Among the errors here is casting an internal structure over external data. […] From a practical point of view, this leads to confusion, as the programmer is never quite clear as to the boundary between external and internal data. You are supposed to rigorously verify external data, because the hacker controls it. You don’t keep double-checking and second-guessing internal data, because that would be stupid. When you blur the lines between internal and external data, then your checks get muddled up.
Quelle: Systemd is bad parsing and should feel bad
Siehe dazu auch:
Input validation should happen as early as possible in the data flow, preferably as soon as the data is received from the external party.