Prompt
Security-sensitive code should fail fast with explicit validation of inputs and security parameters. That means: (1) validate structure/format (e.g., exact length, allowed characters), (2) validate ranges per component (e.g., IPv4 octets must be 0–255), (3) validate logical invariants the algorithm assumes (e.g., arrival time ≤ deadline), and (4) in cryptography, clearly distinguish public parameters from secret material and ensure computations use the correct one (don’t derive a peer’s values from the wrong party’s parameter set or mistakenly treat a public parameter as secret).
Example pattern:
def ip_to_decimal(ip_address: str) -> int:
parts = ip_address.split(".")
if len(parts) != 4:
raise ValueError("Invalid IPv4 address format")
octets = []
for part in parts:
if not part.isdigit():
raise ValueError("Invalid IPv4 address: non-numeric octet")
n = int(part)
if not (0 <= n <= 255):
raise ValueError("Invalid IPv4 address: octet out of range")
octets.append(n)
decimal_ip = 0
for n in octets:
decimal_ip = (decimal_ip << 8) + n
return decimal_ip
Crypto-specific checklist:
- Document which parameters are public (e.g., agreed group prime/generator) vs private (e.g., ephemeral key).
- Ensure each party derives its secrets/values only from its own private material and uses the other side’s values only as public inputs.
- Enforce minimum security sizes (e.g., key sizes) and reject unsupported configurations early.