Recent CodeSOD

Code Snippet Of the Day (CodeSOD) features interesting and usually incorrect code snippets taken from actual production code in a commercial and/or open source software projects.

Feb 2023

Exhaustive Scheduling Options

by in CodeSOD on

A true confession: I absolutely cannot successfully edit a crontab file without spending a lot of time reading docs on what all the little date/time/interval flags mean. Partially, it's just that I don't do it very often, but mainly the information flies right out of my head once I've done it. I can absolutely understand why someone might want to write a little helper program to help themselves manage their crontab.

I just can't understand why they'd write this one, sent to us Beorn. We'll have to take this one in chunks, because it's 18,905 lines.


Terning Nulls into Values

by in CodeSOD on

A former co-worker of David S wanted to check for nulls, and apparently, they had just learned about the ternary operator, so they wanted to combine these actions. That, itself, isn't a WTF- using ternaries to coalesce nulls is a time-honored tradition and generally pretty effective.

Let's see how this Java developer approached it:


The Duff Code

by in CodeSOD on

As we frequently note, a staggering number of real-world software products start their lives as Access databases running from a shared folder somewhere. There are professional developers who end up maintaining these monstrosities.

Gregory has had the misfortune of being one of those developers. A client has a terribly performing Access database, and it happens to be the driver of their business: it generates insurance quotes for an insurance company.


Magic Strings Attached

by in CodeSOD on

Magic strings are as bad as magic numbers, if not worse. So when Tomasz found this block, it didn't seem so bad:

class OPERATION:
   TRANSACTION = 'conditioned_transaction'
   BOUNTY_CREATE = 'bounty_create'
   GUESS_PASSWORD = 'guess_password'

Unequal Code

by in CodeSOD on

Ryan's co-worker caught a high priority ticket- certain features of their dashboard app were crashing when anyone tried to access them. It didn't take long to figure out that there was a stack overflow, and that some recursive function was blowing out the stack.

It took a little longer to find the recursive function in their C# code base:


File Type Detection

by in CodeSOD on

Discerning the type of data stored in a file is frequently a challenge. We've come up with all sorts of ways to do it- like including magic bytes at the start of a file, using file extensions, appending MIME type information where possible, and frequently just hoping for the best. Ivan was working on a Python system that needed to handle XML data. Someone wanted to make sure that the XML data was actually XML, and not some other file format.

def is_xml(str):
    return str.startswith("<")

Userless User

by in CodeSOD on

Ben ran into some misbehaving C# code- handling users was not doing what it was supposed to do, and when "what it's supposed to do" is "prevent users from seeing content owned by other users without permission", that's a bad thing.

The code Ben found wasn't the cause of the bug, but it ended up wasting a bunch of his time as he tried to understand why it existed.


Comments, Documentation, and Nulls

by in CodeSOD on

Ah, the joy of comments. Good comments can illuminate complicated code, explain a programmer's reasoning, or even just do their best to absolve a burned out programmer of their sins. "Yes, it's bad, but it works."

Then there's this comment, sent to us by Mark B. This is from a configuration file format, "helpfully" explaining what the flag does.


Injectables are Fun

by in CodeSOD on

Today, Morpheus sends us a SQL injection vulnerability. But it's a peculiar version that only uses parameters. Let's start with the bit that looks normal:

    strStrBuilder.Append(" update sometable set ")
    strStrBuilder.Append(" SOMECOLUMN = :p_somevalue, ")
    strStrBuilder.Append(" rowuserid = :p_userid, ")
    strStrBuilder.Append(" rowtaskid = :p_taskid ")
    strStrBuilder.Append(" where id = :p_id")
    strSQL = strStrBuilder.ToString

An Exceptional Zero

by in CodeSOD on

One of the most powerful features of using exceptions for error handling is that they let you create your own exceptions, and thus accurately describe the family of exceptional situations your code could generate. On the flip side, some developers over-specialize, creating custom exceptions for every different place an out-of-range error could happen, for example.

Then there's the code Nasch was debugging recently. The previous developer found a different way to create unique exceptions for every place an error might occur.


Skip to the Loo

by in CodeSOD on

Way back when Microsoft added LINQ to .NET, the real selling point was lazy evaluation. You could do something like var x = someList.Skip(3).Where((x) => x > 3).Take(5) and nothing would actually happen until you attempted to interact with the value of x. This can be especially great when interacting with a database, avoiding the round-trip until you actually need the data, and then only fetching the data which fulfills your request. If you understand what's happening, this can be pretty great.

If you understand. Which brings us to Simon, who has inherited a "particularly bad" code base. This particular system is for tracking attendance, and the pool of individuals being tracked is rather large, so someone wanted to make sure that they were processed in batches of no more than 30. This is how they accomplished that.


Code Commenter and Error Handler

by in CodeSOD on

Visual Basic for Applications represents the core mistake of putting a full-featured programming environment on every desktop. That so much VBA code is bad is not remarkable- that any good code exists would be shocking.

We rarely cover VBA code, because most of it is written by a non-programmer who discovered they could solve real business problems in Microsoft Access. TRWTF is, in fact, how much of the world runs on an Access database stuffed into a network share somewhere. But there are organizations that hire developers and then shove them into writing VBA, which is what happened to Doug. This code comes from quite awhile ago.


Constantly Finding Magic

by in CodeSOD on

We constantly see developers finding… creative solutions to the requirement that they avoid magic numbers in their code. Refactoring to define a constant is just too hard, apparently.

Today, Maklemore sends us a short snippet that neatly solves the problem of magic numbers by making sure the number isn't a number, at least to start:


The DOM Checker

by in CodeSOD on

Dave does a little work on a website when the core developers are in over their heads on maintenance. Which is a thing that happens a lot.

Let's see if we can get a sense of why, starting with this little method here: