Article 60FD0 CodeSOD: Classic WTF: Pure Eval

CodeSOD: Classic WTF: Pure Eval

by
Remy Porter
from The Daily WTF on (#60FD0)
We close out our week with something evil. Someting... eval. Original. --Remy

When Jeff saw a line like this one, he knew there was something terribly wrong in the code he had inherited.

eval(Application("buildCommon").toString());

He wasn't sure what was more troubling- the way the Application variable was being used, or the fact that C#, as a compiled language, doesn't have an eval statement.

A brief trip to the Googles informed him that yes, some people did in fact wrap eval around the compiler. There were a depressing number of samples demonstrating how it could be done. Someplace, buried in his codebase, there was a function much like that.

Which was bad, but what was worse was how every other function in the application was built and maintained. By storing all of their class definitions as strings and compiling them at runtime, they could have an application that was more "flexible".

Application("commonFunctions") = openConnObj.toString() + "\xFF" + /***snip about 100 functions***/ closeConnObj.toString();Application("buildCommon") = "if (typeof(openConnObj) == 'undefined') {"+ "a = Application('commonFunctions').split('\xff');"+ "for (var nCnt = 0;nCnt < a.length;nCnt++)eval(a[nCnt]);};"; 

otter-icon.png [Advertisement] Otter - Provision your servers automatically without ever needing to log-in to a command prompt. Get started today! TheDailyWtf?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://syndication.thedailywtf.com/TheDailyWtf
Feed Title The Daily WTF
Feed Link http://thedailywtf.com/
Reply 0 comments