1-2hit |
Shiyu YANG Tetsuya KANDA Daniel M. GERMAN Yoshiki HIGO
Stack Overflow, a leading Q&A platform for developers, is a substantial reservoir of Python code snippets. Nevertheless, the incompatibility issues between Python versions, particularly Python 2 and Python 3, introduce substantial challenges that can potentially jeopardize the utility of these code snippets. This empirical study dives deep into the challenges of Python version inconsistencies on the interpretation and application of Python code snippets on Stack Overflow. Our empirical study exposes the prevalence of Python version compatibility issues on Stack Overflow. It further emphasizes an apparent deficiency in version-specific identification, a critical element that facilitates the identification and utilization of Python code snippets. These challenges, primarily arising from the lack of backward compatibility between Python’s major versions, pose significant hurdles for developers relying on Stack Overflow for code references and learning. This study, therefore, signifies the importance of proactively addressing these compatibility issues in Python code snippets. It advocates for enhanced tools and strategies to assist developers in efficiently navigating through the Python version complexities on platforms like Stack Overflow. By highlighting these concerns and providing a potential remedy, we aim to contribute to a more efficient and effective programming experience on Stack Overflow and similar platforms.
Hiroki NAKANO Fumihiro KANEI Yuta TAKATA Mitsuaki AKIYAMA Katsunari YOSHIOKA
Android app developers sometimes copy code snippets posted on a question-and-answer (Q&A) website and use them in their apps. However, if a code snippet has vulnerabilities, Android apps containing the vulnerable snippet could also have the same vulnerabilities. Despite this, the effect of such vulnerable snippets on the Android apps has not been investigated in depth. In this paper, we investigate the correspondence between the vulnerable code snippets and vulnerable apps. we collect code snippets from a Q&A website, extract possibly vulnerable snippets, and calculate similarity between those snippets and bytecode on vulnerable apps. Our experimental results show that 15.8% of all evaluated apps that have SSL implementation vulnerabilities (Improper host name verification), 31.7% that have SSL certificate verification vulnerabilities, and 3.8% that have WEBVIEW remote code execution vulnerabilities contain possibly vulnerable code snippets from Stack Overflow. In the worst case, a single problematic snippet has caused 4,844 apps to contain a vulnerability, accounting for 31.2% of all collected apps with that vulnerability.