months ago, rebecca‘s predecessor wrote Perl code for traversing JSON-like data structures. This was a hash map that could contain values, arrays, or other hashes.
My predecessor wrote the code and had it reviewed and tested. We rolled it out to production and everything worked fine for three months. Three months was long enough for her predecessor to take a new job elsewhere, leaving Rebecca with her only support when the job fell apart.
sub spider_reference
my ( $reference ) = @_;
if ( $reference =~ m/HASH/ )
// spider into the hash %$reference
else if ( $reference =~ m/ARRAY/ )
// iterate over the array @$reference
When Rebecca first saw this code, she thought, “I didn’t know you could do that using regular expressions.” After another five seconds or so, she realized. no You can’t do that with regular expressions.
This function accepts arguments that are fields in a JSON-like structure. If it’s an array or a hash map, you’ll need to “spider” it for further processing. If it’s a scalar value, just move on.
So how does this work? We take that argument and perform a regex check on it. For reference variables (arrays or maps), that operation makes no sense, so Perl make It makes sense by converting it to a string.That string is inside the form HASH (0xDEADBEEF)
or ARRAY (0x0DEFACED)
– Type and address.
So this code simply performs the conversion, checks whether the resulting string contains the type tag you expected, and if so does the necessary processing. There’s probably only one problem that’s becoming clear. This function also runs on scalar values. Scalar values can be strings, so they can include: HASH
or ARRAY
– That’s exactly what happened. Some Base64 encoded data tricked this code into treating the string as a hash, causing the program to crash.
This code is an example of “Once you have a hammer, every problem looks like a nail.” Using regular expressions to sniff out types is a mistake, but developers have avoided this mistake for a surprisingly long time.they could have gotten away with it longer If you use a regular expression to check only the beginning of a string, /^HASH/
But that doesn’t mean the problem is truly solved.
Rebecca reads the documentation and finds and fixes the following passage: correct solution- ref
This function returns a string describing the type of reference.
BuildMaster allows you to create a self-service release management platform that allows different teams to manage applications. Let’s find out how!