paint-brush
Code Smell 282 - Bad Defaults and How to Fix Themby@mcsee
801 reads
801 reads

Code Smell 282 - Bad Defaults and How to Fix Them

by Maximiliano ContieriDecember 2nd, 2024
Read on Terminal Reader
Read this story w/o Javascript

Too Long; Didn't Read

Treat unknown responses as unauthorized, not as valid.
featured image - Code Smell 282 - Bad Defaults and How to Fix Them
Maximiliano Contieri HackerNoon profile picture

Defaults Can Sink You

TL;DR: Treat unknown responses as unauthorized, not as valid.

Problems

  • Security risks
  • Ignoring unknown cases
  • Error Misinterpretation
  • Defaulting to valid states
  • Mismatch Authorizations
  • Failing to log events
  • Exploitation Potential

Solutions

  1. Validate all responses against a closed set of known codes.
  2. Default (and unknown) to unauthorized or Remove Defaults.
  3. Log every mismatched or unexpected case for analysis.
  4. Test with edge scenarios.
  5. Synchronize response pools with processors regularly to avoid outdated codes.
  6. Focus on security making it a shift left process.
  7. Design systems with change resilience to handle evolving scenarios.

Context

Today is computer security day and every programmer needs to acknowledge its responsibility.


Imagine an application handling sales that relies on response pools from credit card processors to handle transactions.


Each credit card processor provides predefined response codes for various situations, such as insufficient balance or expired cards.


The issue begins when a processor adds a new response code for denied transactions but doesn't notify the platform.


The application doesn't recognize the new code, defaults to treating it as "not found," and authorizes the purchase.


Users notice this flaw and exploit it to make unauthorized purchases.


The platform's revenue plummets, leading to bankruptcy.

Sample Code

Wrong

String response = paymentProcessor.authorize(cardDetails);

switch (response) {
    case "DECLINED_INSUFFICIENT_FUNDS":
        // Handle insufficient funds
        break;
    case "DECLINED_EXPIRED_CARD":
        // Handle expired card
        break;
    default:
        // Authorize purchase
        break;
}

Right

String response = paymentProcessor.authorize(cardDetails);

switch (response) {
    case "APPROVED":
        // Authorize purchase
        break;
    case "DECLINED_INSUFFICIENT_FUNDS":
        // Handle insufficient funds
        break;
    case "DECLINED_EXPIRED_CARD":
        // Handle expired card
        break;
    case "DECLINED_NEW_REASON":
        // Handle new declined reason
        break;
    default:
        // Reject purchase (default case for unknown responses)
        break;
}

Detection

  • [x]Manual

You can detect this smell by reviewing error-handling logic.


Check if the system logs and denies unrecognized cases.


Automated tests can help identify if new or unexpected inputs default to valid actions.


Static analysis tools can help by flagging potentially incomplete error handling.

Tags

  • Security

Level

  • [x]Intermediate

Why Bijection Is Important

It's critical to maintain a one-to-one correspondence between your application's internal representation of payment processor responses and the actual codes returned by the processor.


When you break the Bijection, you create a mismatch.


The application interprets unknown codes incorrectly, leading to unexpected behavior, security holes, and potentially disastrous business consequences.

AI Generation

AI tools can create this smell if you don't specify how to handle unknown cases.


For example, generic error handling might default to benign outcomes like "not found" or "success."

AI Detection

AI generators can fix this smell when you instruct them to treat unknown cases as unauthorized and emphasize logging and testing unexpected scenarios.

Try Them!

Remember: AI Assistants make lots of mistakes

Without Proper Instructions

With Specific Instructions

ChatGPT

ChatGPT

Claude

Claude

Perplexity

Perplexity

Copilot

Copilot

Gemini

Gemini

Conclusion

Always handle unknown cases cautiously.


Defaults like "not found" can lead to severe security issues and financial losses.


Make logging and denying unknown responses part of your development practices.


Make shift-left decisions related to security while programming.

Relations

https://hackernoon.com/how-to-find-the-stinky-parts-of-your-code-part-xxii

https://hackernoon.com/how-to-find-the-stinky-parts-of-your-code-part-viii-8mn3352

Disclaimer

Code Smells are my opinion.

Credits

Photo by Nathana Rebouças on Unsplash

https://www.youtube.com/watch?v=J2QOejhA6ek


Assumptions are the mother of all failures.

Said Ouissal

Software Engineering Great Quotes


This article is part of the CodeSmell Series.

How to Find the Stinky Parts of your Code