Philadelphia University
Lecturer : Dr. Samer Hanna
Internal Examiner: Dr. Morad Maoch
Coordinator: Dr. Samer Hanna
Software Construction
(0721420) Section 1 Second Exam’s Key Second Semester of 2016/2017
Date: Monday, May 8th, 2017------Time: 50 min.
Q1) (5 marks)
Answer the following:
1. Discuss the differences between correctness and robustness in software construction. (1 mark)
Answer:
These terms are at opposite ends of the scale from each other. Correctness means never returning an inaccurate result; returning no result is better than returning an inaccurate result. Robustness means always trying to do something that will allow the software to keep operating, even if that leads to results that are inaccurate sometimes.
2. Name one error handling techniques that support correctness and one that support robustness. (justify your answer) (1 mark)
Answer:
Robustness
Return neutral value
Closest legal value
Correctness
Shut down
3. To handle garbage inputs in software construction we must check the values of all the data from external sources because user may inject SQL commands using these inputs.
a) Explain this statement. (1 mark)
b) Give example of SQL injection. (2 marks)
Answer:
a)
Check the values of all data from external sources When getting data from a file, a user, the network, or some other external interfaces, check to be sure that the data falls within allowable range. Make sure that numeric values are within tolerances and that strings are short enough to handle. If a string is intended to represent a restricted range of values, be sure that the string is valid for its intended purpose; otherwise reject it. If you are working on a secure application, be especially leery of data that might attack your system such as Inject SQL commands.
SQL injection is the placement of malicious code in SQL statements, via web page input.
b)
txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
hacker can insert
105 or 1=1 in the UserId input
Then, the SQL statement will look like this:
SELECT*FROMUsersWHEREUserId =105OR1=1;
The SQL above is valid and will return ALL rows from the "Users" table, sinceOR 1=1is always TRUE.
Q2) (6 marks)
Suppose that you are asked to develop a Windows Form application for Philadelphia University library with the following specifications:
The needed attributes of the library are: location, number of English books, and number of Arabic books.
The needed attributes of a book in the library are: book name, author(s), number of authors, year of publication and publisher
The needed attributes of each author of a book, are: author name, id, and field.
The needed attributes of each publisher of a book, are: publisher name, and location.
1. Map the relations between the main classes corresponding to the above requirements to code in C#. (4 marks)
2. Suppose that you want to write a method to output a list of books for a given author that are published by a given publisher, and suppose that you call the routine BooksOfAuthorByPublisher( ). Here's an informal specifications for this method:
BooksOfAuthorByPublisher( ) takes two inputs; one is an author name and the second is a publisher name and it should then outputs a list of all the books for that author input that was published by the publisher input. The method should loop through all the books in the library to achieve this target.
Write a pseudo code and then convert it to C# code for this method (2 marks)
Solution
1.
namespace LibraryProject
{
class Author
{
}
}
using System.Collections;
namespace LibraryProject
{
class Book
{
public ArrayList Authors { get; set; }
public Publisher publisher { get; set; }
}
}
using System.Collections;
namespace LibraryProject
{
class Library
{
public ArrayList Books { get; set; }
}
}
class Publisher
{
}
2.
public ArrayList BooksOfAuthorByPublisher(string author, string publisher)
{
ArrayList result = new ArrayList();
// loop through all the books in the library
foreach (Book book in Books)
{
// loop through all the authors of a book
foreach (Author myAuthor in book.Authors)
{
// check author name and publisher
if (myAuthor.Name.Equals(author) & book.publisher.Equals(publisher))
result.Add(book);
}
}
return result;
}
Q3) (6 marks)
In Questions 2; suppose that the number of authors attribute, in the book class was required to be in the range of 1 to 10; suppose also that there is a method called findAuthorsNum inside the Book class that returns the number of authors for a give book. Apply the following defensive programming techniques with this method in order to make sure that number of authors is within its allowable range:
1. assertions (1 mark)
2. Return a neutral value. (1 mark)
3. Substitute the closest legal value. (1 mark)
4. Log a warning message. (1 mark)
5. Return an error code. (1 mark)
6. Exceptions (1 marks)
Solution:
1.
using System.Diagnostics;
public int findAuthorsNum()
{
Debug.Assert(NumAuthors >= 1 & NumAuthors <= 10, "invalid number of authors");
return NumAuthors;
}
2.
public int findAuthorsNum()
{
if (NumAuthors < 0 || NumAuthors > 10)
return 0;
else
return NumAuthors;
}
3.
public int findAuthorsNum()
{
if (NumAuthors < 0)
NumAuthors = 0;
if (NumAuthors > 10)
NumAuthors = 10;
return NumAuthors;
}
4.
using System.IO;
public int findAuthorsNum()
{
StreamWriter file = new StreamWriter("c:\\error.txt");
if (NumAuthors < 0 || NumAuthors > 10)
{
file.WriteLine("invalid number of authors");
}
return NumAuthors;
}
5.
public enum Status { Success, Failure};
public Status findAuthorsNum2()
{
if (NumAuthors < 0 || NumAuthors > 10)
return Status.Failure;
else
return Status.Success;
}
6.
try
{
if (NumAuthors < 0 || NumAuthors > 10)
throw new Exception("invalid number of authors");
} catch(Exception e)
{
MessageBox.Show(e.Message);
}
Q4) (3 marks)
Suppose that you want to store the books data, for the applications you built in Q2, in a database.
1. Write the needed steps and code to create this database and fill it with data. (2 marks)
2. Write the needed steps to display the books data to the user of the library application. (1 mark)
Solution:
1.
Go to SQL Server Object Explorer à right click on (localdb)\v11.0 à create databaseà right click on Tables à Add new Table
CREATE TABLE [dbo].[Table]
(
[Id] INT NOT NULL PRIMARY KEY,
[Name] NVARCHAR(50) NOT NULL,
[numAuthors] INT NOT NULL,
[year] INT NOT NULL
)
CREATE TABLE [dbo].[Author]
(
[Id] INT NOT NULL PRIMARY KEY,
[Name] NCHAR(10) NOT NULL
)
CREATE TABLE [dbo].[BookAuthor]
(
[BookId] INT NOT NULL ,
[AuthorId] INT NOT NULL,
PRIMARY KEY (BookId, AuthorId)
)
Right click on each table and choose view data then fill a sample data
2.
Drag and drop a DataGridView from the toolbox
Click on it and select Choose data source
Then Add project data source
Choose Database
Choose Dataset
Choose New Connection
Choose Microsoft SQL Server
Insert (localdb)\v11.0
Enter your database name
Test connection
Next
Next
Select the table which is the Books table
Finish
7