Ok, I just have had wasted 30 mins of my life trying to figure out why one of the stupids grids of the shitty project of my company is missing one element....

...please, always sanitize the data before insert in the db... please....

CR: "Add x here (to y) so it fits our code standards"
> No other Y has an X. None.

CR: "Don't ever use .html_safe"
> ... Can't render html without it. Also, it's already been sanitized, literally by sanitize(), written by the security team.

CR: "Haven't seen the code yet; does X change when resetting the password?"
> The feature doesn't have or reference passwords. It doesn't touch anything even tangentially related to passwords.
> Also: GO READ THE CODE! THAT'S YOUR BLOODY JOB!

CR: "Add an 'expired?' method that returns '!active'?"
> Inactive doesn't mean expired. Yellow doesn't mean sour. There's already an 'is_expired?' method.

CR: "For logging, always use json so we can parse it. Doesn't matter if we can't read it; tools can."
CR: "For logging, never link log entries to user-readable code references; it's a security concern."
CR: "Make sure logging is human-readable and text-searchable and points back to the code."
> Confused asian guy, his hands raised.

CR: "Move this data formatting from the view into the model."
> No. Views are for formatting.

CR: "Use .html() here since you're working with html"
> .html() does not support html. It converts arrays into html.

NONE OF THIS IS USEFUL! WHY ARE YOU WASTING MY TIME IF YOU HAVEN'T EVEN READ MY CODE!?

dfjasklfagjklewrjakfljasdf

Being a programmer for a while now it always irritates me to try to explain what I'm working on to friends and family. I forget what I knew before I developed. I'm always like "I made the strings in the database- oh I mean the words...well they're actually more like strings of letters- well anyway I made a code to sanitize the user input- I mean make it so it is secure before uhhh saving." I spend so much time watering what I'm saying down I forget what I'm talking about

It's not even funny. It'd be funny if one single person in my family or friend group understood what I meant to some degree.

Told to sanitize a large collection of PowerPoints of customer data. Found one resolvable IP address and about 200 typos and other mistakes. Deleted the IP address.. mission successful!

Got one right now, no idea if it’s the “most” unrealistic, because I’ve been doing this for a while now.

Until recently, I was rewriting a very old, very brittle legacy codebase - we’re talking garbage code from two generations of complete dumbfucks, and hands down the most awful codebase I’ve ever seen. The code itself is quite difficult to describe without seeing it for yourself, but it was written over a period of about a decade by a certifiably insane person, and then maintained and arguably made much worse by a try-hard moron whose only success was making things exponentially harder for his successor to comprehend and maintain. No documentation whatsoever either. One small example of just how fucking stupid these guys were - every function is wrapped in a try catch with an empty catch, variables are declared and redeclared ten times, but never used. Hard coded credentials, hard coded widths and sizes, weird shit like the entire application 500ing if you move a button to another part of the page, or change its width by a pixel, unsanitized inputs, you name it, if it’s a textbook fuck up, it’s in there, and then some.

Because the code is so damn old as well (MySQL 8.0, C#4, and ASP.NET 3), and utterly eschews the vaguest tenets of structured, organized programming - I decided after a month of a disproportionate effort:success ratio, to just extract the SQL queries, sanitize them, and create a new back end and front end that would jointly get things where they need to be, and most importantly, make the application secure, stable, and maintainable. I’m the only developer, but one of the senior employees wrote most of the SQL queries, so I asked for his help in extracting them, to save time. He basically refused, and then told me to make my peace with God if I missed that deadline. Very helpful.

I was making really good time on it too, nearly complete after 60 days of working on it, along with supporting and maintaining the dumpster fire that is the legacy application. Suddenly my phone rings, and I’m told that management wants me to implement a payment processing feature on the site, and because I’ve been so effective at fixing problems thus far, they want to see it inside of a week. I am surprised, because I’ve been regularly communicating my progress and immediate focus to management, so I explain that I might be able to ship the feature by end of Q1, because rather than shoehorn the processor onto the decrepit piece of shit legacy app, it would be far better to just include it in the replacement. I add that PCI compliance is another matter that we must account for, and so there’s not a great chance of shipping this in a week. They tell me that I have a month to do it…and then the Marketing person asks to see my progress and ends up bitching about everything, despite the front end being a pixel perfect reproduction. Despite my making everything mobile responsive, iframe free, secure and encrypted, fast, and void of unpredictable behaviors. I tell her that this is what I was asked to do, and that there should have been no surprises at all, especially since I’ve been sending out weekly updates via email. I guess it needed more suck? But either way, fuck me and my two months of hard work. I mean really, no ego, I made a true enterprise grade app for them.

Short version, I stopped working on the rebuild, and I’m nearly done writing the payment processor as a microservice that I’ll just embed as an iframe, since the legacy build is full of those anyway, and I’m being asked to make bricks without straw. I’m probably glossing over a lot of finer points here too, just because it’s been such an epic of disappointment. The deadline is coming up, and I’m definitely going to make it, now that I have accordingly reduced the scope of work, but this whole thing has just totally pissed me off, and left a bad taste about the organization.

