
return false;
}
if(!type.equals(SLIDES){
return false;
}
return true;
}

My goal is to fill the if condition that will make the method defensible. I can't change the other code.

According to my understanding we have to validate the method parameter to check if its a valid string. so that it will not throw any exception when it will be compared with SLIDES

I tried if(type==null) but I got incorrect result.

Please help me with this question. :)

Shweta
  • 219
  • 5
  • 18
  • 5
    "defensible" against what? Are you just asking how to check if `type` is equal to `SLIDES`? `return Objects.equals(type, SLIDES);` is the easiest way to do that. – Andy Turner May 09 '19 at 07:52
  • Think about what could break that method. It basically returns true if `type.equals(SLIDES)` - under which circumstances could that call break/cause an exception? – Thomas May 09 '19 at 07:55
  • You tried `if (type==null)` and got the incorrect result? What result did you get? What result were you trying to get? – khelwood May 09 '19 at 07:58
  • Your null check answer looks good to me. If there are any humans (a forum maybe?) involved in that quiz, try to reach out to them why it was rejected. – Thilo May 09 '19 at 08:02
  • 2
    "defensible" is not a common term. If this is a homework problem, then share any definition you have been given for it. – chrylis -cautiouslyoptimistic- May 09 '19 at 08:02
  • 2
    Is this about side-channel attacks and making sure the time taken does not depend on the input string? https://stackoverflow.com/questions/7191112/how-do-i-implement-a-string-comparison-in-java-that-takes-the-same-amount-of-tim – Thilo May 09 '19 at 08:03
  • According to my understanding we have to validate the method parameter to check if its a valid string. so that it will not throw any exception when it will be compared with SLIDES – Shweta May 09 '19 at 08:13

2 Answers2

3

It's unclear why

if (type == null)

wouldn't work.

If your goal is to ensure that type is equal to SLIDES, then you can either use:

if (!Objects.equals(type, SLIDES))

or

if (!SLIDES.equals(type))

Both will handle the case of type == null.

Andy Turner
  • 137,514
  • 11
  • 162
  • 243
  • That is functionally equivalent to adding a null check in that first blank, though, and that answer got rejected. I suppose other than filling in the blank nothing else is allowed. The question is a bit unclear. – Thilo May 09 '19 at 07:59
0

Use spaces. The answer is: type == null. As in:

if(type == null){
   return false;
Maciej Jureczko
  • 1,560
  • 6
  • 19
  • 23
John
  • 1