Programmer Humor

31576 readers

2048 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

anzo@programming.dev

Feyter@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

1309

#NULL! (lemmy.world)

submitted 1 day ago by ivanafterall@lemmy.world to c/programmer_humor@programming.dev

90 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] vrek@programming.dev 34 points 1 day ago (1 children)

How do you sanitize your inputs or how do you exploit inputs which are not sanitized.

[–] akunohana@piefed.blahaj.zone 29 points 1 day ago (1 children)

Santize inputs.

I'll get back to you on exploits when I can write something that throws zero compilation errors. 😈

[–] vrek@programming.dev 28 points 1 day ago (2 children)

Couple big things are 1. Only accept reasonable characters, on a white list instead of rejecting bad characters based on a black list. This will mean you are less likely to forget to block /0 for example. 2. Understand how strings work and ensure both reading and writing to that string doesn't extend beyond the end of memory allocated for the string. For example do you understand what the /0 would do to a string your program accepts?

[–] brbposting@sh.itjust.works 1 points 8 hours ago (1 children)

Is it easy for a good developer to allow new lines without any extra security risk exposure?

Sometimes e.g. a government form will remove new lines, though perhaps sometime they intend to reduce length.

[–] vrek@programming.dev 0 points 2 hours ago* (last edited 2 hours ago)

Depends...how well written the form is. Often stuff like this is pushed to libraries who have covered all the gotchas but you have to be careful not to get into dependency hell. Understand where to use them and not. For example don't use left_pad but also don't make your own encryption.

How easy is it to allow new lines,very easy. The important part is only accepting new lines e.g. /r/n a well made form can include extra functions but anything not defined should be denied.

Also consider you likely should not accept a username with a semi-colon in it...

[–] akunohana@piefed.blahaj.zone 8 points 1 day ago (1 children)

Sic! Thanks! I'll work on this this weekend! 😊

[–] vrek@programming.dev 12 points 1 day ago

Keep in mind, the lowercase and uppercase letters are in continuous blocks on the ASCII table so you can can use that to verify if a char is a letter without doing an incredible long chain of if else statements.