Snakes in Paradise?: Insecure Python-Related Coding Practices in Stack Overflow
Autor: | Nasif Imtiaz, Effat Farhana, Akond Rahman |
---|---|
Rok vydání: | 2019 |
Předmět: |
Questions and answers
Computer science media_common.quotation_subject 020207 software engineering 02 engineering and technology Python (programming language) Computer security computer.software_genre Empirical research 020204 information systems 0202 electrical engineering electronic engineering information engineering Stack overflow Code injection computer Coding (social sciences) Reputation media_common computer.programming_language |
Zdroj: | MSR |
Popis: | Despite being the most popular question and answer website for software developers, answers posted on Stack Overflow (SO) are susceptible to contain Python-related insecure coding practices. A systematic analysis on how frequently insecure coding practices appear in SO answers can help the SO community assess the prevalence of insecure Python code blocks in SO. An insecure coding practice is recurrent use of insecure coding patterns in Python. We conduct an empirical study using 529,054 code blocks collected from Python-related 44,966 answers posted on SO. We observe 7.1% of the 44,966 Python-related answers to include at least one insecure coding practice. The most frequently occurring insecure coding practice is code injection. We observe 9.8% of the 7,444 accepted answers to include at least one insecure code block. We also find user reputation not to relate with the presence of insecure code blocks, suggesting that both high and low-reputed users are likely to introduce insecure code blocks. |
Databáze: | OpenAIRE |
Externí odkaz: |