An in-depth study of software library upgrade dependency issues
The massive demand of software systems brought about a growth in efficiency in software creation. As such, it is standard practice for modern day developers to reuse codes written not just by themselves but from third-party developers in the form of libraries. These third-party libraries are consis...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2023
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/165991 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | The massive demand of software systems brought about a growth in efficiency in software creation. As such, it is standard practice for modern day developers to reuse codes written not just by themselves but from third-party developers in the form of libraries.
These third-party libraries are consistently growing and updated through time, which can have an adverse impact on all software utilizing them, such as the growth of security vulnerabilities unbeknownst to the software creator. These vulnerabilities can be exploited by malicious users, which can have deadly consequences depending on the nature of the software. Furthermore, compatibility issues between third-party libraries and the software that utilizes them can arise due to negligence and the lack of regular updates for these libraries.
This final year project will be an extension of a previous study done by my senior, Nicholas Yeo Ming Jie (Project ID: SCSE21-0215), which had proposed a method to detect these vulnerabilities using Concrete Syntax Tree (CST) generated by parsing projects using LibCST. A discussion on the effort needed to detect, prevent, or mitigate these issues will be made in the report.
The methods used to detect vulnerabilities will be applied to 15 open-source projects written in Python. We will be analyzing 6 different libraries, with 5 projects under each library. In this study, it has further acknowledged the findings in the previous study that there is a high level of third-party library dependency. This result is due to the large amount of Application Programming Interface (API) calls made from the selected open-source projects, and the high number of distinct usage patterns.
The findings have further proven that the detection of security vulnerabilities is extremely important, and there is a need to further investigate the security vulnerabilities that affect these software libraries as the potential impact can be extremely harmful. |
|---|