Job security through code obscurity


Art Carpenter offers tremendous advice to SAS programmers who want to maximize their job security: make your programs impossible for others to read and understand.

In his published papers, Art (in his tongue-in-cheek manner) presents practical examples for how to accomplish this. I'm afraid that with our new code formatter feature in SAS Enterprise Guide 4.3, we have made it more difficult to accomplish your goals of job security via code obscurity.

After reading my recent blog post about the code formatter, Art sent me one of his examples of "creative formatting."

Why not make it look like the company logo?
I ran it through the code formatter in SAS Enterprise Guide 4.3, and this is the result:

Not beautiful yet
It's slightly more readable, but there are still plenty of funny line breaks and extra spaces. It will take more than some yahoo pressing Ctrl+I to reformat the program for legibility. This is good news for the SAS programmer who wants to maintain that reputation as being "indispensable".

But we don't yet have to resort to a brute force method in order to fix this program. We can use the editor's Find and Replace feature (Ctrl+H shortcut), along with regular expression support, to fix the program to make it more "formattable".

The first regular expression search/replace shortcut finds all of the badly broken equals (assignment) operators and brings them together. The pattern is "(s*)=s*n", which says "find all whitespace before and after an equals sign, up to the end-of-line character". We replace that with "=", like this:

bring the equals signs together
The second pattern finds all of the extra spaces and closes them up, using this pattern: "(x20{2,99})". This says to find all occurrences of between 2 and 99 space characters (hex 0x20) and replace them with a single space character. Here's what that looks like:

eliminate the space between
Once you've applied these two regular expression replacements, you'll find that the program is still not readable. By eliminating all of those spaces, the program no longer contains the proper indentation that makes it easier to read the programming logic. However, it's at this point that you can simply click Ctrl+I and let the code formatter do its magic. The final result looks like this:

Looking good now!
It took two well-planned regex-rich Find and Replace operations, plus the new code formatting magic, to make this program readable. Coming up with the correct regular expressions certainly is not easy for a novice, but it sure beats spending the time to manually reformat your program, especially if it's a long one.

Note: the code formatter is smart enough to leave format-sensitive parts of your program alone, such as DATALINES, CARDS, and program comments. But regular expressions aren't that smart, so you need to apply such changes only to the "logic" parts of your program, and not to inline data, if you have any.


About Author

Chris Hemedinger

Director, SAS User Engagement

+Chris Hemedinger is the Director of SAS User Engagement, which includes our SAS Communities and SAS User Groups. Since 1993, Chris has worked for SAS as an author, a software developer, an R&D manager and a consultant. Inexplicably, Chris is still coasting on the limited fame he earned as an author of SAS For Dummies


  1. Now, if you could make the code LOOK like a crustacean to match your topic here, and have other options, so when I was, for example, analyzing data on families, it looked like stick figures of mom, dad and kids - then that would be very impressive.

  2. Pingback: SAS Enterprise Guide 4.3 is available - The SAS Dummy

  3. Nice blogs Chris
    a question: EG configurator in the management console (I mean EG role settings) is not capable to block user's code submissions like libname (it blocks only the "meta" libname), how could it be done? I figured, but I don't know exactly how, to intercept user code on the remote server before it has been submitted and clean it from all "not allowed" commands, if it couldn't be done shoud be a big security problem. obviously libnames should be still allowed on local server.

    • Chris Hemedinger
      Chris Hemedinger on

      Michele, there is not a way to intercept/edit code programmatically as it is being submitted.

    • Chris Hemedinger
      Chris Hemedinger on

      In the enhanced editor in "base SAS" (Display Manager), the regex is a bit unconventional and doesn't always comply with what you expect from PERL (PRXMATCH). However, in SAS Enterprise Guide, the newer program editor supports the .NET flavor of RegEx, which more closely matches what you find in most modern implementations.

  4. worked it out!


    As per help doc - "For a selection of special characters that you can use in regular expressions, click the arrow that is located to the right of the Find text field. "

Back to Top