CodeSOD: Audit For Truth

Tony sends us this snipped of C# code:

internal static bool TraceListner(ProjectInstance objPI, Exception objError, int EntityID, Enumerations.LogEntityType EntityType, int EntityInterfaceID, Enumerations.LogReturnType ReturnType, Enumerations.EventLevels EventLevel, string StartTime, string EndTime, int UserID, string Description) { ProcessAudit objLog; bool blnWrite; try { // WRITE THE TRACE LOG IF PROCESS HAS AUDIT FLAG = TRUE //AND THE CURRENT ACTIVTIY AUDIT FLAG = TRUE // need to log all of the errors regardless of the activity blnWrite = true; // write to the log if it is an error type log if (!(objError == null)) blnWrite = true; if (blnWrite == true) { objLog = new PrjectAudit(objPI, objError, EntityID, Convert.ToInt32(EntityType), EntityInterfaceID, Convert.ToInt32(EventLevel), StartTime, EndTime, Convert.ToInt32(ReturnType), Description, UserID); return objLog.Save(); } } catch { } return false; }

This code is helpfully commented to make the "logic" clearer. And also the history of how this code evolved. First, we wanted to only log if auditing was enabled, but that changed at some point. Presumably also around that time, we also wanted to log errors, so we added a check for that. Then, we realized we wanted to log all messages, so we removed the code which checked the audit flag, but not the comment, and added a hard-coded assignment to force logging. Finally, we include a if (blnWrite == true), which is one of my pet peeves in an if-statement (if (blnWrite) is identical and more clear in most cases).

Finally, for a bonus, we have incosistent spellings- ProjectInstance and PrjectAudit. It doesn't matter how you spell your symbols, so long as you can spell them consistently.

[Advertisement] Otter - Provision your servers automatically without ever needing to log-in to a command prompt. Get started today!

This post originally appeared on The Daily WTF.

Leave a Reply

Your email address will not be published.