Philadelphia University

Lecturer : Dr. Samer Hanna

Internal Examiner: Dr. Morad Maoch

Coordinator: Dr. Samer Hanna

Software Construction

(0721420) Section 1 Second Exam’s Key Second Semester of 2016/2017

Date: Monday, May 8th, 2017------Time: 50 min.

Q1) (5 marks)

Answer the following:

1.  Discuss the differences between correctness and robustness in software construction. (1 mark)

Answer:

These terms are at opposite ends of the scale from each other. Correctness means never returning an inaccurate result; returning no result is better than returning an inaccurate result. Robustness means always trying to do something that will allow the software to keep operating, even if that leads to results that are inaccurate sometimes.

2.  Name one error handling techniques that support correctness and one that support robustness. (justify your answer) (1 mark)

Answer:

Robustness

Return neutral value

Closest legal value

Correctness

Shut down

3.  To handle garbage inputs in software construction we must check the values of all the data from external sources because user may inject SQL commands using these inputs.

a) Explain this statement. (1 mark)

b) Give example of SQL injection. (2 marks)

Answer:

a)

Check the values of all data from external sources When getting data from a file, a user, the network, or some other external interfaces, check to be sure that the data falls within allowable range. Make sure that numeric values are within tolerances and that strings are short enough to handle. If a string is intended to represent a restricted range of values, be sure that the string is valid for its intended purpose; otherwise reject it. If you are working on a secure application, be especially leery of data that might attack your system such as Inject SQL commands.

SQL injection is the placement of malicious code in SQL statements, via web page input.

b)

txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;

hacker can insert

105 or 1=1 in the UserId input

Then, the SQL statement will look like this:

SELECT*FROMUsersWHEREUserId =105OR1=1;

The SQL above is valid and will return ALL rows from the "Users" table, sinceOR 1=1is always TRUE.

Q2) (6 marks)

Suppose that you are asked to develop a Windows Form application for Philadelphia University library with the following specifications:

The needed attributes of the library are: location, number of English books, and number of Arabic books.

The needed attributes of a book in the library are: book name, author(s), number of authors, year of publication and publisher

The needed attributes of each author of a book, are: author name, id, and field.

The needed attributes of each publisher of a book, are: publisher name, and location.

1. Map the relations between the main classes corresponding to the above requirements to code in C#. (4 marks)

2. Suppose that you want to write a method to output a list of books for a given author that are published by a given publisher, and suppose that you call the routine BooksOfAuthorByPublisher( ). Here's an informal specifications for this method:

BooksOfAuthorByPublisher( ) takes two inputs; one is an author name and the second is a publisher name and it should then outputs a list of all the books for that author input that was published by the publisher input. The method should loop through all the books in the library to achieve this target.

Write a pseudo code and then convert it to C# code for this method (2 marks)

Solution

1.

namespace LibraryProject

{

class Author

{

}

}

using System.Collections;

namespace LibraryProject

{

class Book

{

public ArrayList Authors { get; set; }

public Publisher publisher { get; set; }

}

}

using System.Collections;

namespace LibraryProject

{

class Library

{

public ArrayList Books { get; set; }

}

}

class Publisher

{

}

2.

public ArrayList BooksOfAuthorByPublisher(string author, string publisher)

{

ArrayList result = new ArrayList();

// loop through all the books in the library

foreach (Book book in Books)

{

// loop through all the authors of a book

foreach (Author myAuthor in book.Authors)

{

// check author name and publisher

if (myAuthor.Name.Equals(author) & book.publisher.Equals(publisher))

result.Add(book);

}

}

return result;

}

Q3) (6 marks)

In Questions 2; suppose that the number of authors attribute, in the book class was required to be in the range of 1 to 10; suppose also that there is a method called findAuthorsNum inside the Book class that returns the number of authors for a give book. Apply the following defensive programming techniques with this method in order to make sure that number of authors is within its allowable range:

1. assertions (1 mark)

2. Return a neutral value. (1 mark)

3. Substitute the closest legal value. (1 mark)

4. Log a warning message. (1 mark)

5. Return an error code. (1 mark)

6. Exceptions (1 marks)

Solution:

1.

using System.Diagnostics;

public int findAuthorsNum()

{

Debug.Assert(NumAuthors >= 1 & NumAuthors <= 10, "invalid number of authors");

return NumAuthors;

}

2.

public int findAuthorsNum()

{

if (NumAuthors < 0 || NumAuthors > 10)

return 0;

else

return NumAuthors;

}

3.

public int findAuthorsNum()

{

if (NumAuthors < 0)

NumAuthors = 0;

if (NumAuthors > 10)

NumAuthors = 10;

return NumAuthors;

}

4.

using System.IO;

public int findAuthorsNum()

{

StreamWriter file = new StreamWriter("c:\\error.txt");

if (NumAuthors < 0 || NumAuthors > 10)

{

file.WriteLine("invalid number of authors");

}

return NumAuthors;

}

5.

public enum Status { Success, Failure};

public Status findAuthorsNum2()

{

if (NumAuthors < 0 || NumAuthors > 10)

return Status.Failure;

else

return Status.Success;

}

6.

try

{

if (NumAuthors < 0 || NumAuthors > 10)

throw new Exception("invalid number of authors");

} catch(Exception e)

{

MessageBox.Show(e.Message);

}

Q4) (3 marks)

Suppose that you want to store the books data, for the applications you built in Q2, in a database.

1. Write the needed steps and code to create this database and fill it with data. (2 marks)

2. Write the needed steps to display the books data to the user of the library application. (1 mark)

Solution:

1.

Go to SQL Server Object Explorer à right click on (localdb)\v11.0 à create databaseà right click on Tables à Add new Table

CREATE TABLE [dbo].[Table]

(

[Id] INT NOT NULL PRIMARY KEY,

[Name] NVARCHAR(50) NOT NULL,

[numAuthors] INT NOT NULL,

[year] INT NOT NULL

)

CREATE TABLE [dbo].[Author]

(

[Id] INT NOT NULL PRIMARY KEY,

[Name] NCHAR(10) NOT NULL

)

CREATE TABLE [dbo].[BookAuthor]

(

[BookId] INT NOT NULL ,

[AuthorId] INT NOT NULL,

PRIMARY KEY (BookId, AuthorId)

)

Right click on each table and choose view data then fill a sample data

2.

Drag and drop a DataGridView from the toolbox

Click on it and select Choose data source

Then Add project data source

Choose Database

Choose Dataset

Choose New Connection

Choose Microsoft SQL Server

Insert (localdb)\v11.0

Enter your database name

Test connection

Next

Next

Select the table which is the Books table

Finish

7