There’s the potential for endless installments of “programmers not understanding how UUIDs work.” Frankly, I think the fact that we represent them as human readable strings is part of the problem; sure, it’s readable, but conceals the fact that it’s just a large integer.
Which brings us to this snippet, from Capybara James.
if (!StringUtils.hasLength(uuid) || uuid.length() != 36) {
throw new RequestParameterNotFoundException(ErrorCodeCostants.UUID_MANDATORY_OR_FORMAT);
}
StringUtils.hasLength
comes from the Spring library, and it’s a simple “is not null or empty” check. So- we’re testing to see if a string is null or empty, or isn’t exactly 36 characters long. That tells us the input is bad, so we throw a RequestParameterNotFoundException
, along with an error code.
So, as already pointed out, a UUID is just a large integer that we render as a 36 character string, and there are better ways to validate a UUID. But this also will accept any 36 character string- as long as you’ve got 36 characters, we’ll call it a UUID. “This is valid, really valid, dumbass” is now a valid UUID.
With that in mind, I also like the bonus of it not distinguishing between whether or not the input was missing or invalid, because that’ll make it real easy for users to understand why their input is getting rejected.
ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.
Source: Read MoreÂ