CodeSOD: Utter Filth |
Terrell inherited some database stored procedures. Like all good, Enterprisey stored procedures, it was written in PL/SQL. Unlike most Enterprisey procedures, it had a clear purpose: to clean your dirty inputs.
The actual problem: based on user input, the PL/SQL code needed to write a temporary file to the filesystem. Since user input is full of filthy, illicit characters, this procedure needs to clean them up.
PROCEDURE p_clean_name (
p_file_name IN VARCHAR2,
p_file_name_end OUT VARCHAR2
)
---------------------------------------------------------------------------------------------------
-- Purpose: Clean the file name removing all dirty characters
----------------------------------------------------------------------------------------------------
IS
l_function_name VARCHAR2 (64) := 'p_clean_name';
BEGIN
p_file_name_end :=
REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(TRIM
(p_file_name
),
'/',
'_'
),
'*',
'_'
),
'%',
'_'
),
'`u',
'_'
),
'`o',
'_'
),
'`a',
'_'
),
'`e',
'_'
),
'`u',
'_'
),
'`i',
'_'
),
''e',
'_'
),
'°',
'_'
),
'$',
'_'
),
'lb',
'_'
),
'&',
'_'
),
'?',
'_'
),
'§',
'_'
),
'^',
'_'
),
'(',
'_'
),
')',
'_'
),
'\',
'_'
),
'#',
'_'
),
'+',
'_'
),
'[',
'_'
),
']',
'_'
),
';',
'_'
),
':',
'_'
),
'@',
'_'
),
'c',
'_'
),
'<',
'_'
),
'>',
'_'
),
'.',
'_'
),
' ',
'_'
);
EXCEPTION
WHEN OTHERS
THEN
p_handle_log ('X',
SQLCODE ||'-'|| SQLERRM || '- ' || DBMS_UTILITY.format_error_backtrace(),
l_function_name,
null,
null
);
END;Well, something is dirty in here.
[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!
| Комментировать | « Пред. запись — К дневнику — След. запись » | Страницы: [1] [Новые] |
