This is your reminder: Don't forget to check strings with special characters like underscores TL;DR: Underscore and special characters can lead to validation errors Problems Incomplete Validation
Security Risks
Missed Tests
Incorrect Setup
System Inconsistency
Breaking changes with legacy data Solutions Use consistent prefix
Implement strict validation
Check system outputs
Create migration tests
Test with legacy data Context In digital certificate validation, ensuring domain control is critical. An incomplete validation and potential security issues. DigiCert recently encountered such a problem, where they missed adding an underscore prefix. This resulted in certificates being issued without proper validation and a cascade of broken sites with few advancement notices. Sample Code Wrong // Incorrect random value without underscore
let random_value = format!("{}", generate_random_value());
setup_dns_record(
  &format!("_{}.example.com", random_value),
  "dcv.digicert.com"); Right // Correct random value with underscore
let random_value = format!("_{}", generate_random_value());
setup_dns_record(&random_value, "dcv.digicert.com"); Detection [x]Manual You can detect this smell by reviewing the validation process and checking if all required prefixes are consistently applied. You should also store historical data and check the new rules applied to them. Tag(s) Security Level [x]Advanced AI Generation AI-generated code might miss adding specific prefixes unless explicitly instructed. This can lead to security risks if the generated code is not thoroughly reviewed. AI Detection With proper examples and instructions, AI tools can be trained to detect missing prefixes in generated or existing code. Conclusion Skipping an essential part of the validation process, like an underscore prefix, can lead to significant issues. Ensuring such steps are consistently applied and reviewed is crucial for maintaining system integrity and security. Relations https://hackernoon.com/how-to-find-the-stinky-parts-of-your-code-part-xxxviii?embedable=true More Info https://www.digicert.com/support/certificate-revocation-incident?embedable=true https://thehackernews.com/2024/07/digicert-to-revoke-83000-ssl.html?embedable=true https://www.bleepingcomputer.com/news/security/digicert-mass-revoking-tls-certificates-due-to-domain-validation-bug/?embedable=true Disclaimer: Code Smells are my opinion. Credits: Photo by Markus Spiske on Unsplash Security is a process, not a product Bruce Schneier https://hackernoon.com/400-thought-provoking-software-engineering-quotes?embedable=true This article is part of the CodeSmell Series on HackerNoon: How to Find the Stinky Parts of Your Code This is your reminder: Don't forget to check strings with special characters like underscores This is your reminder: Don't forget to check strings with special characters like underscores TL;DR: Underscore and special characters can lead to validation errors TL;DR: Underscore and special characters can lead to validation errors Problems Incomplete Validation Security Risks Missed Tests Incorrect Setup System Inconsistency Breaking changes with legacy data Incomplete Validation Security Risks Missed Tests Incorrect Setup System Inconsistency Breaking changes with legacy data Solutions Use consistent prefix Implement strict validation Check system outputs Create migration tests Test with legacy data Use consistent prefix Implement strict validation Check system outputs Create migration tests Test with legacy data Context In digital certificate validation, ensuring domain control is critical. An incomplete validation and potential security issues. DigiCert recently encountered such a problem, where they missed adding an underscore prefix . This resulted in certificates being issued without proper validation and a cascade of broken sites with few advancement notices. recently encountered underscore prefix Sample Code Wrong // Incorrect random value without underscore
let random_value = format!("{}", generate_random_value());
setup_dns_record(
  &format!("_{}.example.com", random_value),
  "dcv.digicert.com"); // Incorrect random value without underscore
let random_value = format!("{}", generate_random_value());
setup_dns_record(
  &format!("_{}.example.com", random_value),
  "dcv.digicert.com"); Right // Correct random value with underscore
let random_value = format!("_{}", generate_random_value());
setup_dns_record(&random_value, "dcv.digicert.com"); // Correct random value with underscore
let random_value = format!("_{}", generate_random_value());
setup_dns_record(&random_value, "dcv.digicert.com"); Detection [x]Manual [x] Manual [x] You can detect this smell by reviewing the validation process and checking if all required prefixes are consistently applied. You should also store historical data and check the new rules applied to them. Tag(s) Security Security Level [x]Advanced [x] Advanced [x] AI Generation AI-generated code might miss adding specific prefixes unless explicitly instructed. This can lead to security risks if the generated code is not thoroughly reviewed. AI Detection With proper examples and instructions, AI tools can be trained to detect missing prefixes in generated or existing code. Conclusion Skipping an essential part of the validation process, like an underscore prefix, can lead to significant issues. Ensuring such steps are consistently applied and reviewed is crucial for maintaining system integrity and security. Relations https://hackernoon.com/how-to-find-the-stinky-parts-of-your-code-part-xxxviii?embedable=true https://hackernoon.com/how-to-find-the-stinky-parts-of-your-code-part-xxxviii?embedable=true More Info https://www.digicert.com/support/certificate-revocation-incident?embedable=true https://www.digicert.com/support/certificate-revocation-incident?embedable=true https://thehackernews.com/2024/07/digicert-to-revoke-83000-ssl.html?embedable=true https://thehackernews.com/2024/07/digicert-to-revoke-83000-ssl.html?embedable=true https://www.bleepingcomputer.com/news/security/digicert-mass-revoking-tls-certificates-due-to-domain-validation-bug/?embedable=true https://www.bleepingcomputer.com/news/security/digicert-mass-revoking-tls-certificates-due-to-domain-validation-bug/?embedable=true Disclaimer: Code Smells are my opinion. Disclaimer: Code Smells are my opinion. Disclaimer: Code Smells are my opinion . opinion Credits: Photo by Markus Spiske on Unsplash Credits: Photo by Markus Spiske on Unsplash Markus Spiske Unsplash Security is a process, not a product Security is a process, not a product Bruce Schneier Bruce Schneier https://hackernoon.com/400-thought-provoking-software-engineering-quotes?embedable=true https://hackernoon.com/400-thought-provoking-software-engineering-quotes?embedable=true This article is part of the CodeSmell Series on HackerNoon: How to Find the Stinky Parts of Your Code This article is part of the CodeSmell Series on HackerNoon: How to Find the Stinky Parts of Your Code How to Find the Stinky Parts of Your Code

Walkthroughs, tutorials, guides, and tips. This story will teach you how to do something new or how to do something better.

Code Smell 262 - Not Replaced Constants

Code Refactoring Tips: No. 015 - Remove NULL

Buy My Book

Share your ideas with me!

Read My Stories

Buy Me a Coffee

Too Long; Didn't Read

Boost your HackerNoon story @ $159.99! 🚀

Code Smell 261 - DigiCert Underscores

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

10 Predictions About the Future of Finance

106 Stories To Learn About Clean Code

100 Pieces of Programming Advice from the Book Clean Code by Robert Martin

110 Stories To Learn About Refactoring

3 Things Coding And Prose Writing Have In Common According To Cory House

10 Predictions About the Future of Finance

106 Stories To Learn About Clean Code

100 Pieces of Programming Advice from the Book Clean Code by Robert Martin

110 Stories To Learn About Refactoring

3 Things Coding And Prose Writing Have In Common According To Cory House

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps