DEV Community

Cover image for Code Smell 261 - DigiCert Underscores
Maxi Contieri
Maxi Contieri

Posted on • Originally published at maximilianocontieri.com

Code Smell 261 - DigiCert Underscores

#webdev #programming #security #strings

Don't forget to check strings with special characters like underscores

TL;DR: Underscore and special characters can lead to validation errors

Problems

  • Incomplete Validation
  • Security Risks
  • Missed Tests
  • Incorrect Setup
  • System Inconsistency
  • Breaking changes with legacy data

Solutions

  1. Use consistent prefix
  2. Implement strict validation
  3. Check system outputs
  4. Create migration tests
  5. Test with legacy data

Context

In digital certificate validation, ensuring domain control is critical.

An incomplete validation and potential security issues.

DigiCert recently encountered such a problem, where they missed adding an underscore prefix.

This resulted in certificates being issued without proper validation and a cascade of broken sites with few advancement notices.

Sample Code

Wrong 

// Incorrect random value without underscore
let random_value = format!("{}", generate_random_value());
setup_dns_record(
  &format!("_{}.example.com", random_value),
  "dcv.digicert.com");
Enter fullscreen mode Exit fullscreen mode

Right 

// Correct random value with underscore
let random_value = format!("_{}", generate_random_value());
setup_dns_record(&random_value, "dcv.digicert.com");
Enter fullscreen mode Exit fullscreen mode

Detection

[X] Manual

You can detect this smell by reviewing the validation process and checking if all required prefixes are consistently applied.

You should also store historical data and check the new rules applied to them.

Tags

  • Security

Level

[X] Advanced

AI Generation

AI-generated code might miss adding specific prefixes unless explicitly instructed.

This can lead to security risks if the generated code is not thoroughly reviewed.

AI Detection

With proper examples and instructions, AI tools can be trained to detect missing prefixes in generated or existing code.

Conclusion

Skipping an essential part of the validation process, like an underscore prefix, can lead to significant issues.

Ensuring such steps are consistently applied and reviewed is crucial for maintaining system integrity and security.

Relations

mcsee

Code Smell 189 - Not Sanitized Input

Maxi Contieri ・ Dec 28 '22

#webdev #beginners #programming #security

More Info

Revocation Incident

DigiCert revocation

Domain Validation Bug

Disclaimer

Code Smells are my opinion.

Credits

Photo by Markus Spiske on Unsplash

Security is a process, not a product

Bruce Schneier

mcsee

Software Engineering Great Quotes

Maxi Contieri ・ Dec 28 '20

#codenewbie #programming #quotes #software

This article is part of the CodeSmell Series.

mcsee

How to Find the Stinky parts of your Code

Maxi Contieri ・ May 21 '21

#codenewbie #tutorial #codequality #beginners

Top comments (0)

Read next

keploy profile image

SOAP vs REST API: Understanding the Differences

keploy -

apurvupadhyay profile image

Qwen2.5 Coder — The Future of Local Code Generation! 🎉

Apurv Upadhyay -

dotnetfullstackdev profile image

Parallel and asynchronous programming are not the same in .NET. Do you think so?

DotNet Full Stack Dev -

stroiman profile image

Go-DOM - 1st major milestone

Peter Strøiman -