C#: What's wrong with this code #5
[Update: I messed up some code. Corrected version now]
Greeting from the frigid city of Redmond. Keep in mind, of course, that in the Puget Sound region, "frigid" is any temperature below freezing.
Thanks for all the feedback on previous bad code examples. I've created a new category for these posts, so you can avoid my other posts if you wish.
This snippet is a routine that is used for web debugging.
enum ResponseType { ReturnValues, InvalidInput }
string CreateWebText(string userInput, ResponseType operation) {
switch (operation) {
case ResponseType.ReturnValues:
userInput = "<h1>Values</h1>" + FilterOutBadStuff(userInput);
break;
case ResponseType.InvalidInput:
userInput = "<h1>Invalid</h1>" + FilterOutBadStuff(userInput);
break;
}
return userInput;
}
What's wrong with this code?
Hint: There are both obvious and subtle issues lurking...
Comments
- Anonymous
January 04, 2005
Two things I can see off the bat. The first is that you have a parameter and a local variable named "userInput". That won't compile.
The second is that you don't have a default statement in your switch, which goes along with the fact that you don't check for values passed outside of the values in the ResponseType enumeration.
Also, you could trim down the code a little, since it seems like you have repetitive code in your switch, but that's not necessarily wrong, just sloppy. - Anonymous
January 04, 2005
Obvious:
No default in ResponseType, if someone adds a new value that switch will not filter out bad stuff.
There's a parameter of ReturnValues and a variable within function scope of the same name. - Anonymous
January 04, 2005
The comment has been removed - Anonymous
January 04, 2005
The comment has been removed - Anonymous
January 04, 2005
The comment has been removed - Anonymous
January 04, 2005
The comment has been removed - Anonymous
January 04, 2005
- Since the method is returning the result it'd be a "bad" taste to modify the parameter userInput, So it's better to declare a local variable with a different name instead.
2. Both parameters could be null's, so the check for null's must be added to avoid exception.
- Anonymous
January 04, 2005
The comment has been removed - Anonymous
January 04, 2005
Another possible problem that I recall from Code Complete is that an input parameter is being modified by the method. Correct me if I'm wrong but that's also a no-no.
Maintainers of this code have to know that the parameter may not always be what it was at the beginning of the call. I think the caller of the CreateWebText() method may also be surprised that the first parameter it passed in has changed after the method call. - Anonymous
January 04, 2005
What happens when you pass this:
ResponseType.ReturnValues & ResponseType.InvalidInput
? - Anonymous
January 04, 2005
The comment has been removed - Anonymous
January 04, 2005
What's wrong:
- the enumeration type has two values.. CreateWebText does the same for both values so it could be optimized to:
switch (operation) {
...case ResponseType.ReturnValues:
...case ResponseType.InvalidInput:
......userInput = "<h1>Values</h1>" + FilterOutBadStuff(userInput);
......break;
}
- no default so you don't have errorhandling.. but this is not necessarily a bad thing. If you would expand the enumeration type then it could be that "default" would just be to not Filterout stuff :-) so no need for a default. If this is the behaviour that it should do then I always do the following. Never checked to see if the compiler would optimize it away anyway because it will probably do.
switch (operation) {
...case ResponseType.ReturnValues:
...case ResponseType.InvalidInput:
......userInput = "<h1>Values</h1>" + FilterOutBadStuff(userInput);
......break;
...//default: // Not needed
}
or
switch (operation) {
...case ResponseType.ReturnValues:
...case ResponseType.InvalidInput:
......return "<h1>Values</h1>" + FilterOutBadStuff(userInput);
......break;
...default:
......return userInput;
}
- No check for null in the userInput parameter.. But this will probably be done in FilterOutBadStuff right ;-)
- I think that operation isn't a keyword so it will probably compile just fine. - Anonymous
January 04, 2005
Presumably all the comments about having a variable with the same name as the parameter were based on the previous, incorrect version of the code.
The problem I see (and others have pointed out too) is that if operation is neither of the two allowable values (which is perfectly possible, enums aren't constrained to their defined values, sadly) then FilterOutBadStuff never gets called and userInput gets returned unmodified. This of course means that (a) there's no error message and (b) you're vulnerable to whatever kind of attacks FilterOutBadStuff is designed to protect against.
I can't see any other issues though, and I'm not sure which if any of these are supposed to be the "obvious" vs "subtle" ones. - Anonymous
January 04, 2005
The comment has been removed - Anonymous
January 04, 2005
Matt B, good point that if the programmer intended to change the input value it would not have been successful. It never occurred to me that the programmer might have wanted to do that, it's an evil thing to want to do.