Is this how i should sanitize my inputs?

PHP code that didn't use sanitize, but manually checked if strings contained ' or ". Not even in a function, but manually implemented whenever the person writing that burning dumpsterfire thought it was a good idea to check for that.

Code also didn't report, it just exited without error code. Users would just get a white screen if that spaghetti code "security" system got tripped.

If the database doesn't have the information, they won't be able to login, no need to validate or sanitize

I dont understand the Log4j vulnerability.

Isnt the ability to execute code a feature they added so that you can add dynamic data to the logs?

If it is a feature then isnt it written in the documentation?

Is the problem that a lot of companies forgot to sanitize the input before logging it?

Guys. Sanitize the Tags input length. Here on devrant. Call the devs, I don't know who they are...

YGGG IM SO CLOSE I CAN ALMOST TASTE IT.

Register allocation pretty much done: you can still juggle registers manually if you want, but you don't have to -- declaring a variable and using it as operand instead of a register is implicitly telling the compiler to handle it for you.

Whats more, spilling to stack is done automatically, keeping track of whether a value is or isnt required so its only done when absolutely necessary. And variables are handled differently depending on wheter they are input, output, or both, so we can eliminate making redundant copies in some cases.

Its a thing of beauty, defenestrating the difficult aspects of assembly, while still writting pure assembly... well, for the most part. There's some C-like sugar that's just too convenient for me not to include.

(x,y)=*F arg0,argN. This piece of shit is the distillation of my very profound meditations on fuckerous thoughtlessness, so let me break it down:

- (x,y)=; fuck you in the ass I can return as many values as I want. You dont need the parens if theres only a single return.
- *F args; some may have thought I was dereferencing a pointer but Im calling F and passing it arguments; the asterisk indicates I want to jump to a symbol rather than read its address or the value stored at it.

To the virtual machine, this is three instructions:

- bind x,y; overwrite these values with Fs output.
- pass arg0,argN; setup the damn parameters.
- call F; you know this one, so perform the deed.

Everything else is generated; these are macro-instructions with some logic attached to them, and theres a step in the compilation dedicated to walking the stupid program for the seventh fucking time that handles the expansion and optimization.

So whats left? Ah shit, classes. Disinfect and open wide mother fucker we're doing OOP without a condom.

Now, obviously, we have to sanitize a lot of what OOP stands for. In general, you can consider every textbook shit, so much so that wiping your ass with their pages would defeat the point of wiping your ass.

Lets say, for simplicity, that every program is a data transform (see: computation) broken down into a multitude of classes that represent the layout and quantity of memory required at different steps, plus the operations performed on said memory.

That is most if not all of the paradigm's merit right there. Everything else that I thought to have found use for was in the end nothing but deranged ways of deriving one thing from another. Telling you I want the size of this worth of space is such an act, and is indeed useful; telling you I want to utilize this as base for that when this itself cannot be directly used is theoretically a poorly worded and overly verbose bitch slap.

Plainly, fucktoys and abstract classes are a mistake, autocorrect these fucking misspelled testicle sax.

None of the remaining deeper lore, or rather sleazy fanfiction, that forms the larger cannon of object oriented as taught by my colleagues makes sufficient sense at this level for me to even consider dumping a steaming fat shit down it's execrable throat, and so I will spare you bearing witness to the inevitable forced coprophagia.

This is what we're left with: structures and procedures. Easy as gobblin pie.

Any F taking pointer-to-struc as it's first argument that is declared within the same namespace can be fetched by an instance of the structure in question. The sugar: x ->* F arg0,argN

Where ->* stands for failed abortion. No, the arrow by itself means fetch me a symbol; the asterisk wants to jump there. So fetch and do. We make it work for all symbols just to be dicks about it.

Anyway, invoking anything like this passes the caller to the callee. If you use the name of the struc rather than a pointer, you get it as a string. Because fuck you, I like Perl.

What else is there to discuss? My mind seems blank, but it is truly blank.

Allocating multitudes of structures, with same or different types, should be done in one go whenever possible. I know I want to do this, and I know whichever way we settle for has to be intuitive, else this entire project has failed.

So my version of new always takes an argument, dont you just love slurping diarrhea. If zero it means call malloc for this one, else it's an address where this instance is to be stored.

What's the big idea? Only the topmost instance in any given hierarchy will trigger an allocation. My compiler could easily perform this analysis because I am unemployed.

So where do you want it on the stack on the heap yyou want to reutilize any piece of ass, where buttocks stands for some adequately sized space in memory -- entirely within the realm of possibility. Furthermore, evicting shit you don't need and replacing it with something else.

Let me tell you, I will give your every object an allocator if you give the chance. I will -- nevermind. This is not for your orifices, porridges, oranges, morpheousness.

Walruses.

Somebody didn't sanitize their meta description!

Since the issue is within the legacy backend data, this brings us the great opportunity to solve and sanitize the data on the frontend and therefore killing the performance of the application! Sincerely, a manager that doesn't give a shit

Sanitize before db input.
And as a user I get my pdf document full of >
Thanks!

My lead asked me to sanitize a strict int variable 🤡

It reaaaally annoys me when my business logic is sound but the data is corrupted.

