Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What does "shotgun parser" mean?

Tags:

security

Heard this term in talk The Science of Insecurity but I am not sure what does it mean.

like image 423
Žilvinas Rudžionis Avatar asked Jun 14 '18 07:06

Žilvinas Rudžionis


1 Answers

Shotgun parsing is an antipattern in the processing of input, defined as

Shotgun parsing is a programming antipattern whereby parsing and input-validating code is mixed with and spread across processing code—throwing a cloud of checks at the input, and hoping, without any systematic justification, that one or another would catch all the “bad” cases.

Properly handling input is a key aspect of secure programming, and "shotgun parsers" make programs more prone to exploitable security weaknesses. Unfortunately, like several other inherently insecure techniques, it's a popular approach to input parsing.

like image 93
fvu Avatar answered Oct 18 '22 00:10

fvu