CodeSOD: Years of Success

Way back in late 2006, Cody inherited a Java application. Since launching in 2001, the application had been running in production without any notable problems. And then, one day, it suddenly started throwing out errors on some orders. And then, a little later, any time someone tried to place an order. This constituted a rather large issue, since processing new orders was vitally important for keeping the lights on.

The errors were validation errors, so Cody started by going to the line where the validation happened, and the exception was thrown:

    if (!validateBeanData(order)) {
      throw new OrderRequesterException(order.getPoNumber().trim(),                        "63", "Invalid Request Criteria");

The additional whitespace is in the original.

Okay, so what exactly is validateBeanData doing?

private boolean validateBeanData(OrderRequestBean order) {
  boolean status = true;
  …   // various checks are performed here
  if (status) {
    if (requestDueYear.equals("2001")
      || requestDueYear.equals("2002")
      || requestDueYear.equals("2003")
      || requestDueYear.equals("2004")
      || requestDueYear.equals("2005")
      || requestDueYear.equals("2006"))
      status = true;
      status = false;
  return status;

The years were hardcoded covering all years between 2001 and 2006. Which was great, until customers started putting in orders that wouldn't fulfill until 2007. Maybe someone at the company had planned to eventually update those dates. Maybe someone was looking for job security. Maybe someone didn't expect any security at all, and just assumed the company would go under before this was a problem.

Whatever the case, it was easy for Cody to understand what the problem was.

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

This post originally appeared on The Daily WTF.

Leave a Reply

Your email address will not be published. Required fields are marked *