CodeSOD: Utter Filth
by Remy Porter from The Daily WTF on (#120AB)
Terrell inherited some database stored procedures. Like all good, Enterprisey stored procedures, it was written in PL/SQL. Unlike most Enterprisey procedures, it had a clear purpose: to clean your dirty inputs.
The actual problem: based on user input, the PL/SQL code needed to write a temporary file to the filesystem. Since user input is full of filthy, illicit characters, this procedure needs to clean them up.
PROCEDURE p_clean_name ( p_file_name IN VARCHAR2, p_file_name_end OUT VARCHAR2 )----------------------------------------------------------------------------------------------------- Purpose: Clean the file name removing all dirty characters---------------------------------------------------------------------------------------------------- IS l_function_name VARCHAR2 (64) := 'p_clean_name'; BEGIN p_file_name_end := REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (REPLACE (TRIM (p_file_name ), '/', '_' ), '*', '_' ), '%', '_' ), 'i^1', '_' ), 'i^2', '_' ), 'i', '_' ), 'i', '_' ), 'i^1', '_' ), 'i', '_' ), 'i(C)', '_' ), '', '_' ), '$', '_' ), '', '_' ), '&', '_' ), '?', '_' ), '', '_' ), '^', '_' ), '(', '_' ), ')', '_' ), '\', '_' ), '#', '_' ), '+', '_' ), '[', '_' ), ']', '_' ), ';', '_' ), ':', '_' ), '@', '_' ), 'i', '_' ), '<', '_' ), '>', '_' ), '.', '_' ), ' ', '_' ); EXCEPTION WHEN OTHERS THEN p_handle_log ('X', SQLCODE ||'-'|| SQLERRM || '- ' || DBMS_UTILITY.format_error_backtrace(), l_function_name, null, null ); END;Well, something is dirty in here.
[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!