CodeSOD: Magic Strings Attached

This post was originally published on this site

The Daily WTF

Magic strings are as bad as magic numbers, if not worse. So when Tomasz found this block, it didn’t seem so bad:

class OPERATION: TRANSACTION = ‘conditioned_transaction’ BOUNTY_CREATE = ‘bounty_create’ GUESS_PASSWORD = ‘guess_password’

This Python class essentially emulates an enumeration, which while enumerations are now available in Python, it’s perfectly plausible that this code predates it and it’s fine.

It was after writing this, however, that our intrepid developer lost the plot.

VALID_OPERATIONS = { ‘conditioned_transaction’: OPERATION.TRANSACTION, ‘bounty_create’: OPERATION.BOUNTY_CREATE, ‘guess_password’: OPERATION.GUESS_PASSWORD }

This is a lookup table that maps our handy-dandy enumerated types back to magic strings. Strings which have the same value as the enumerated types. Which ended up getting used like so:

operation = VALID_OPERATIONS[body[‘operation’]]

body is an HTTP request, so this treats the string in the body as a key to lookup the exact same string in VALID_OPERATIONS.

On one hand, we could argue

To read the full article click on the 'post' link at the top.