logo

Database

Need

Enforcement of proper encapsulation in coding practices

Context

• Usage of Swift 5.0 for iOS app development

Description

1. Non compliant code

public class User {
    public var id: Int
    public var name: String
    public var email: String
    
    init(id: Int, name: String, email: String) {
        self.id = id
        self.email = email...

In the above Swift code, we have a `User` class with three fields: `id`, `name`, and `email`. All the fields are defined as `public`. This is a violation of the encapsulation principle in object-oriented programming. Encapsulation is one of the four fundamental OOP concepts. The other three are inheritance, polymorphism, and abstraction. Encapsulation is used to hide the values or state of a structured data object inside a class, preventing unauthorized parties' direct access to them. However, in the above code, by declaring the fields as `public`, we are allowing direct access to them. This can lead to inappropriate modification of the data, which can potentially lead to data inconsistency and bugs that are hard to detect. In Swift, the `public` access level enables entities to be used within any source file from their defining module, and also in a source file from another module that imports the defining module. This means that any part of the code can directly modify the fields `id`, `name`, and `email` of the `User` class, which is not a recommended practice.

2. Steps

• Step 1: Change the access modifiers of the fields in the User class from public to private.

• Step 2: Create getter and setter methods for the fields to provide controlled access to them.

• Step 3: Update the code that uses the User class to access the fields through the getter and setter methods instead of directly.

3. Secure code example

public class User {
    private var id: Int
    private var name: String
    private var email: String
    
    init(id: Int, name: String, email: String) {
        self.id = id
        self.email = email...

The above code fixes the vulnerability by changing the access modifiers of the fields in the User class from public to private. This respects the encapsulation principle by preventing direct access to the fields. Getter and setter methods are created for each field to provide controlled access to them. The getter methods return the value of the respective field, while the setter methods set the value of the respective field. The `getId()`, `getName()`, and `getEmail()` methods are used to get the values of the `id`, `name`, and `email` fields respectively. The `setId(id: Int)`, `setName(name: String)`, and `setEmail(email: String)` methods are used to set the values of the `id`, `name`, and `email` fields respectively. Any code that uses the User class should now access the fields through these getter and setter methods instead of accessing the fields directly. This ensures that the fields are accessed and modified in a controlled manner, which helps to maintain the integrity of the data.