Philadelphia University Faculty of Information Technology Department of Software Engineering Examination Paper Lecturer: Dr. Samer Hanna Internal Examiner: Dr. Saed Goul Coordinator: Dr. Samer Hanna Software Construction (0721420 ) Section 1 Final Exam’s Key Summer Session of 2014/2015 Date: Saturday, August 29 , 2015-------- Time: 2 hours th Q1) (6 marks) 1. 2. Discuss three of the differences between error handling techniques and assertions. (2 marks) Assertion Error Handling Technique An assertion is code that is used during development Error handling techniques is code that is used during development and after delivery assertions for conditions that should never occur error-handling code is used for conditions you expect to occur the corrective action is to change the program's source code, recompile, and release a new version of a software. the corrective action is merely to handle an error gracefully Discuss how to choose the most appropriate style of error processing (give examples). (2 marks) As the video game and x-ray examples shows us, the style of error processing that is most appropriate depends on the kind of software the error occurs in. These examples also illustrates that error processing generally favors more correctness or more robustness. These terms are at opposite ends of the scale from each other. Correctness means never returning an inaccurate result; returning no result is better than returning an inaccurate result. Robustness means always trying to do something that will allow the software to keep operating, even if that leads to results that are inaccurate sometimes. Safety-critical applications tend to favor correctness to robustness. It is better to return no result than to return a wrong result. The radiation machine is a good example of this principle. Consumer applications tend to favor robustness to correctness. Any result whatsoever is usually better than the software shutting down. The word processor I'm using, occasionally displays a fraction of a line of text at the bottom of the screen. If it detects that condition, do I want work processor to shut down? No. I know that the next time I hit Page Up or Page Down, the screen will refresh and the display will be back to normal. 3. Define Cross Site scripting (XSS) attack and explain how it is used by hackers (2 marks) XSS is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side script into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. 1 Q2) (6 marks) Consider the following class that represents an account in a local bank: 1. Map the class attributes to code in Java (1 mark). 2. Write the code of a Credit method that is responsible to credit (add) an amount to the account’s totalBalance. (1 mark) 3. Write the code of the getAvailableBalance method gives the value of the available balance to the calling method. (1 mark) 4. Provide a method called debit that withdraws money from an Account. Ensure that the debit amount does not exceed the Account’s availableBalance. If it does, the availableBalance should be left unchanged and the method should print a message indicating "Debit amount exceeded account balance." (1 mark) 5. Write the code of a class called AccountTest to all the methods in the Account. (2 marks) Sol. package a; // 1. public class Account { private int accountNumber; // account number private int pin; // PIN for authentication private double availableBalance; // funds available for withdrawal private double totalBalance; // funds available // 2. public void credit( double amount ) { totalBalance += amount; // add to total balance } // end // 3. public double getAvailableBalance() { return availableBalance; // gives the value of balance to the calling method } // end method getBalance // 4. public void debit( double amount ) { if (amount<=availableBalance) { availableBalance -= amount; }// subtract from available balance else { System.out.println("Debit amount exceeds account’s balance"); 2 } // end method debit } } package a; public class AccountTest { public static void main( String[] args ) { Account account1 = new Account( 12, 1234, 400, 420); // create Account object Account account2 = new Account( 14, 2547, 1400, 1420); // create Account object // display initial balance of each object System.out.printf( "account1 balance: $ " + account1.getAvailableBalance() + "\n" ); System.out.printf( "account2 balance: $ " + account2.getAvailableBalance()+ "\n" ); // create Scanner to obtain input from command window account1.credit( 200 ); // add to account1 balance // display balances System.out.printf( "account1 balance: $ " + account1.getAvailableBalance() + "\n" ); System.out.printf( "account2 balance: $ " + account2.getAvailableBalance()+ "\n" ); account1.debit( 300 ); account2.credit( 300 ); // add to account2 balance // display balances