Many years ago waltz and his spouse both worked for the same company. The company had his ERP system, which was born as a product at a time when ERP systems were novel and new. It is written in Delphi and Huge– So huge that the company had to hack the Delphi linker to cope with its size.
Well, their company was swallowed up by Initech and things changed after the acquisition. Mr. Waltz left, and a few years later, so did his spouse. However, they kept in touch with colleagues, and it was over dinner that Victoria, a former colleague, told her about a recent disaster she had stumbled upon.
Viktorija’s day started when she needed to make a change to one of her “business objects.” This product was born long before ORM became a common tool, someone invented it in-house and wrapped it around the functionality of Delphi. TDataSet
Objects and lots of hard-coded SQL strings. All she had to change was a small validation rule, but she quickly changed it, tested it, and was very happy with it.
While making changes, she also discovered a hard-coded SQL string. It was malformed. Because the query became difficult to read, and because she was right there, Viktorija added some spaces and separators to make the formatting easier to read overall. She committed the changes and moved on to the next task for the day.
The CI job failed on her commit. However, she failed on a completely unrelated module, so what she changed was not supposed to have any effect. None of the modified validation rules were applied to that module and the error was related to database access. Viktorija changes do not affect database access…
…Well, apart from changing the query.
Viktorija double-checked her changes and noticed that there was a “getter” function that retrieved the value of the query string. She thought this was just for debugging purposes, but she pressed her CTRL+Fed on the broken module and found that the string was being fetched. And that string was broken.
At some point, someone said, “Reusing code is always a good thing. SQL queries are code, so reuse them!” So they take the query string from the business object that Viktorija modified and perform a series of operations such as “Remove substring from characters 160-173” and “Insert this substring at position 57.” Executed.
By changing the whitespace and formatting, Viktorija broke that code. Passing the test was easy. All Viktorija had to do was undo that part of the change. Resolving string confusion and ensuring the system did not fail was a much bigger challenge.
When Waltz and his partner heard this, they were very happy to be back, and Viktoria felt they should bring some extra wine with them after dinner.
ProGet provides security and access control for NuGet feeds. learn more.