CodeSOD: Strongly Bad Emails

If you want to send emails from a Java program, you might be tempted to use the javax.mail package, which contains objects for doing exactly that. It's a relatively straightforward API, and while it's a bit verbose, that's hardly unusual for Java. You just wrap it up in a convenience function based on how you need to call it, and reuse that, right?

Well, PHP, an obviously superior language, already did that work. There's a built-in mail function, which sends emails. It uses your php.ini file to figure out what SMTP service to use, making the parameters to the function more "obvious".

Chris had a co-worker that really loved the" elegance" of PHP's solution to this problem, and thus, when they needed to send emails from Java, they did it this way:

public static void sendEmail(String log, String status) throws Exception { String host = "altered.host"; //run wget String url = "http://" +host +"/atcoEmail.php?subject=TIS REPORT - " + status + "&body=" + log; String newUrl = url.replace(" ", "~"); System.out.println(newUrl); Runtime.getRuntime().exec("wget -O - ".concat(newUrl).concat("> /dev/null 2>&1"));}

And don't worry about security, this program was being run as root. What could go wrong?

[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!