If you didn’t write it, then its ok and best not to trust it.
I was working on an API call recently and everything was humming along till I ran into an edge case with a request and everything just stopped working. Nothing changed except the value I was sending to the API. What did change was that the value I was sending in no longer generated a successful response but an empty result set. Now why did that matter? Using some writeDumps() and aborts and traced down the culprit. Turns out that in that result the API authors had a trailing comma in the JSON and that valid JSON file I was expecting was now blowing up. A big part of that was my fault. I was just assuming that the API authors would give me valid JSON and I was not checking that it was actually real JSON before I started trying to work with it. I was being too trusting.
I brought the problem up to the company whose API I was using and I got the following response. Names have been redacted to protect the innocent…and guilty.
Hey there – it turns out this has already been flagged as a defect. If I understand the notes correctly, it looks like the JSON response includes a trailing comma, which may be the culprit.
I have added XXXXX to the list of clients affected by this defect. Unfortunately, at this point I have no way of knowing how soon this might be addressed.
Well, that’s a nice email. They tell me they have a bug they already knew about and that it was affecting clients. At least they have a plan….to someday work on it?
So the moral of this story is that if you didn’t write it, whatever it is, then just don’t trust it to be ok or to be what you expected. Whether that’s a form field, a file upload, or an API response. ColdFusion gives you a plethora of built in validation functions to choose from: isValid(), isBoolean(), cfparam, isXML(), etc., etc., and of course isJSON(). If you are working with a value that your application will depend on and it is coming from an outside source look for an is___() function for what you are working with. It is highly likely there is already a validation function out there. If there isn’t one then roll your own or Google search how to validate what you are using. In most cases you aren’t the first one to need to find a way to trust the type of data you are getting. If you can’t find a source to help you then when you figure it out take the time to write up a blog post so the next person can find that solution. The next person to have the problem you solved will definitely appreciate it.