872 research outputs found
Does Collaborative Editing Help Mitigate Security Vulnerabilities in Crowd-Shared IoT Code Examples?
Background: With the proliferation of crowd-sourced developer forums,
software developers are increasingly sharing more coding solutions to
programming problems with others in forums. The decentralized nature of
knowledge sharing on sites has raised the concern of sharing security
vulnerable code, which then can be reused into mission critical software
systems - making those systems vulnerable in the process. Collaborative editing
has been introduced in forums like Stack Overflow to improve the quality of the
shared contents. Aim: In this paper, we investigate whether code editing can
mitigate shared vulnerable code examples by analyzing IoT code snippets and
their revisions in three Stack Exchange sites: Stack Overflow, Arduino, and
Raspberry Pi. Method:We analyze the vulnerabilities present in shared IoT C/C++
code snippets, as C/C++ is one of the most widely used languages in
mission-critical devices and low-powered IoT devices. We further analyse the
revisions made to these code snippets, and their effects. Results: We find
several vulnerabilities such as CWE 788 - Access of Memory Location After End
of Buffer, in 740 code snippets . However, we find the vast majority of posts
are not revised, or revisions are not made to the code snippets themselves (598
out of 740). We also find that revisions are most likely to result in no change
to the number of vulnerabilities in a code snippet rather than deteriorating or
improving the snippet. Conclusions: We conclude that the current collaborative
editing system in the forums may be insufficient to help mitigate
vulnerabilities in the shared code.Comment: 10 pages, 14 figures, ESEM2
NLP2Code: Code Snippet Content Assist via Natural Language Tasks
Developers increasingly take to the Internet for code snippets to integrate
into their programs. To save developers the time required to switch from their
development environments to a web browser in the quest for a suitable code
snippet, we introduce NLP2Code, a content assist for code snippets. Unlike
related tools, NLP2Code integrates directly into the source code editor and
provides developers with a content assist feature to close the vocabulary gap
between developers' needs and code snippet meta data. Our preliminary
evaluation of NLP2Code shows that the majority of invocations lead to code
snippets rated as helpful by users and that the tool is able to support a wide
range of tasks.Comment: tool demo video available at
https://www.youtube.com/watch?v=h-gaVYtCznI; to appear as a tool demo paper
at ICSME 2017 (https://icsme2017.github.io/
- …