Recent CodeSOD

Code Snippet Of the Day (CodeSOD) features interesting and usually incorrect code snippets taken from actual production code in a commercial and/or open source software projects.

Nov 2016

Trimming the Fat

by in CodeSOD on

There are certain developers who don’t understand types. Frustrated, they fall back on the one data-type they understand- strings. Dates are hard, so put them in strings. Numbers aren’t hard, but they often exist in text boxes, so make them strings. Booleans? Well, we’ve come this far- strings it is.

Tyisha has the displeasure of working with one such developer, but with a twist- they didn’t really understand strings, either. Tyisha only supplied a small example:


Indentured

by in CodeSOD on

Speaking with developers, I’m always surprised to find a surprising percentage are surprised and baffled by the “Fluent API”. This object-oriented convention is based on the Builder Pattern, and involves call chaining to construct a configured object. So, for example, if you needed to configure a SystemHandler object to have a series of LinkHandler objects, you might have something like this:

    Handlers = SystemHandler.builder()
        .AddLinkHandler(…)
        .AddLinkHandler(…)
        .AddLinkHandler(…)
        .SetConfiguration(…)
        .ConfigureOtherParam(…)
        .build();

Classic WTF: Injection Proof'd

by in CodeSOD on
It's Thanksgiving, in the US. Be thankful you're not supporting this block of code. --Remy


“When a ‘customer’ of ours needs custom-developed software to suit their business requirements,” Kelly Adams writes, “they can either ‘buy’ the development services from the IT department, or go to an outside vendor. In the latter case, then we’re supposed to approve that the software meets corporate security guidelines.”

“Most of the time, our ‘approval’ is treated as a recommendation, and we end up having to install the application anyway. But recently, they actually listened to us and told the vendor to fix the ‘blatant SQL-injection vulnerabilities’ that we discovered. A few weeks later, when it came time for our second review, we noticed the following as their ‘fix’.”


The Rule of Ten

by in CodeSOD on

Florian’s office has a “rule of ten”. Well, they don’t, but one of Florian’s co-workers seems to think so. This co-worker has lots of thoughts. For example, they wrote this block, which is supposed to replace certain characters with some other characters.

sbyte sbCount = 0;
// set value of new field content to old value
sNewFieldContent = sFieldContent;
while (rFieldIdentifierRegex.Match(sNewFieldContent).Success) {

        // for security reasons
        if (++sbCount > 10)
                break;

        // get identifier and name
        string sActFieldSymbol = rFieldIdentifierRegex.Match(sNewFieldContent).Groups[1].Value;
        string sActFieldName = rFieldIdentifierRegex.Match(sNewFieldContent).Groups[2].Value;
        string sActFieldIdentifier = sActFieldSymbol + sActFieldName;

        // default value for unknown fields is an empty string
        string sValue = "";

        [... calculate actual replacement value ...]

        // replace value for placeholder in new field content
        sNewFieldContent = sNewFieldContent.Replace(sActFieldIdentifier, sValue);
}

Coldly Fused

by in CodeSOD on

In 1989, a pair of physicists claimed to have achieved the fusion of hydrogen at room temperatures. This came as quite a shock to other physicists, since fusion was only known to happen inside of stars. Within a few months, their claims were roundly rejected. Cold fusion became synonymous with junk science.

Fast forward to 1995. when a small company wanted to make its own set of generous claims about its web application framework. Allaire, Inc (eventually bought out by Macromedia, which itself was eaten by Adobe), claimed that its Cold Fusion could solve all your web development problems. All of your web development challenges could be solved through the judicious application of CFML.


Just In Case

by in CodeSOD on

Brandon’s company had a lot of work to do, and not enough staff to do it, so they hired on some freelancers. They were careful about it, and felt like they’d hired some good people. One developer, in particular, was the kind of developer who not only understands the low-level Windows API, but actually knows how to use some of the undocumented corners of it to get things done.

Most of the module was pretty good, but when Brandon double checked on the method for escaping disallowed characters from a URL, he found some problems.


Repeat Delete

by in CodeSOD on

Kneaded eraser

Once upon a time, a client contacted Trick R. and asked him to figure out why files were disappearing from their website.


A Type of Test

by in CodeSOD on

Unit tests are a wonderful tool for proving that your code works. Ideally, when you’re using other code, like say, the .NET Framework, you don’t write tests that test the framework itself. After all, didn’t Microsoft already do that?

David T’s co-worker laughs at your naïveté. Why would you trust Microsoft? You need to make sure the framework works as advertised. Which is why their unit tests are mostly made up of code like this:


Dollar Dollar Dollar Dollar Underscore

by in CodeSOD on

Dollar symbol

An Anonymous source sends us some Java code they found in source control, with really special variable naming conventions. I can only assume this came from a plucky startup hoping to attract venture capital.