Input kludge
Encyclopedia
In computer programming
, an input kludge is type of failure in software
(an anti-pattern
) where simple user input is not handled. For example, if a computer program
accepts free text input from the user, an ad hoc algorithm will mishandle many combinations of legal and illegal input strings. Input kludges are usually difficult for a programmer to detect in a unit test
, but very easy for the end user to find. The evidence exists that the end user can easily crash
software that fails to correctly handle user input. Indeed, the buffer overflow
security hole is an example of the problems caused.
To remedy input kludges, one may use input validation
algorithms to handle user input. A monkey test
can be used to detect an input kludge problem. A common first test to discover this problem is to roll one's hand across the computer keyboard
or to 'mash' the keyboard to produce a large junk input, but such an action often lacks reproducibility
. Greater systematicity and reproducibility may be obtained by using fuzz testing
software.
Computer programming
Computer programming is the process of designing, writing, testing, debugging, and maintaining the source code of computer programs. This source code is written in one or more programming languages. The purpose of programming is to create a program that performs specific operations or exhibits a...
, an input kludge is type of failure in software
Computer software
Computer software, or just software, is a collection of computer programs and related data that provide the instructions for telling a computer what to do and how to do it....
(an anti-pattern
Anti-pattern
In software engineering, an anti-pattern is a pattern that may be commonly used but is ineffective and/or counterproductive in practice.The term was coined in 1995 by Andrew Koenig,...
) where simple user input is not handled. For example, if a computer program
Computer program
A computer program is a sequence of instructions written to perform a specified task with a computer. A computer requires programs to function, typically executing the program's instructions in a central processor. The program has an executable form that the computer can use directly to execute...
accepts free text input from the user, an ad hoc algorithm will mishandle many combinations of legal and illegal input strings. Input kludges are usually difficult for a programmer to detect in a unit test
Unit test
In computer programming, unit testing is a method by which individual units of source code are tested to determine if they are fit for use.A unit is the smallest testable part of an application. In procedural programming a unit could be an entire module but is more commonly an individual function...
, but very easy for the end user to find. The evidence exists that the end user can easily crash
Crash (computing)
A crash in computing is a condition where a computer or a program, either an application or part of the operating system, ceases to function properly, often exiting after encountering errors. Often the offending program may appear to freeze or hang until a crash reporting service documents...
software that fails to correctly handle user input. Indeed, the buffer overflow
Buffer overflow
In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety....
security hole is an example of the problems caused.
To remedy input kludges, one may use input validation
Data validation
In computer science, data validation is the process of ensuring that a program operates on clean, correct and useful data. It uses routines, often called "validation rules" or "check routines", that check for correctness, meaningfulness, and security of data that are input to the system...
algorithms to handle user input. A monkey test
Monkey test
In computer science, a Monkey test is a unit test that runs with no specific test in mind. The monkey in this case is the producer of any input. For example, a monkey test can enter random strings into text boxes to ensure handling of all possible user input or provide garbage files to check for...
can be used to detect an input kludge problem. A common first test to discover this problem is to roll one's hand across the computer keyboard
Computer keyboard
In computing, a keyboard is a typewriter-style keyboard, which uses an arrangement of buttons or keys, to act as mechanical levers or electronic switches...
or to 'mash' the keyboard to produce a large junk input, but such an action often lacks reproducibility
Reproducibility
Reproducibility is the ability of an experiment or study to be accurately reproduced, or replicated, by someone else working independently...
. Greater systematicity and reproducibility may be obtained by using fuzz testing
Fuzz testing
Fuzz testing or fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes or failing built-in code assertions...
software.
See also
- Garbage In, Garbage OutGarbage In, Garbage OutGarbage in, garbage out is a phrase in the field of computer science or information and communication technology. It is used primarily to call attention to the fact that computers will unquestioningly process the most nonsensical of input data and produce nonsensical output...
- KludgeKludgeA kludge is a workaround, a quick-and-dirty solution, a clumsy or inelegant, yet effective, solution to a problem, typically using parts that are cobbled together...
- Secure input and output handlingSecure input and output handlingSecure input and output handling are secure programming techniques designed to prevent security bugs and the exploitation thereof.- Input handling :...