Different abnormalities are commonly encountered in computer network systems.These types of abnormalities can lead to critical data losses or unauthorized access in the systems.Buffer overflow anomaly is a prominent i...Different abnormalities are commonly encountered in computer network systems.These types of abnormalities can lead to critical data losses or unauthorized access in the systems.Buffer overflow anomaly is a prominent issue among these abnormalities,posing a serious threat to network security.The primary objective of this study is to identify the potential risks of buffer overflow that can be caused by functions frequently used in the PHP programming language and to provide solutions to minimize these risks.Static code analyzers are used to detect security vulnerabilities,among which SonarQube stands out with its extensive library,flexible customization options,and reliability in the industry.In this context,a customized rule set aimed at automatically detecting buffer overflows has been developed on the SonarQube platform.The memoization optimization technique used while creating the customized rule set enhances the speed and efficiency of the code analysis process.As a result,the code analysis process is not repeatedly run for code snippets that have been analyzed before,significantly reducing processing time and resource utilization.In this study,a memoization-based rule set was utilized to detect critical security vulnerabilities that could lead to buffer overflow in source codes written in the PHP programming language.Thus,the analysis process is not repeatedly run for code snippets that have been analyzed before,leading to a significant reduction in processing time and resource utilization.In a case study conducted to assess the effectiveness of this method,a significant decrease in the source code analysis time was observed.展开更多
College students majoring in computer science and software engineering need to master skills for high-quality programming.However,rich research has shown that both the teaching and learning of high-quality programming...College students majoring in computer science and software engineering need to master skills for high-quality programming.However,rich research has shown that both the teaching and learning of high-quality programming are challenging and deficient in most college education systems.Recently,the continuous inspection paradigm has been widely used by developers on social coding sites(e.g.,GitHub)as an important method to ensure the internal quality of massive code contributions.This paper presents a case where continuous inspection is introduced into the classroom setting to improve students’programming quality.In the study,we first designed a specific continuous inspection process for students’collaborative projects and built an execution environment for the process.We then conducted a controlled experiment with 48 students from the same course during two school years to evaluate how the process affects their programming quality.Our results show that continuous inspection can help students in identifying their bad coding habits,mastering a set of good coding rules and significantly reducing the density of code quality issues introduced in the code.Furthermore,we describe the lessons learned during the study and propose ideas to replicate and improve the process and its execution platform.展开更多
文摘Different abnormalities are commonly encountered in computer network systems.These types of abnormalities can lead to critical data losses or unauthorized access in the systems.Buffer overflow anomaly is a prominent issue among these abnormalities,posing a serious threat to network security.The primary objective of this study is to identify the potential risks of buffer overflow that can be caused by functions frequently used in the PHP programming language and to provide solutions to minimize these risks.Static code analyzers are used to detect security vulnerabilities,among which SonarQube stands out with its extensive library,flexible customization options,and reliability in the industry.In this context,a customized rule set aimed at automatically detecting buffer overflows has been developed on the SonarQube platform.The memoization optimization technique used while creating the customized rule set enhances the speed and efficiency of the code analysis process.As a result,the code analysis process is not repeatedly run for code snippets that have been analyzed before,significantly reducing processing time and resource utilization.In this study,a memoization-based rule set was utilized to detect critical security vulnerabilities that could lead to buffer overflow in source codes written in the PHP programming language.Thus,the analysis process is not repeatedly run for code snippets that have been analyzed before,leading to a significant reduction in processing time and resource utilization.In a case study conducted to assess the effectiveness of this method,a significant decrease in the source code analysis time was observed.
基金We gratefully acknowledge the financial support from National Key R&D Program of China(2018 YFB1004202)the National Natural Science Foundation of China(Grant Nos.61472430,61502512,61532004 and 61379051).We also want to thank our students on their active participation in our study.
文摘College students majoring in computer science and software engineering need to master skills for high-quality programming.However,rich research has shown that both the teaching and learning of high-quality programming are challenging and deficient in most college education systems.Recently,the continuous inspection paradigm has been widely used by developers on social coding sites(e.g.,GitHub)as an important method to ensure the internal quality of massive code contributions.This paper presents a case where continuous inspection is introduced into the classroom setting to improve students’programming quality.In the study,we first designed a specific continuous inspection process for students’collaborative projects and built an execution environment for the process.We then conducted a controlled experiment with 48 students from the same course during two school years to evaluate how the process affects their programming quality.Our results show that continuous inspection can help students in identifying their bad coding habits,mastering a set of good coding rules and significantly reducing the density of code quality issues introduced in the code.Furthermore,we describe the lessons learned during the study and propose ideas to replicate and improve the process and its execution platform.
