wybory2014/Kalkulator1 Contribute to Kalkulator1 development by creating an account on GitHub.

Basically someone decompiled the byte code of the software used in Polish elections. This is after the system failed yesterday for over a day.

Background: Poland wanted a fancy electronic system for reporting votes, attendance, etc because killing trees is bad. They put out a RFP in July 2014, selected a winner in August 2014. The winner had 3 months to build it. And it's 3 months later and they tried to use it!

1. Calculator module for handling electoral district electoral commission in the local elections, 2. Control module trailing protocols of voting results in the circuit, 3. Module adoption of electronic data with the protocols of voting results in the circuit sent by the converter module election 4. The handler electoral authority (the territorial election commission, election commissioner and the National Electoral Commission) in the properties of the body, 5. Module determining voting results and election results, 6. Software for management of the IT service choices based on LDAP database made available by the Employer, 7. Software service public key infrastructure to issue and share certificates 8. Data collection system of electoral committees, lists of candidates and the candidates and districts, counties and warehouses committee of sites made available by the Employer, 9. Implementation of export data, providing data transfer of election committees, lists of candidates and candidates voting districts, constituencies and voting results, performance division of seats in the archive (implemented as a relational database) 10. Execution of the handler entry, receive data on the number of voters who took part in the vote during the voting, transfer of supervision, control accuracy, 11. Conducting training of users of the ordered software 12. Administering the IT infrastructure in the premises of the Employer and the external processing center.

Problems mentioned by others:

PDB files were distributed with the application, the source code now being accessible is an no duh It uses plain text to transmit election results, and uses HTTP as a fallback for HTTPS not working(LOL).

So let's see:

//https://github.com/wybory2014/Kalkulator1/blob/master/Kalkulator1/Attendance.cs

[code]

string xml = "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>";

xml += "<save>";

[/code]

Creates XML by hand.

[code]

try

{

if (this.attendanceHour.SelectedItem != null)

{

hour = (this.attendanceHour.SelectedItem as AttendanceItem).getName();

}

}

catch (System.Exception ex)

{

}

[/code]

Didn't want the hour anyway.

[code]

string xml = "";

xml = xml + "<jns_kod>" + this.jns.Text + "</jns_kod>";

if (this.role == "P")

{

xml = xml + "<nrObwodu>" + this.obwod.Text + "</nrObwodu>";

}

else

{

string obw = "";

if (this.obwodList.SelectedItem != null)

{

obw = (this.obwodList.SelectedItem as AttendanceOBWItem).getName().ToString();

}

xml = xml + "<nrObwodu>" + obw + "</nrObwodu>";

}[/code]

Hand built XML also has no consistency in naming, camel case + underscores, why not!

[code]

private void setComboBoxHour(string electoralEampaignSave)

{

if (!System.IO.Directory.Exists(this.path + "\Attendance"))

{

try

{

System.IO.Directory.CreateDirectory(this.path + "\Attendance");

}

catch (System.ArgumentNullException)

{

MessageBox.Show("Nieprawidłowa ścieżka. Nie można utworzyć katalogu "Attendance"", "Error");

}

catch (System.ArgumentException)

{

MessageBox.Show("Nieprawidłowa ścieżka. Nie można utworzyć katalogu "Attendance"", "Error");

}

catch (System.UnauthorizedAccessException)

{

MessageBox.Show("Nie masz uprawnień do tworzenia katalogów. Otwórz aplikacje jako adnimistrator.", "Uwaga");

}

catch (System.IO.PathTooLongException)

{

MessageBox.Show("Nieprawidłowa ścieżka. Nie można utworzyć katalogu "Attendance"", "Error");

}

catch (System.IO.DirectoryNotFoundException)

{

MessageBox.Show("Nieprawidłowa ścieżka. Nie można utworzyć katalogu "Attendance"", "Error");

}

catch (System.NotSupportedException)

{

MessageBox.Show("Nieprawidłowy format ścieżki. Nie można utworzyć katalogu "Attendance"", "Error");

}

catch (System.IO.IOException)

{

MessageBox.Show("Nieprawidłowa ścieżka. Nie można utworzyć katalogu "Attendance"", "Error");

}

}

string uri = "KALK/freq/" + electoralEampaignSave.Replace('_', '/') + "-freq";

Connection con = new Connection();

KLKresponse res = con.getRequestKBWKlk(uri, this.path + "\Attendance\frekwencja.xml", 0);

XmlDocument hour = new XmlDocument();

hour.Load(this.path + "\Attendance\frekwencja.xml");

XmlNode hourRoot = hour.SelectSingleNode("/frekwencja");

System.Collections.ArrayList AttendanceTime = new System.Collections.ArrayList();

AttendanceTime.Add(new AttendanceItem("0", ""));

foreach (XmlNode item in hourRoot)

{

XmlNode id = item.Attributes.GetNamedItem("id");

XmlNode value = item.Attributes.GetNamedItem("value");

if (id != null && value != null)

{

AttendanceTime.Add(new AttendanceItem(id.Value, value.Value));

}

}

this.attendanceHour.DataSource = AttendanceTime;

this.attendanceHour.DisplayMember = "LongName";

this.attendanceHour.ValueMember = "ShortName";

}

[/code]

So it bitches and moans about an error but fails to actually exit out of the function so I can only assume the file writes that occur afterwards(after a file exists check exception) == gun in mouth

That's just one file.