CodeSOD: Serialization and Deserialization

Over 15 years, an intranet application with a small userbase has gradually become "mission critical". The original developers and all of the maintainers have been folks who didn't have any software development experience, beyond "I took a bootcamp once ten years ago" and "I can do Excel macros". At least they didn't 15 years ago, but over the past 15 years, it's turned into some people's full time job.

Krister E. was hired to try and turn this into a mature software product that didn't require constant babysitting and tending to keep it from crashing, burning, exploding, and leaving a cloud of fallout behind it. There were some challenges to that.

	JsonObject mixJson = new JsonObject();
	ChargeJsonImpl chargeJsonImpl = new ChargeJsonImpl(currentUser);
	chargeJsonImpl.addToCharge(charge, mixJson);
	Gson gson = new GsonBuilder().serializeSpecialFloatingPointValues().create();
	String aJson = gson.toJson(mixJson);
	JsonParser parser = new JsonParser();
	aJson = StringEscapeUtils.unescapeJson(aJson);
	mixJson = parser.parse(aJson).getAsJsonObject();

So, this gets some ChargeJsonImpl object, and uses it to add charge to a JSON object. Then, for some reason, it round-trips this JSON object through the GSON library and back into the original JSON object.

There are two possible reasons: the first is just that someone had no clue what they were doing and this works. That's entirely possible, but there's a worse possibility. It may be that something between the GSON serialization, the JSON deserialization, and the StringEscapeUtils munges the data in a way that makes this code work. Changing one thing could break it all.

Given that Krister's attempts to clean up the code base caused cascades of confusing, unexpected, and seemingly impossible errors, that last possibility is disturbingly realistic.

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

This post originally appeared on The Daily WTF.

Leave a Reply

Your email address will not be published. Required fields are marked *