2019-10-04 | Surprise! Copying crummy code from Stack Overflow leads to vulnerable GitHub jobs • The Register
'Even so, the researchers developed a Chrome extension to help developers be more mindful of security when copying and pasting Stack Overflow code snippets. '
'"Basically, what we tried to show is that using Stack Overflow without reviewing it carefully can lead to potential vulnerabilities inside applications," said Sami. '
'The boffins relied on a Stack Overflow data set called SOTorrent data-set Version 2018-09-23. '
'"The people who are using Stack Overflow, they shouldn't trust it fully," he said. '
'It covers posts from 2008 through 2018 and contains some duplicate code snippets. '
Stack Overflow was a good resource when I was learning to code. Once I started to see the errors and had to look elsewhere for answers I stopped using that site. There are better language-specific sites with good examples out there anyways.
I've may have copied a snippet once from there. Assuming I had a question in the context of "How do you...," I would go there to look at the syntax than research the syntax myself to make sure it is what I need and then do some testing to get a feel for how it works.
Another flaw with relying on Stack Overflow is that the top search results can be outdated. Languages are always changing and there may be better / different ways to do things than there was before.
they looked at more than 72,000 C++ code snippets in 1,325 Stack Overflow posts and found 69 vulnerable snippets of 29 different types.
That's not a lot in absolute terms but those 69 vulnerable snippets show up in 2,589 GitHub projects. The researchers say they notified the authors of affected projects and some, but not all, chose to fix the flaws...
I'm sure a lot of those github projects are not that serious anyway.
4 comments
0 u/derram 07 Oct 2019 13:19
https://unvis.it/https://www.theregister.co.uk/2019/10/04/stack_overflow_github/ :
'Even so, the researchers developed a Chrome extension to help developers be more mindful of security when copying and pasting Stack Overflow code snippets. '
'"Basically, what we tried to show is that using Stack Overflow without reviewing it carefully can lead to potential vulnerabilities inside applications," said Sami. '
'The boffins relied on a Stack Overflow data set called SOTorrent data-set Version 2018-09-23. '
'"The people who are using Stack Overflow, they shouldn't trust it fully," he said. '
'It covers posts from 2008 through 2018 and contains some duplicate code snippets. '
This has been an automated message.
0 u/Plavonica 07 Oct 2019 13:29
Stack Overflow was a good resource when I was learning to code. Once I started to see the errors and had to look elsewhere for answers I stopped using that site. There are better language-specific sites with good examples out there anyways.
0 u/user9713 07 Oct 2019 16:19
I've may have copied a snippet once from there. Assuming I had a question in the context of "How do you...," I would go there to look at the syntax than research the syntax myself to make sure it is what I need and then do some testing to get a feel for how it works.
Another flaw with relying on Stack Overflow is that the top search results can be outdated. Languages are always changing and there may be better / different ways to do things than there was before.
0 u/3dk 07 Oct 2019 21:11
Doesn't sound that bad actually:
I'm sure a lot of those github projects are not that serious anyway.