CodeSOD: Coldly Fused

In 1989, a pair of physicists claimed to have achieved the fusion of hydrogen at room temperatures. This came as quite a shock to other physicists, since fusion was only known to happen inside of stars. Within a few months, their claims were roundly rejected. Cold fusion became synonymous with junk science.

Fast forward to 1995. when a small company wanted to make its own set of generous claims about its web application framework. Allaire, Inc (eventually bought out by Macromedia, which itself was eaten by Adobe), claimed that its Cold Fusion could solve all your web development problems. All of your web development challenges could be solved through the judicious application of CFML.

Fast forward to today, where I'm surprised to learn that ColdFusion is still in active development. Brian recently had the pleasure of attempting to install it. First, he was annoyed at just the install size- 1.2GB for a web runtime and its assorted libraries. Then" the install failed. Brian poked around in the installer and found the following shell script:

DISTRO_NAME=GUEST_OS_NAME=if [ -f /etc/issue ] ; then DISTRO_NAME=`cat /etc/issue`fiif [ ! -z "$DISTRO_NAME" ] ; then if [ ! -z "$(echo $DISTRO_NAME | awk '/Ubuntu/')" ] ; then jre_success=`exec "$actvm" 2>&1` case "$jre_success" in *No*such*file*or*directory*|*install*bin*|*cannot*execute*binary*file* ) echo "JRE libraries are missing or not compatible...." echo "Exiting...." ;; *) exec "$actvm" $options $lax_nl_java_launcher_main_class "$propfname" "$envPropertiesFile" $cmdLineArgs ;; esac elif [ ! -z "$(echo $DISTRO_NAME | awk '/CentOS/')" ] ; then jre_success=`exec "$actvm" 2>&1` case "$jre_success" in *No*such*file*or*directory*|*install*bin*|*cannot*execute*binary*file* ) echo "JRE libraries are missing or not compatible...." echo "Exiting...." ;; *) exec "$actvm" $options $lax_nl_java_launcher_main_class "$propfname" "$envPropertiesFile" $cmdLineArgs ;; esac elif [ ! -z "$(echo $DISTRO_NAME | awk '/SUSE/')" ] ; then jre_success=`exec "$actvm" 2>&1` case "$jre_success" in *No*such*file*or*directory*|*install*bin*|*cannot*execute*binary*file* ) echo "JRE libraries are missing or not compatible...." echo "Exiting...." ;; *) exec "$actvm" $options $lax_nl_java_launcher_main_class "$propfname" "$envPropertiesFile" $cmdLineArgs ;; esac

There are a few issues here. First, while /etc/issue is a file that you can reasonably expect a modern Linux system to have, there is no guarantee that it is there, or that its contents will include the identifier of the system distribution. If there isn't one, the installer makes no attempt to fail over to a different file (like /etc/system-release, which while also not guaranteed, is probably more accurate), or even uname. But that's all minor details.

Regardless of what it finds in the /etc/issue file, it executes the exact same command anyway, raising the question of why it even checked in the first place.

[Advertisement] Incrementally adopt DevOps best practices with BuildMaster, ProGet and Otter, creating a robust, secure, scalable, and reliable DevOps toolchain.