Tag Archives: Regular Expressions

Your users aren’t SuperUsers

We recently shipped a piece of software that checks the software version of a specific hardware part. The user can set a parameter that represents a target software version string, for each different type of hardware.
When the user creates a new parameter set, let’s say for ‘transfer case type B’, the parameter’s default value would be an empty string.
The decision was made to check the software version by using a regular expression, although the requirement didn’t specify a dynamic software check.
Almost at the end of commissioning phase I was on that site to support a team member that was hunting an issue whit serial number validation. I had a look into the log files and found a strange line.

Checking software version: Comparing target value ‘’ to actual value ‘7505’. Software version is valid.

I took my colleague in to make him aware of a possible bug in this check, but got a devastating answer:

The check is done via regular expressions. When I check for an empty expression any string would match, if this wasn’t intended, it is the operator’s fault.

That wasn’t sort of the answer I expected to hear, because the user was taken into responsibility for something we possibly messed up. There aren’t a lot of developers that are capable of regular expression syntax (without looking for the syntax on the internet), but we are expecting from our users to know how to write regular expressions to match their software versions. This feature definitely won’t increase usability of our software as it was intended to.

var targetVersion = "";
var actualVersion = "7505";

Regex.IsMatch(actualVersion, targetVersion);

The code above will always return true, no matter what actualVersion will be. Since this is the default value, the check will always pass and faulty hardware might be delivered. I am supporter of software working by default when nothing is configured, but in this case it would be better to fail and point out an incorrect parameter.

var targetVersion = "1|2|3";
var actualVersion = "1";

Regex.IsMatch(actualVersion, targetVersion);

We were using another regular expression in another context and encountered a weird behavior. The above Code was working for about two days, but after that it started to fail. The hardware type changed and therefore the software version, the new value was 15. So everyone expected the check to not match, but it did. Since there are no start and end tags in the regular expression, it will match when the target string is anywhere inside the actual value. What the developer really wanted to check was ‘^(1|2|3)$’.

These where only two of the problems that drove me to write this blog post and there are many others that might occur when using regular expressions as user input. Most developers aren’t capable of thinking of all the problems that might occur when using regular expressions as user defined input, so why would you expect users to be? My advice is to stay with simple string comparisons until the requirement is given to use a dynamic check, like regular expression would be, but not without the right tool to write those expressions.

Your users aren’t SuperUsers, so please don’t treat them like that.