Ad-hoc validation leads to a phenomenon that the language-theoretic security field calls shotgun parsing. In the 2016 paper, The Seven Turrets of Babel: A Taxonomy of LangSec Errors and How to Expunge Them, its authors provide the following definition:
Shotgun parsing is a programming antipattern whereby parsing and input-validating code is mixed with and spread across processing code—throwing a cloud of checks at the input, and hoping, without any systematic justification, that one or another would catch all the “bad” cases.
They go on to explain the problems inherent to such validation techniques:
Shotgun parsing necessarily deprives the program of the ability to reject invalid input instead of processing it. Late-discovered errors in an input stream will result in some portion of invalid input having been processed, with the consequence that program state is difficult to accurately predict.
In other words, a program that does not parse all of its input up front runs the risk of acting upon a valid portion of the input, discovering a different portion is invalid, and suddenly needing to roll back whatever modifications it already executed in order to maintain consistency.
Parse, don’t validate
from Alexis King
Filed under:
Same Source
Related Notes
- Dependencies (coupling) is an important concern to address, but it&...from kbouck
- By replacing integration tests with unit tests, we're losing al...from Computer Things
- Often, people who don’t have access to the raw data expect one narr...from Josh Beckman
- The upshot for the industry at large, is: the **LLM-as-Moat model h...from Steve Yegge
- The first image ever transmitted to Earth from another planet was r...from Instagram
- I propose that there is one problem chief among them, an impetus fo...from George Hosu
- When software -- or idea-ware for that matter -- fails to be access...from gist.github.com
- My experience is companies do not anticipate that the cost of monit...from Mathew Duggan