• some guy (unregistered)

    /frist/ User-supplied regex and eval of user input. What could possibly go wrong.

  • (nodebb)

    While management hashes that out,

    I would suggest that they should "hache" it out. Er. "hache" (fr) == "axe" (en), so I'm suggesting they should use an axe to cut off all eleven of the contractor's fingers so as to stop him producing more code.

    Eleven? Sure, five on each hand (counting thumbs as fingers) plus the weird lumpy one that sticks up from between his shoulders. Some people call it a "head"...

  • (nodebb)

    TRWTF: "For legacy reasons, ..."

  • Raja Hejamadi (unregistered)

    Looks like they just copied one of the solutions from StackOverflow here (https://stackoverflow.com/questions/17250815/how-to-check-if-the-input-string-is-a-valid-regular-expression).. including the variable names and line breaks are exact copy.

  • Hanzito (unregistered) in reply to Raja Hejamadi

    Time to update Ambrose Bierce's Devil's Dictionary:

    contractor (n; -s): Person who looks up problems on stackoverflow and copies a low scoring solution.

  • Richard Brantley (unregistered)

    "Here, we use string interpolation to generate some JavaScript code."

    Yea, I'm gonna stop ya right there. Not only should it have been kicked back to the contractor, the contractor should have re-done it properly for free.

  • Dave (unregistered)

    The contractor's response is TRWTF. If you can get away with pretending to work, that's one thing, but when you're caught pretending to work it's best not to tell the client that you've been charging them for nothing.

  • Sole Purpose Of Visit (unregistered) in reply to Dave

    Strictly speaking, it's not nothing. ("It's not even wrong.") TRWTF is the way contractors are traditionally handled by management.

    The obvious way to deal with a redevelopment at this granular level is to produce a set of tests and ensure that the solution passes them. I think you only need three tests here: a correct regexp without the slashes, a correct regexp without the slashes, and an incorrect regexp with the slashes.

    Now, you could get internal staff to write up the tests (usually best, since they're the domain experts), or you could get the contractor to write them up. But without tests, you've effectively handed the contractor a blank check. (The check in the OP is particularly blank ...)

    Nobody ever does this, of course. Even the guys to whom I contract don't do it. But then, in my case, the contract is fairly long-term, and they're fine with 90% of my work being correct first time and the other 10% needing rework -- so it all balances out. OTOH if you reverse the percentages and 90% of the work is incorrect ... time to terminate the contract.

  • (nodebb) in reply to Raja Hejamadi

    Or Remy made up a story based on his reading a post on Stack Overflow.

  • (nodebb) in reply to TheGreatLobachevsky

    That seems entirely plausible X-D

    Off-topic: Love your username. Have you heard Tom Lehrer's comedy song "Lobachevsky" about the mathematician?

  • (nodebb) in reply to Steve_The_Cynic
    Eleven? Sure, five on each hand (counting thumbs as fingers) plus the weird lumpy one that sticks up from between his shoulders. Some people call it a "head"...

    I thought you were going to go with a different "head", to be extra certain to stop him from producing more code.

  • Stuart (unregistered) in reply to Sole Purpose Of Visit

    You think that having a correct regexp without the slashes is such an important test, you put it in there twice?

    I mean, you're not wrong.

  • xtal256 (unregistered) in reply to Raja Hejamadi

    It could actually be the other way around, that the contractor (or someone else who saw the code) posted it as an answer on StackOverflow. The date is quite recent (2020) compared to the others (2013). The StackOverflow post even mentions that code injection is possible.

  • Your Name (unregistered)

    Why the ever loving F would you even "outsource" a max. 2 minute job? It takes more time and budget to set up all the bureaucracy around that.

  • Ralf (unregistered)
    Comment held for moderation.
  • rctrip (unregistered)
    Comment held for moderation.

Leave a comment on “Evaluating Regexes”

Log In or post as a guest

Replying to comment #:

« Return to Article