Consider Adding Security Comments to Code
At numerous security code reviews, code owners have responded with blank looks and puzzled comments when I ve asked questions such as, Why was that security decision made? and What assertions do you make about the data at this point? Based on this, it has become obvious that you need to add comments to security-sensitive portions of code. The following is a simple example. Of course, you can use your own style, as long as you are consistent:
// SECURITY! // The following assumes that the user input, in szParam, // has already been parsed and verified by the calling function. HFILE hFile = CreateFile(szParam, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hFile != INVALID_HANDLE_VALUE) { // Work on file. }
This little comment really helps people realize what security decisions and assertions were made at the time the code was written.