URIs (URL & path) should not be hardcoded for testability purpose

26 July 2021
Posted by Michael MULLER
Programming Best Practices
SOFTWARE RESILIENCY
BEST PRACTICES

Why you should care

Hard coding a URI makes it difficult to test a program: path literals are not always portable across operating systems, a given absolute path may not exist on a specific test environment, a specified Internet URL may not be available when executing the tests, production environment filesystems usually differ from the development environment, …etc. For all those reasons, a URI should never be hard coded. Instead, it should be replaced by customizable parameter.

Further even if the elements of a URI are obtained dynamically, portability can still be limited if the path-delimiters are hard-coded.

This code insight triggers only when URL or path delimiters are hard coded. URL security aspect is checked through Cloud Maturity patterns.

How we detect

CAST Highlight counts one occurrence each time an URL or a path is hardcoded.

Bad Code 

public class Foo {
    public func listUsers() -> [User] {
        var users:[User]
        let location = "/home/mylogin/Dev/users.txt"     // Non-Compliant
        let fileContent = NSString(contentsOfFile: location, encoding: NSUTF8StringEncoding, error: nil)
        users = parse(fileContent!)
        return users
    }
}
let url = URL(string: "https://www.apple.com")    // Non-Compliant

Good Code 

public class Foo {
    // Configuration is a class that returns customizable properties: it can be mocked to be injected during tests.
    private var config:Configuration
    public init(myConfig:Configuration) {
        config = myConfig
    }
    public func listUsers() -> [User] {
        var users:[User]
        // Find here the way to get the correct folder, in this case using the Configuration object
        let location = config.getProperty("myApplication.listingFile")
        // and use this parameter instead of the hard coded path
        let fileContent = NSString(contentsOfFile: location, encoding: NSUTF8StringEncoding, error: nil)
        users = parse(fileContent!)
        return users
    }
}

References

https://wiki.sei.cmu.edu/confluence/pages/tinyurl.action?urlIdentifier=qQCHAQ
https://rules.sonarsource.com/swift/RSPEC-1075
5362

About CAST and Highlight’s Code Insights

Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.

SEE FEATURES
HOW IT WORKS
Copyright © 2024 CAST All Rights Reserved