Philadelphia University
Faculty of Information Technology
Department of Software Engineering
Examination Paper
Lecturer: Dr. Samer Hanna
Internal Examiner: Dr. Saed Goul
Coordinator: Dr. Samer Hanna
Software Construction
(0721420 ) Section 1
Final Exam’s Key
Summer Session of 2014/2015
Date: Saturday, August 29 , 2015-------- Time: 2 hours
th
Q1) (6 marks)
1.
2.
Discuss three of the differences between error handling techniques and assertions. (2 marks)
Assertion
Error Handling Technique
An assertion is code that is used during development
Error handling techniques is code that is used during
development and after delivery
assertions for conditions that should never occur
error-handling code is used for conditions you expect to
occur
the corrective action is to change the program's
source code, recompile, and release a new version of
a software.
the corrective action is merely to handle an error
gracefully
Discuss how to choose the most appropriate style of error processing (give examples). (2 marks)
As the video game and x-ray examples shows us, the style of error processing that is most appropriate
depends on the kind of software the error occurs in. These examples also illustrates that error
processing generally favors more correctness or more robustness. These terms are at opposite ends of
the scale from each other. Correctness means never returning an inaccurate result; returning no result
is better than returning an inaccurate result. Robustness means always trying to do something that will
allow the software to keep operating, even if that leads to results that are inaccurate sometimes.
Safety-critical applications tend to favor correctness to robustness. It is better to return no result than
to return a wrong result. The radiation machine is a good example of this principle.
Consumer applications tend to favor robustness to correctness. Any result whatsoever is usually better
than the software shutting down. The word processor I'm using, occasionally displays a fraction of a
line of text at the bottom of the screen. If it detects that condition, do I want work processor to shut
down? No. I know that the next time I hit Page Up or Page Down, the screen will refresh and the
display will be back to normal.
3.
Define Cross Site scripting (XSS) attack and explain how it is used by hackers (2 marks)
XSS is a type of computer security vulnerability typically found in web applications. XSS enables attackers
to inject client-side script into web pages viewed by other users. A cross-site scripting vulnerability may be
used by attackers to bypass access controls such as the same-origin policy.
1
Q2) (6 marks)
Consider the following class that represents an account in a local bank:
1. Map the class attributes to code in Java (1 mark).
2. Write the code of a Credit method that is responsible to credit (add) an amount to the account’s totalBalance. (1
mark)
3. Write the code of the getAvailableBalance method gives the value of the available balance to the calling method.
(1 mark)
4. Provide a method called debit that withdraws money from an Account. Ensure that the debit amount does not
exceed the Account’s availableBalance. If it does, the availableBalance should be left unchanged and the method
should print a message indicating "Debit amount exceeded account balance." (1 mark)
5. Write the code of a class called AccountTest to all the methods in the Account. (2 marks)
Sol.
package a;
// 1.
public class Account
{
private int accountNumber; // account number
private int pin; // PIN for authentication
private double availableBalance; // funds available for withdrawal
private double totalBalance; // funds available
// 2.
public void credit( double amount )
{
totalBalance += amount; // add to total balance
} // end
// 3.
public double getAvailableBalance()
{
return availableBalance; // gives the value of balance to the calling method
} // end method getBalance
// 4.
