12 Guidance in legacy code

This chapter covers

How to deal with ambiguous parameters
Security issues caused by logging
How DRY is about ideas, rather than text
Absence of negative tests as a warning sign
Introducing domain primitives in legacy code

Once you’ve grokked the fundamentals of the secure by design approach, you can start applying the concepts when writing code. This is usually easier when you’re doing greenfield development, but you’ll most likely spend a lot of time working on legacy codebases—codebases that weren’t created with a secure by design mindset. When working on such codebases, it can be difficult to know how to apply the concepts you’ve learned in this book and where to start.

In this chapter, you’ll learn how to identify some problems and pitfalls that we’ve found are common in legacy codebases. Some of them are easy to spot, and others are more subtle. We also provide you with tips and advice on how to rectify them. Some issues require more effort than others, so you need to choose your approach based on your situation. Hopefully this chapter will provide you with enough guidance to make that choice easier.

12.1 Determining where to apply domain primitives in legacy code

12.2 Ambiguous parameter lists

12.2.1 The direct approach

12.2.2 The discovery approach

12.2.3 The new API approach

12.3 Logging unchecked strings

12.3.1 Identifying logging of unchecked strings

12.3.2 Identifying implicit data leakage

12.4 Defensive code constructs

12.4.1 Code that doesn’t trust itself

12.4.2 Contracts and domain primitives to the rescue

12.4.3 Overlenient use of Optional

12.5 DRY misapplied—not focusing on ideas, but on text

12.5.1 A false positive that shouldn’t be DRY’d away

12.5.2 The problem of collecting repeated pieces of code

12.5.3 The good DRY

12.5.4 A false negative

12.6 Insufficient validation in domain types

12.7 Only testing the good enough

12.8 Partial domain primitives

No double money

Summary