System.out.printf( "account1 balance: $ " + account1.getAvailableBalance() + "\n" ); System.out.printf( "account2 balance: $ " + account2.getAvailableBalance()+ "\n" ); } // end main } Q3) (7 marks) 1. Create class SavingsAccount that inherits from class Account in Q2. Use a variable annualInterestRate to store the annual interest rate for all account holders. (1 mark) public class SavingAccount extends Account { private float rate; } 2. Write the constructor of the SavingsAccount class (1 mark) public SavingAccount(int accountNumber, int pin, double availableBalance, double totalBalance, float rate) { super(accountNumber,pin,availableBalance, totalBalance ); this.rate=rate; } 3 3. Provide method calculateMonthlyInterest to calculate the monthly interest by multiplying the totalBalance by annualInterestRate divided by 12—this interest should be added to balance. (2 marks) public double calculateMonthlyinterest() { double interest = (totalBalance * rate)/12; totalBalance+=interest; availableBalance+=interest; return interest; } 4. Provide a method modifyInterestRate that sets the annualInterestRate to a new value. (1 mark) public void setRate(float rate) { this.rate = rate; } 5. Write a class to test class SavingsAccount. (2 marks) public class SavingAccountTest { public static void main(String [] args) { SavingAccount saving1 = new SavingAccount(50, 1254, 1000, 1200, 0.09f); double interest = saving1.calculateMonthlyInterest(); System.out.println("Monthly interest is " + interest); } } Q4) (6 marks) Suppose that a new class has been added to the Bank application in Q2 and this class is called BankDatabase as depicted in the class diagram below: 1. Write the code of the BankDatabase class in Java (2 marks) package a; import java.util.ArrayList; public class BankDatabase { public ArrayList<Account> accounts = new ArrayList<Account>(); public ArrayList<Account> getAccounts() { return accounts; 4 } public void setAccounts(ArrayList<Account> accounts) { this.accounts = accounts; } } 2. Inside BankDatabase class; write the code of a method called getAccount that returns all the information of a given Account given this Account’s accountNumber. (2 marks) private Account getAccount(int accountNumber) { // loop through accounts searching for matching account number for (Account currentAccount : accounts) { // return current account if match found if (currentAccount.getAccountNumber() == accountNumber) { return currentAccount; } } // end for return null; // if no matching account was found, return null } // end method getAccount 3. Write a method called debit that debits a certain Account given the accoutNumber and the amount of money to debit. [Note. Use the help of the getAccount method] (2 marks) public void debit(int userAccountNumber, double amount) { getAccount(userAccountNumber).debit(amount); } 4. Write the needed code to test the BankDatabase class’ methods (2 marks) Q5) (3 marks) 5 Write the code of the BankDatabase class in Q4 branch 1 using C#. using System; using System.Collections; namespace Q5 { class BankDatabase { public ArrayList accounts = new ArrayList(); public Account getAccount(int accountNo) { foreach (Account currentAccount in accounts) { if (currentAccount.AccountNo == accountNo) return currentAccount; } return null; } } } Q6) (8 marks) Suppose that the minimum value of the totalBalance in Q2 is 200.0 JD and the maximum totalBalance is 50,000 JD. a. Write the code (in Java) of the following defensive programming techniques to the totalBalance input value. 1. Assertion with the totalBalance attribute (1 marks) 2. Log a warning message to a file (1 marks) 3. Call an error-processing routine when you receive a wrong totalBalance (1 mark) 4. Shut down when you receive a wrong totalBalance (1 mark) 5. Closest legal value (1 mark) 6. Return an error code. (1 mark) b. In your opinion; what will be the error handling techniques that will be used with this bank application and why? (2 marks) Sol. a. 1. assert (totalBalance>=200 && totalBalance<=50000): "invalid total balance"; 2. If (totalBalance<200 || totalBalance>50000) { //store this error in a file } 3. If (totalBalance<200 || totalBalance>50000) { error_processor(1); } 4. If (totalBalance<200 || totalBalance>50000) { System.exit(1); } 5. 6 If (totalBalance<200) totalBalance=200 If (totalBalance>500) totalBalance=500; 6. Public Status getTotalBalance ( ) { If (totalBalane < 200 || totalBalane > 50000) return status.Failure; } b. All except closest legal value because in such applications correctness is more important than robustness. Q7) (3 marks) In the same Bank scenario; suppose that we built a method to enable a bank client to view his/her account information but first he/she must give his/her user name and password to this method. Write the needed code to protect this method from SQL injection attacks. 7