public void debit( double amount )
{
if (amount<=availableBalance)
{
availableBalance -= amount;
}// subtract from available balance
else
{
System.out.println("Debit amount exceeds account’s balance");
2
} // end method debit
}
}
package a;
public class AccountTest
{
public static void main( String[] args )
{
Account account1 = new Account( 12, 1234, 400, 420); // create Account object
Account account2 = new Account( 14, 2547, 1400, 1420); // create Account object
// display initial balance of each object
System.out.printf( "account1 balance: $ " + account1.getAvailableBalance() + "\n" );
System.out.printf( "account2 balance: $ " + account2.getAvailableBalance()+ "\n" );
// create Scanner to obtain input from command window
account1.credit( 200 ); // add to account1 balance
// display balances
System.out.printf( "account1 balance: $ " + account1.getAvailableBalance() + "\n" );
System.out.printf( "account2 balance: $ " + account2.getAvailableBalance()+ "\n" );
account1.debit( 300 );
account2.credit( 300 ); // add to account2 balance
// display balances
System.out.printf( "account1 balance: $ " + account1.getAvailableBalance() + "\n" );
System.out.printf( "account2 balance: $ " + account2.getAvailableBalance()+ "\n" );
} // end main
}
Q3) (7 marks)
1. Create class SavingsAccount that inherits from class Account in Q2. Use a variable annualInterestRate to store the
annual interest rate for all account holders. (1 mark)
public class SavingAccount extends Account
{
private float rate;
}
2. Write the constructor of the SavingsAccount class (1 mark)
public SavingAccount(int accountNumber, int pin, double availableBalance,
double totalBalance, float rate)
{
super(accountNumber,pin,availableBalance, totalBalance );
this.rate=rate;
}
3
3. Provide method calculateMonthlyInterest to calculate the monthly interest by multiplying the totalBalance by
annualInterestRate divided by 12—this interest should be added to balance. (2 marks)
public double calculateMonthlyinterest()
{
double interest = (totalBalance * rate)/12;
totalBalance+=interest;
availableBalance+=interest;
return interest;
}
4. Provide a method modifyInterestRate that sets the annualInterestRate to a new value. (1 mark)
public void setRate(float rate) {
this.rate = rate;
}
5. Write a class to test class SavingsAccount. (2 marks)
public class SavingAccountTest
{
public static void main(String [] args)
{
SavingAccount saving1 = new SavingAccount(50, 1254, 1000, 1200, 0.09f);
double interest = saving1.calculateMonthlyInterest();
System.out.println("Monthly interest is " + interest);
}
}
Q4) (6 marks)
Suppose that a new class has been added to the Bank application in Q2 and this class is called BankDatabase
as depicted in the class diagram below:
1. Write the code of the BankDatabase class in Java (2 marks)
package a;
import java.util.ArrayList;
public class BankDatabase
{
public ArrayList<Account> accounts = new ArrayList<Account>();
public ArrayList<Account> getAccounts() {
return accounts;
4
}
public void setAccounts(ArrayList<Account> accounts) {
this.accounts = accounts;
}
}
2. Inside BankDatabase class; write the code of a method called getAccount that returns all the information of
a given Account given this Account’s accountNumber. (2 marks)
private Account getAccount(int accountNumber) {
// loop through accounts searching for matching account number
for (Account currentAccount : accounts) {
// return current account if match found
if (currentAccount.getAccountNumber() == accountNumber) {
return currentAccount;
}
} // end for
return null; // if no matching account was found, return null
} // end method getAccount
3. Write a method called debit that debits a certain Account given the accoutNumber and the amount of money
to debit. [Note. Use the help of the getAccount method] (2 marks)
public void debit(int userAccountNumber, double amount)
{
getAccount(userAccountNumber).debit(amount);
}
4. Write the needed code to test the BankDatabase class’ methods (2 marks)
Q5) (3 marks)
5
Write the code of the BankDatabase class in Q4 branch 1 using C#.
using System;
using System.Collections;
namespace Q5
{
class BankDatabase
{
public ArrayList accounts = new ArrayList();
public Account getAccount(int accountNo)
{
foreach (Account currentAccount in accounts)
{
if (currentAccount.AccountNo == accountNo)
return currentAccount;
}
return null;
}
}
}
Q6) (8 marks)
Suppose that the minimum value of the totalBalance in Q2 is 200.0 JD and the maximum totalBalance is
50,000 JD.
a. Write the code (in Java) of the following defensive programming techniques to the totalBalance input value.
1. Assertion with the totalBalance attribute (1 marks)
2. Log a warning message to a file (1 marks)
3. Call an error-processing routine when you receive a wrong totalBalance (1 mark)
4. Shut down when you receive a wrong totalBalance (1 mark)
5. Closest legal value (1 mark)
6. Return an error code. (1 mark)
b. In your opinion; what will be the error handling techniques that will be used with this bank application and why? (2
marks)
Sol.
a.
1.
assert (totalBalance>=200 && totalBalance<=50000): "invalid total balance";
2.
If (totalBalance<200 || totalBalance>50000)
{
//store this error in a file
}
3.
If (totalBalance<200 || totalBalance>50000)
{
error_processor(1);
}
4.
If (totalBalance<200 || totalBalance>50000)
{
System.exit(1);
}
5.
6
If (totalBalance<200)
totalBalance=200
If (totalBalance>500)
totalBalance=500;
6.
Public Status getTotalBalance ( )
{
If (totalBalane < 200 || totalBalane > 50000)
return status.Failure;
}
b.
All except closest legal value because in such applications correctness is more important than robustness.
Q7) (3 marks)
In the same Bank scenario; suppose that we built a method to enable a bank client to view his/her account
information but first he/she must give his/her user name and password to this method.
Write the needed code to protect this method from SQL injection attacks.
7