Of course, if they did want to, the fix is to change the method signature to:
string CreateWebText(ref string userInput, ResponseType operation) { ... }
And then call it with something like:
string inp = myTextBox.Text;
string result = CreateWebText(ref inp, operation);
But why would you want to modify the input parameter and also return the same value? - Anonymous
January 04, 2005
Like most people noted, you're not validating the enum input or adding a default branch in the switch(). That could cause an interesting problem if the code is called like this:
int invalidEnum = 9999;
someLiteralControl.Text = CreateWebText("<script>alert('Gotcha!');</script>", invalidEnum);
Because the input string was never processed, it returns directly to the calling code, which apparently dumps the html returned by it. - Anonymous
January 04, 2005
First off, you're violating standard ASP.NET design principles by generating raw HTML that (it seems) will just be blasted to the page. This leaves open the problem that if FilterOutBadStuff() only decides to remove certain things but leaves, say, less-than characters in the string then you'll end up with a very malformed HTML document.
Don't generate raw HTML. Use a Label and set its .Text property. - Anonymous
January 04, 2005
The comment has been removed - Anonymous
January 04, 2005
The very premise that you can even write a function "FilterOutBadStuff()" is incorrect. No matter how carefully that function is written, it is possible that a new "cross site scripting style" vulnerability could come along that could slip through its fingers. Never echo back known bad input into a web page. - Anonymous
January 04, 2005
David Smith: the version of code I saw in fact did not compile, then Eric changed it. It used to have a "string userInput;" at the top of the function but it's since been removed.
I was wrong about why it wouldn't compile (I said because it wasn't initialized, but it's really because of duplicate scope), but I was right that it wouldn't compile.
Other than that, I think everyone else has done a good job pointing things out. :) - Anonymous
January 04, 2005
Adam: I was looking at the same code you were. All I was pointing out was that it would compile despite the lack of initialization. (Not because of the redeclaration of a variable) We're all on the same page. :-)
I think we've milked this "What's wrong with this code?" for all it's worth.
P.S. To Eric: If you're going to post "What's wrong with this code?"s and then actually change the original post, you may want to keep the changed code in, but just commented out. =) - Anonymous
January 04, 2005
Interesting, then that's something new in VS2k5 because it didn't compile on 2k3 (I get "a variable already in this scope..." error when I compile it). - Anonymous
January 04, 2005
I'm amazed at the number of posters stating that changing userInput would change the passed in parameter. Maybe it's related to the lack of pointers in C# and similar languages, where the border between a reference and a real copy of the data is more fuzzy.
I know what lengths I've gone into to explain to programming classes (and my own peers before that) why
void squareme(int x)
{
x *= x;
}
won't do a thing except eating cycles to the calling code. That's the whole point of a stack, right?
BTW, those of you discussing &ing of enums probably mean |. The missing default statement is all too true, and I also agree that the FilterOutBadStuff function call could be factored out. The questioning of the whole design with returning HTML is of course sensible, as well.
I guess all has already been mentioned by others and that I am just ranting about reading the post too late. - Anonymous
January 04, 2005
I'm amazed at the number of posters stating that changing userInput would change the passed in parameter. Maybe it's related to the lack of pointers in C# and similar languages, where the border between a reference and a real copy of the data is more fuzzy.
I know what lengths I've gone into to explain to programming classes (and my own peers before that) why
void squareme(int x)
{
x *= x;
}
won't do a thing except eating cycles to the calling code. That's the whole point of a stack, right?
BTW, those of you discussing &ing of enums probably mean |. The missing default statement is all too true, and I also agree that the FilterOutBadStuff function call could be factored out. The questioning of the whole design with returning HTML is of course sensible, as well.
I guess all has already been mentioned by others and that I am just ranting about reading the post too late. - Anonymous
January 04, 2005
The comment has been removed - Anonymous
January 04, 2005
The comment has been removed - Anonymous
January 04, 2005
The comment has been removed - Anonymous
January 04, 2005
The comment has been removed - Anonymous
January 04, 2005
You should be filtering in the good, not filtering out the bad (assuming the environment you're using doesn't have this ability already, which it may do). - Anonymous
January 04, 2005
a) Always define None = 0 (aka Default, unassigned) default value for enum.
This will allow you to track out usage of unassigned variables. By default all int are initialised to 0 - in your situation it will be ReturnValues :-(
If this realy matter for your enum to be only legal values (for example if you do reflection to show dropdown boxes) - start with number 1:
enum ResponseType {
ReturnValues = 1,
InvalidInput
}
b) Probably this is not good example - but if "routine that is used for web debugging." - then instead of switch you were able to do
string CreateWebText(string userInput, ResponseType operation) {
return String.Format("<h1>{0}</h1>{1}",operation, FilterOutBadStuff(userInput));
}
This way you do not need to maintain list of all enum values in multiple separate places and your debug routine will work correctly - not fail (as proposed by others to add "default:").
As well you will see integer values for all incorrect method calls (very often it's a valuable for diagnostic information).
