This code is a simple text-based database management program in...

August 30, 2025 at 08:21 PM

#include <stdio.h> #include <stdlib.h> #include <string.h> #define DataBase "database.txt" // Funzione per la creazione della file data base e void aggiungiRecord() { char chiave[256], valore[256]; printf("Inserisci chiave: "); fgets(chiave, sizeof(chiave), stdin); chiave[strcspn(chiave, "\n")] = 0; printf("Inserisci valore: "); fgets(valore, sizeof(valore), stdin); valore[strcspn(valore, "\n")] = 0; strcat(chiave, strcat(":", valore)); FILE *f = fopen(DataBase, "a"); if (f) { fprintf(f, "%s\n",chiave); fclose(f); printf("Record aggiunto.\n"); } } void cercaRecord() { char chiave[64], comando[256]; printf("Chiave da cercare: "); fgets(chiave, sizeof(chiave), stdin); chiave[strcspn(chiave, "\n")] = 0; snprintf(comando, sizeof(comando), "grep '%s' %s", chiave, DataBase); system(comando); // ⚠️ CWE-77 } void ordinaDatabase() { char comando[256]; snprintf(comando, sizeof(comando), "sort %s -o %s", DataBase, DataBase); system(comando); // ⚠️ CWE-77 printf("Database ordinato.\n"); } void mostraDatabase() { printf("Contenuto database:\n"); system("cat database.txt"); } int main() { int scelta; FILE *f = fopen(DataBase, "a"); if(f) fclose(f); do { printf("\n=== Gestore Database di Testo ===\n"); printf("1) Aggiungi record\n"); printf("2) Cerca record\n"); printf("3) Ordina database\n"); printf("4) Mostra database\n"); printf("5) Esci\n"); printf("Scelta: "); scanf("%d", &scelta); getchar(); switch(scelta) { case 1: aggiungiRecord(); break; case 2: cercaRecord(); break; case 3: ordinaDatabase(); break; case 4: mostraDatabase(); break; case 5: printf("Chiusura.\n"); break; default: printf("Scelta non valida.\n"); } } while(scelta != 5); return 0; }

This code is a simple text-based database management program in C, which uses a file named database.txt as its storage. It provides functionalities such as adding, searching, sorting, and displaying data in the database. Here's a breakdown of what this code does:

Key Functionalities:

  1. Adding Records (aggiungiRecord):

    • Prompts the user to input a "key" and a "value".
    • Combines the key and value into a single line in the format key:value.
    • Appends this entry to the database.txt file.

  2. Searching Records (cercaRecord):

    • Prompts the user for a "key" to search.
    • Uses the grep command via system() to search for lines in the database.txt file containing the specified key.
    • Displays the matching lines.

  3. Sorting the Database (ordinaDatabase):

    • Sorts the contents of database.txt using the sort command. The sorted output is saved back to the same file.
    • Displays a confirmation message ("Database ordinato").

  4. Displaying the Database (mostraDatabase):

    • Uses the cat command via system() to display the contents of the database.txt file.

  5. Menu and Program Loop (main):

    • Provides a text-based menu for users to:
      1. Add a record.
      2. Search for a record.
      3. Sort the database.
      4. Display the database.
      5. Exit the program.
    • Keeps the program running until the user selects "Exit".

Workflow:

  1. When run, the program ensures database.txt exists (creates it if absent).
  2. Users can interact with the program via the menu.
  3. Each option performs its respective functionality.

Potential Issues:

  1. Security Risks (system() Usage):

    • The use of system() with user-provided input (e.g., in cercaRecord and ordinaDatabase) makes the program vulnerable to command injection attacks (CWE-77). For example, a malicious user might input a specially crafted string to execute arbitrary shell commands.

  2. Error Handling:

    • There's minimal error handling for file operations, which could cause issues if the file is inaccessible.

  3. Sorting Behavior:

    • Sorting operates on the entire contents of the database but assumes everything in the file is a valid record. Inconsistent formatting may result in undefined behavior.

  4. Compatibility:

    • The code assumes the underlying system supports commands like grep, sort, and cat.

Summary:

The program is a simple file-based text database manager written in C. It allows adding, searching, sorting, and displaying records stored in a text file. However, the use of system commands with limited input validation introduces significant security risks, and its utility is limited to scenarios where these risks can be controlled.

Generate your own explanations
Download our vscode extension
Read other generated explanations

Built by @thebuilderjr
Sponsored by beam analytics
Read our terms and privacy policy
Forked from openai-quickstart-node