CSC 1029 Week 07 Coding Standards PDF
Document Details
Uploaded by DivineZebra9695
Red Rocks Community College
Tags
Summary
This document covers coding standards for secure coding practices, focusing on C++. It includes guidelines, best practices, and resources for further learning.
Full Transcript
CSC 1029 CODING STANDARDS OBJECTIVES AGENDA: WEEK 07 Identify and describe secure 1. Review Activity coding implementation. 2. Clean Code 3. SEI CERT Coding Standards Describe coding standards and 4...
CSC 1029 CODING STANDARDS OBJECTIVES AGENDA: WEEK 07 Identify and describe secure 1. Review Activity coding implementation. 2. Clean Code 3. SEI CERT Coding Standards Describe coding standards and 4. Coding Standards for Quality rules for secure coding. and Compliance 5. C++ Core Guidelines Apply secure coding principles Coding Standards based on industry coding Naming Conventions standards. 6. MISRA 7. Google C++ Style Guide 8. Microsoft Secure Coding 9. TODO & Resources for Help GOOD PROGRAMMING (CPROGRAMMING) If you are persistent, willing to pay attention to issues of design and focus on both problem solving Patience Precision and precise solutions to problems, you will go far as a programmer. Problem Programs are meant to be read Design Solver Good by humans and only Programmer incidentally for computers to execute. —Donald Knuth, The Art of Computer Programming REVIEW Complete the 1.8 Matching CLEAN CODE Strategies for writing Clean Code: https://www.youtube.com/embed/HcijbAI4eB0?si=2O3h3dYsl7E mWvGS 3 tips to write clean, readable, and maintainable code. The examples shown are written in JavaScript / TypeScript, but they apply to any programming language and to any part of the software development stack. SEI CERT CODING STANDARDS The SEI (Software Engineering Institute) CERT Coding Standards supports the development of coding standards for commonly used programming languages such as C, C++, Java, and Perl, and the Android platform. These standards are developed through a broad-based community effort by members of the software development and software security communities. The following development areas enable you to learn about and contribute to secure coding standards for commonly used programming languages C, C++, Java, and Perl. https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+ Standards CODING STANDARDS FOR QUALITY AND COMPLIANCE Read the article linked: https://www.perforce.com/resources/qac/coding- standards#:~:text=The%20reason%20why%20coding%20standards, lead%20to%20a%20minor%20glitch. ▪ What Are Coding Rules and Guidelines? ▪ Why Coding Standards Are Important? ▪ Important C++ Coding Standards ▪ How to Enforce Coding Standards With Static Code Analysis C++ CORE GUIDELINES The main point of a C++ coding standard is to provide a set of rules for using C++ for a particular purpose in a particular environment. It follows that there cannot be one coding standard for all uses and all users. C++ Core Guidelines Should I use using namespace std in my code? Should I declare locals in the middle of a function or at the top? Which is better: identifier names that_look_like_this or identifier names thatLookLikeThis? What’s a good coding standard for using global variables? DON'T DO IT! C++ CORE GUILDELINES: COMMENTS & NAMING NL.1: Don’t say in comments what can be clearly stated in code NL.2: State intent in comments NL.3: Keep comments crisp NL.4: Maintain a consistent indentation style NL.5: Avoid encoding type information in names NL.7: Make the length of a name roughly proportional to the length of its scope NL.8: Use a consistent naming style NL.19: Avoid names that are easily misread NL.20: Don’t place two statements on the same line NL.21: Declare one name (only) per declaration MISRA MISRA provides world-leading best practice guidelines for the safe and secure application of both embedded control systems and standalone software. MISRA C++ was originally published in June 2008 recognizing the growing use of C++ in critical applications. GOOGLE C++ STYLE GUIDE Read through the file: https://docs.google.com/file/d/0B5FQoJdw1sdRVHRid21IalRRb3 M/edit?resourcekey=0-0OIuS0JpAEz34vYFETmWUQ MICROSOFT CODE SECURITY Review the document: https://docs.microsoft.com/en-us/visualstudio/ide/securing- applications?view=vs-2019 Most coding errors that result in security vulnerabilities occur because developers make incorrect assumptions when working with user input, or because they don't fully understand the platform for which they're developing. EARN YOUR PRE-WORK GRADE Post your weekly discussion question and research solution to D2L TODO Complete Week 07 Content Module in D2L to 100% WHAT'S COMING UP NEXT...WEEK 08 QUESTIONS | CLARIFICATIONS | HELP Student Office Hours: Schedule Meeting with Julie o By Appointment (both on-campus and remote via Zoom) o Drop-In Times Available (on-campus) Email: [email protected] RRCC On Campus Tutoring: https://www.rrcc.edu/learning- commons/tutoring 24/7 Online Tutoring: D2L > Content > Resources for Help