For example, find duplicates in a HashMap<String>.. but I didn't take into account the input could contain a space either before or after.. so I end up wondering: if a HashMap only contains unique keys, how come the count of items in the map is the same as the count of the input keys?! Well.. spaces were the culprit.

"12345" != "12345 ".. and therefore the Map sees it as two distinct keys..

What an annoying bug.

Lesson learned: 1) Sanitize input first and never trust it. 2) Never make assumptions

Inherited a legacy system from a previous "developer" who wrote code to sanitize input from sql injection in the front end and then called an web method called execSql which accepts am sql statement in a string value!

Obviously the app ran under admin privileges.

I like to teach sites that don't escape HTML/js in input fields a lesson, and put in a redirect. Where would you redirect them?

I tend to go SFW, like redirecting to a competitor or the NSA.

I just realized I can easily sanitize the data by using + as “ and I haven’t even had coffee yet. I might be on a roll today.

Spotless Clean by Peter: Expert Hoarding Cleanup Services for Disaster, Fire, Water Damage, and Odor Removal in Boston

At Spotless Clean by Peter, we understand that hoarding can result in more than just clutter – it can lead to significant damage from disasters, fire, water, and unpleasant odors that make your home or property uninhabitable. Whether it’s hoarding disaster cleanup, hoarding fire damage cleanup, hoarding water damage cleanup, or hoarding odor removal, our team is here to help restore your space to a clean, safe, and livable condition.

As a trusted cleaning service in Boston, MA, we specialize in providing comprehensive hoarding cleanup solutions that address the aftermath of various types of damage, from natural disasters to accidental fires and water damage. Our professional and compassionate team is here to help you navigate through these challenging situations with care, respect, and efficiency.

Why Choose Spotless Clean by Peter for Hoarding Cleanup?
Hoarding situations often require more than just basic cleaning – they involve sensitive, specialized care for both the space and the individual. Here’s why Spotless Clean by Peter is the best choice for your hoarding cleanup needs:

Specialized Expertise: Our team is trained in handling the unique challenges of hoarding, including dealing with damage from fire, water, and disasters. We know how to restore your space quickly and effectively.
Compassionate Approach: We understand the emotional toll hoarding can have on individuals and families. We work with empathy and respect to help you through the process in a way that’s comfortable and stress-free.
Comprehensive Services: We offer a full range of services, including hoarding disaster cleanup, hoarding fire damage cleanup, hoarding water damage cleanup, and hoarding odor removal, addressing all aspects of the cleanup process.
Advanced Equipment and Techniques: We use the latest cleaning technologies, safe disposal methods, and eco-friendly cleaning products to ensure your home or property is not only clean but also safe.
Fast, Efficient, and Reliable: We understand the urgency of restoring your space after a disaster, fire, or water damage. We provide prompt, reliable services to get your home or property back to its pre-damaged state as quickly as possible.
Now let’s take a closer look at the specific hoarding cleanup services we offer.

Our Hoarding Cleanup Services
Hoarding Disaster Cleanup: Addressing the Aftermath of Natural Disasters
Hoarding can make disaster cleanup even more complicated. Whether your home has been affected by a flood, earthquake, or storm, Spotless Clean by Peter is here to help. Our hoarding disaster cleanup service is designed to tackle the mess and damage caused by unexpected events, restoring your home to a safe, livable space.

Our hoarding disaster cleanup services include:

Damage Assessment: We begin by assessing the damage caused by the disaster. Whether it’s debris, flooding, or structural damage, we’ll determine the best course of action for cleanup.
Clutter Removal: We clear out any clutter that may have exacerbated the damage, carefully sorting through items and removing debris.
Cleaning and Sanitizing: After debris removal, we thoroughly clean and sanitize all affected areas, removing contaminants, mold, and bacteria that may have developed due to water or storm damage.
Restoration Services: In some cases, we provide restoration services, including repairs to drywall, flooring, and other structural elements affected by the disaster.
When disaster strikes, you need a team you can trust to clean up and restore your home quickly and efficiently. Spotless Clean by Peter is your go-to provider for hoarding disaster cleanup in Boston, MA.

Hoarding Fire Damage Cleanup: Restoring Your Home After a Fire
Fires cause devastating damage, especially in hoarded spaces where combustible materials are more likely to ignite. If your home or property has been affected by fire, Spotless Clean by Peter offers hoarding fire damage cleanup to help you get back on track.

Our hoarding fire damage cleanup services include:

Fire Damage Assessment: We conduct a thorough assessment of the damage caused by the fire, identifying structural issues, smoke damage, and the extent of the damage to personal belongings.
Soot and Smoke Removal: Soot and smoke can permeate the entire house, leaving behind toxic residue. We use specialized equipment to remove soot and smoke stains from walls, furniture, and carpets.
Clutter Removal and Sorting: We assist in sorting through the debris and removing any remaining hoarded items that have been affected by fire damage.
Deep Cleaning and Odor Removal: We clean every surface of the affected areas and use professional deodorizing techniques to eliminate lingering smoke odors, leaving your home smelling fresh.