Hope this helps ;-) - Anonymous
January 05, 2005
The comment has been removed - Anonymous
January 06, 2005
The comment has been removed - Anonymous
January 06, 2005
I was reading a debug log this morning, and it occurred to me the really subtle problem is here.
The purpose of a debug capability is to see the bad stuff, not to filter it out. You need an API to SafelyFormatBadStuff(), not FilterOutBadStuff(). - Anonymous
January 07, 2005
友情链接: 前列腺炎http://qlxsos.51.net 前列腺炎http://ppp001.51.net 前列腺炎http://www.qlxsos.com/ - Anonymous
January 22, 2005
http://www.actrip.com/ http://www.artmtm.com/ http://www.huojiawang.com http://www.hxairlines.com http://www.hxairlines.com/fjp.htm http://www.hxairlines.com/tjjp.htm http://www.hxairlines.com/dzjp.htm http://www.hxairlines.com/international.htm http://www.houseso.cn/ http://www.kedacom.com http://www.tran4u.com http://google10.freewebpage.org/ http://www.bjshidai.com http://www.81995487.com http://www.raise-win.com http://www.bjxhjy.net http://www.ygyc.com.cn http://yh1123.51.net/ http://www.98896.com/ http://www.98896.com/new.asp http://www.98896.com/commend.asp http://www.ultraguest.com/?id=1106399117 http://www.listenworld.net/music/hudie.htm http://www.listenworld.net/music/laoshudami.htm - Anonymous
January 30, 2005
http://www.safetytech.cn">http://www.safetytech.cn
http://www.safetytech.cn">http://www.safetytech.cn/dcfs.asp
http://www.zcfounder.com">http://www.zcfounder.com/yinxiebing">http://www.zcfounder.com">http://www.zcfounder.com/yinxiebing
http://www.zcfounder.com">http://www.zcfounder.com/piyan">http://www.zcfounder.com">http://www.zcfounder.com/piyan
http://www.zcfounder.com">http://www.zcfounder.com/gongshangzhuce">http://www.zcfounder.com">http://www.zcfounder.com/gongshangzhuce
http://www.zcfounder.com">http://www.zcfounder.com/gongsizhuce">http://www.zcfounder.com">http://www.zcfounder.com/gongsizhuce
http://www.zcfounder.com">http://www.zcfounder.com/zhucegongsi">http://www.zcfounder.com">http://www.zcfounder.com/zhucegongsi
http://www.zcfounder.com">http://www.zcfounder.com/office/">http://www.zcfounder.com">http://www.zcfounder.com/office/
http://g0gle.51.net/office
http://g0gle.51.net/gongshangzhuce
http://g0gle.51.net/gongsizhuce
http://g0gle.51.net/zhucegongsi
http://g0gle.51.net/biaozhisheji
http://g0gle.51.net/dailijizhang
http://g0gle.51.net/dazhejipiao
http://g0gle.51.net/gongzuofu
http://g0gle.51.net/jianfei
http://g0gle.51.net/niupixuan
http://g0gle.51.net/pifubing
http://g0gle.51.net/piyan
http://g0gle.51.net/polycom
http://g0gle.51.net/shipinhuiyi
http://g0gle.51.net/yinxiebing
http://www.jinxique.com">http://www.jinxique.com
http://www.bestel.com.cn">http://www.bestel.com.cn
http://www.bestel.com.cn">http://www.bestel.com.cn/polycom
http://www.110fat.com">http://www.110fat.com">http://www.110fat.com">http://www.110fat.com">http://www.110fat.com">http://www.110fat.com">http://www.110fat.com">http://www.110fat.com
http://www.zcfounder.com">http://www.zcfounder.com/patent/fanyico2/fanyi_15.htm">http://www.zcfounder.com">http://www.zcfounder.com/patent/fanyico2/fanyi_15.htm
http://andy197819.51.net/xgwz
http://www.lrxdq.com/">http://www.lrxdq.com/
http://www.rituo.com">http://www.rituo.com/knowledge">http://www.rituo.com">http://www.rituo.com/knowledge
http://wpromotion.51.net/xgwz
http://www.zcfounder.com">http://www.zcfounder.com/rzcping">http://www.zcfounder.com">http://www.zcfounder.com/rzcping
http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia/fanyico2/fanyi_15.htm">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia/fanyico2/fanyi_15.htm">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia/fanyico2/fanyi_15.htm">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia/fanyico2/fanyi_15.htm
http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia/fanyico2/fanyi_13.htm">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia/fanyico2/fanyi_13.htm
http://www.rituo.com">http://www.rituo.com
http://www.cebooks.net">http://www.cebooks.net
http://www.110fat.com">http://www.110fat.com">http://www.110fat.com">http://www.110fat.com">http://www.110fat.com">http://www.110fat.com">http://www.110fat.com">http://www.110fat.com
http://andy197819.51.net/jianfei/">http://andy197819.51.net/jianfei/
