Developers often resort to shotgun parsing: scattering data checks and fallback values in various places throughout the system’s main logic.1
The habit of scattering parser-like behaviour throughout an application’s code and the resulting inconsistencies in data handling can often lead not just to annoying complications and bugs, but also security vulnerabilities.2
This is about reading data. What about when writing data, when setting the foundations for how it will ultimately “behave” and be interpreted? Are you firing shotshells, or are you slinging webs?
S. Bratus and M. L. Patterson, “Shotgun parsers in the cross-hairs,” presented at BruCON 2012. Slides: http://langsec.org/brucon/ShotgunParsersBruCON.pdf (accessed Aug. 01, 2022). ↩︎