A Fine-Grained Approach for Automated Conversion of JUnit Assertions to English

Converting source or unit test code to English has been shown to improve the maintainability, understandability, and analysis of software and tests. Code summarizers identify important statements in the source/tests and convert them to easily understood English sentences using static analysis and NLP techniques. However, current test summarization approaches handle only a subset of the variation and customization allowed in the JUnit assert API (a critical component of test cases) which may affect the accuracy of conversions. In this paper, we present our work towards improving JUnit test summarization with a detailed process for converting a total of 45 unique JUnit assertions to English, including 37 previously-unhandled variations of the assertThat method. This process has also been implemented and released as the AssertConvert tool. Initial evaluations have shown that this tool generates English conversions that accurately represent a wide variety of assertion statements which could be used for code summarization or other NLP analyses.Comment: In Proceedings of the 4th ACM SIGSOFT International Workshop on NLP for Software Engineering (NL4SE 18), November 4, 2018, Lake Buena Vista, FL, USA. ACM, New York, NY, USA, 4 page

The State of Practice for Security Unit Testing: Towards Data Driven Strategies to Shift Security into Developer\u27s Automated Testing Workflows

The pressing need to “shift security left” in the software development lifecycle has motivated efforts to adapt the iterative and continuous process models used in practice today. Security unit testing is praised by practitioners and recommended by expert groups, usually in the context of DevSecOps and achieving “continuous security”. In addition to vulnerability testing and standards adherence, this technique can help developers verify that security controls are implemented correctly, i.e. functional security testing. Further, the means by which security unit testing can be integrated into developer workflows is unique from other standalone tools as it is an adaptation of practices and infrastructure developers are already familiar with. Yet, software engineering researchers have so far failed to include this technique in their empirical studies on secure development and little is known about the state of practice for security unit testing. This dissertation is motivated by the disconnect between promotion of security unit testing and the lack of empirical evidence on how it is and can be applied. The goal of this work was to address the disconnect towards identifying actionable strategies to promote wider adoption and mitigate observed challenges. Three mixed-method empirical studies were conducted wherein practitioner-authored unit test code, Q&A posts, and grey literature were analyzed through three lenses: Practices (what they do), Perspectives and Guidelines (what and how they think it should be done), and Pain Points (what challenges they face) to incorporate both technical and human factors of this phenomena. Accordingly, this work contributes novel and important insights into how developers write functional unit tests for at least nine security controls, including a taxonomy of 53 authentication unit test cases derived from real code and a detailed analysis of seven unique pain points that developers seek help with from peers on Q&A sites. Recommendations given herein for conducting and adopting security unit testing, including mitigating challenges and addressing gaps between available and needed support, are grounded in the guidelines and perspectives on the benefits, limitations, use cases, and integration strategies shared in grey literature authored by practitioners

Groundwater nutrient availability controls on nearshore benthic community structure in Biscayne Bay, Florida

Most studies have focused on nutrient inputs from rivers, atmosphere, and nonpoint runoff. One often overlooked source of nutrient loading is submarine groundwater discharge. For this reason, a 207 site survey and four transects were established to document spatial distribution of macrophytes, quantify potential groundwater discharge and associated nutrient concentrations, estimate water column nutrient concentrations, and relate nutrient availability to seagrass stoichiometry. A significant decline in Thalassia testudinum and an associated increase in Halodule wrightii were significantly correlated with decreased salinity and increased ammonium and total phosphorus concentrations from surface and groundwater. Total phosphorus loading from groundwater was estimated to be 2.55 metric tons y-1 in the Black Point area, almost half the phosphorus load to all of southern Biscayne Bay from the canals. These findings indicate that nutrients in groundwater are important in determining seagrass community structure and spatial distribution in the shallow waters of Biscayne Bay

Did You Remember to Test Your Tokens?

Authentication is a critical security feature for confirming the identity of a system's users, typically implemented with help from frameworks like Spring Security. It is a complex feature which should be robustly tested at all stages of development. Unit testing is an effective technique for fine-grained verification of feature behaviors that is not widely-used to test authentication. Part of the problem is that resources to help developers unit test security features are limited. Most security testing guides recommend test cases in a "black box" or penetration testing perspective. These resources are not easily applicable to developers writing new unit tests, or who want a security-focused perspective on coverage. In this paper, we address these issues by applying a grounded theory-based approach to identify common (unit) test cases for token authentication through analysis of 481 JUnit tests exercising Spring Security-based authentication implementations from 53 open source Java projects. The outcome of this study is a developer-friendly unit testing guide organized as a catalog of 53 test cases for token authentication, representing unique combinations of 17 scenarios, 40 conditions, and 30 expected outcomes learned from the data set in our analysis. We supplement the test guide with common test smells to avoid. To verify the accuracy and usefulness of our testing guide, we sought feedback from selected developers, some of whom authored unit tests in our dataset.Comment: In 17th International Conference on Mining Software Repositories (MSR) 2020, Technical Track, Virtual. 11 page

Using forced alignment for sociophonetic research on a minority language

Until recently, large-scale phonetic analyses have been out of reach for under-documented languages, but with the advent of methodologies such as forced alignment, they have now become possible. This paper describes a methodology for applying forced alignment (using the Montreal Forced Aligner) to a speech corpus of Matukar Panau, a minority language spoken in Papua New Guinea. We obtained measurements for 68,785 vowel tokens, produced in both narrative and conversational data by 34 speakers. We examined the social conditioning on a subset of these vowels according to traditional sociolinguistic categories of age and gender, and also consider the impact of clan as a major axis of organization in this community. We show that there is a role for clan as a sociolinguistic factor in conditioning the variation observed