Brian browsed the most recent check-in by the lead architect, and noticed that it referenced a file called TagFile.java, which didn’t actually exist. A quick search of source control showed that pretty much every project had its own version of this file. They were all basically identical, aside from the values in the static initializers: 

import java.util.*;
public class TagFile {
    public static String       dateTime="2012-06-12 14:21:19";
    public static String       simpleDate="2012/06/12";
    public static String       builder="user1234";    
    public static Hashtable    hash=new Hashtable();
    public static StringBuffer sb =new StringBuffer();
    
    //initialize static values
    static { 
            hash.put("User ","user1234");
            hash.put("Build Date","2012-06-12 14:21:19");
    }
    
    //SNIP: some property accessors
    
    public static void main(String args[]) {
        System.out.println(printHashtable());
        System.out.println(getDateTime());
        System.out.println(getBuilder());
    }
}

When their launcher script recieved a -version switch, it used TagFile as the main class, otherwise in launched the main class of the project. That was a crappy enough way to provide version information, but not a true WTF. The thing that made Brian’s brain break was when he looked at the build process.

In every project, there was a file called GenerateTagFile.java. It contained a main method, which invoked the descriptively named method doIt().

doIt() started by simply populating some local variables with date and user information. 

SimpleDateFormat dateFormatter = new SimpleDateFormat("yyyy/MM/dd");
   simpleDate = dateFormatter.format(new Date());
   SimpleDateFormat dateForm = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
   dateTime = dateForm.format(new Date());
   ht.put("Build Date",dateTime);
   builder = System.getProperty("user.name");
   ht.put("User ",builder);

And then, oh then, it did this: 

StringBuffer sb = new StringBuffer();

   sb.append("importjava.util.*;\n\n");

   sb.append("public class TagFile {\n");
   sb.append("\tpublic static String       dateTime=\""+dateTime+"\";\n");
   sb.append("\tpublic static String       simpleDate=\""+simpleDate+"\";\n");
   sb.append("\tpublic static String       builder=\""+builder+"\";\n");
   sb.append("\tpublic static Hashtable    hash=new Hashtable();\n");
   sb.append("\tpublic static StringBuffer sb =new StringBuffer();\n\n");
   //skip over property accessors, etc.
   
   sb.append("\tpublic static void main(String args[]) {\n");
   sb.append("\t\tSystem.out.println(printHashTable());\n");
   sb.append("\t\tSystem.out.println(getDateTime());\n");
   sb.append("\t\tSystem.out.println(getBuilder());\n");
   sb.append("\t}\n\n");

    //skip a bit more
  System.out.println(sb);

The build script first compiled GenerateTagFile.java, executed it, and piped the results to TagFile.java. Then it compiled TagFile.java, along with the rest of their code.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!