http://wpromotion.51.net/jianfei/">http://wpromotion.51.net/jianfei/
http://www.lrxdq.com
http://www.ceo863.com
http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia/fanyico2/fanyi_15.htm">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia/fanyico2/fanyi_15.htm">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia/fanyico2/fanyi_15.htm">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia/fanyico2/fanyi_15.htm
http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia
http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia
http://www.zcfounder.com">http://www.zcfounder.com google
http://www.zcfounder.com">http://www.zcfounder.com/promotion.htm google
http://www.zcfounder.com">http://www.zcfounder.com/website.htm
http://www.zcfounder.com">http://www.zcfounder.com/oasoft.htm
http://www.zcfounder.com">http://www.zcfounder.com/khgl.htm
http://www.zcfounder.com">http://www.zcfounder.com/jxc.htm
http://www.zcfounder.com">http://www.zcfounder.com/hotel.htm
http://www.zcfounder.com">http://www.zcfounder.com/bregis/
http://www.zcfounder.com">http://www.zcfounder.com/caigang/
http://www.zcfounder.com">http://www.zcfounder.com/cping/
http://www.zcfounder.com">http://www.zcfounder.com/design
http://www.zcfounder.com">http://www.zcfounder.com/fangwei/
http://www.zcfounder.com">http://www.zcfounder.com/giftco/
http://www.zcfounder.com">http://www.zcfounder.com/glasses/
http://www.zcfounder.com">http://www.zcfounder.com/gps/
http://www.zcfounder.com">http://www.zcfounder.com/jiayimin/
http://www.zcfounder.com">http://www.zcfounder.com/kouqang/
http://www.zcfounder.com">http://www.zcfounder.com/law/
http://www.zcfounder.com">http://www.zcfounder.com/ledscreen/
http://www.zcfounder.com">http://www.zcfounder.com/lxym/
http://www.zcfounder.com">http://www.zcfounder.com/patent/
http://www.zcfounder.com">http://www.zcfounder.com/rentcar
http://www.zcfounder.com">http://www.zcfounder.com/ticket/
http://www.zcfounder.com">http://www.zcfounder.com/transcompany/
http://www.zcfounder.com">http://www.zcfounder.com/vod
http://www.zcfounder.com">http://www.zcfounder.com/yiminnew/
http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia">http://www.zcfounder.com">http://www.zcfounder.com/yujia/
http://www.zcfounder.com">http://www.zcfounder.com/zhanlan/
http://www.zcfounder.com">http://www.zcfounder.com/yuanlin
http://www.zcfounder.com">http://www.zcfounder.com/office/">http://www.zcfounder.com">http://www.zcfounder.com/office/
http://www.zcfounder.com">http://www.zcfounder.com/office1/
http://www.zcfounder.com">http://www.zcfounder.com/qichepeijian
http://www.zcfounder.com">http://www.zcfounder.com/dianzibaiban
http://www.zcfounder.com">http://www.zcfounder.com/zichanpinggu
http://www.zcfounder.com">http://www.zcfounder.com/yikatong
http://www.zcfounder.com">http://www.zcfounder.com/guangduanji
http://www.zcfounder.com">http://www.zcfounder.com/minjin
http://www.zcfounder.com">http://www.zcfounder.com/jiankong
http://www.zcfounder.com">http://www.zcfounder.com/qianjinding
http://www.zcfounder.com">http://www.zcfounder.com/xcdesign
http://www.zcfounder.com">http://www.zcfounder.com/fenci
http://www.zcfounder.com">http://www.zcfounder.com/cuochuang
http://www.zcfounder.com">http://www.zcfounder.com/qchdou
http://www.zcfounder.com">http://www.zcfounder.com/mshpx
http://www.zcfounder.com">http://www.zcfounder.com/mgjx
http://www.zcfounder.com">http://www.zcfounder.com/xfqc
http://www.zcfounder.com">http://www.zcfounder.com/shuichuli
+++++++++++++++++++++++++++++++++++++++++++++
http://www.zcfounder.com">http://www.zcfounder.com/craft
http://www.zcfounder.com">http://www.zcfounder.com/jieneng
http://www.zcfounder.com">http://www.zcfounder.com/syyq
http://www.zcfounder.com">http://www.zcfounder.com/fxyq
http://www.zcfounder.com">http://www.zcfounder.com/baolingqiu
http://www.zcfounder.com">http://www.zcfounder.com/chuchen
http://www.zcfounder.com">http://www.zcfounder.com/golf
http://www.zcfounder.com">http://www.zcfounder.com/club
http://www.zcfounder.com">http://www.zcfounder.com/zhusuji
http://www.zcfounder.com">http://www.zcfounder - Anonymous
June 08, 2009
PingBack from http://toenailfungusite.info/story.php?id=9574