Article 3AG06 CodeSOD: ALM Tools Could Fix This

CodeSOD: ALM Tools Could Fix This

by
Remy Porter
from The Daily WTF on (#3AG06)

I'm old enough that, when I got into IT, we just called our organizational techniques "software engineering". It drifted into "project management", then the "software development life-cycle", and lately "application life-cycle management (ALM)".

No matter what you call it, you apply these techniques so that you can at least attempt to release software that meets the requirements and is reasonably free from defects.

Within the software development space, there are families of tools and software that we can use to implement some sort of ALM process" like "Harry Peckherd"'s Application Life-Cycle Management suite. By using their tool, you can release software that meets the requirements and is free from defects, right?

Well, Brendan recently attempted to upgrade their suite from 12.01 to 12.53, and it blew up with a JDBC error: [Mercury][SQLServer JDBC Driver][SQLServer]Cannot find the object "T_DBMS_SQL_BIND_VARIABLE" because it does not exist or you do not have permissions. He picked through the code that it was running, and found this blob of SQL:

DROP TABLE [t_dbms_sql_bind_variable]DECLARE @sql AS VARCHAR(4000)beginSET @sql = ''SELECT @sql = @sql + 'DROP FULLTEXT INDEX ON T_DBMS_SQL_BIND_VARIABLE'FROM sys.fulltext_indexesWHERE object_id = object_id('T_DBMS_SQL_BIND_VARIABLE')GROUP BY object_idif @sql'' exec (@sql)endALTER TABLE [T_DBMS_SQL_BIND_VARIABLE] DROP CONSTRAINT [FK_t_dbms_sql_bind_variable_t_dbms_sql_cursor]

The upgrade script drops a table, drops the associated indexes on it, and then attempts to alter the table it just dropped. This is a real thing, released as part of software quality tools, by a major vendor in the space. They shipped this.

release50.png[Advertisement] Release!is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped! TheDailyWtf?d=yIl2AUoC8zAFwrJq_OQolo
External Content
Source RSS or Atom Feed
Feed Location http://syndication.thedailywtf.com/TheDailyWtf
Feed Title The Daily WTF
Feed Link http://thedailywtf.com/
Reply 0 comments