An in-depth study of software library upgrade dependency issues
The massive demand of software systems brought about a growth in efficiency in software creation. As such, it is standard practice for modern day developers to reuse codes written not just by themselves but from third-party developers in the form of libraries. These third-party libraries are consis...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2023
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/165991 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-165991 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1659912023-04-21T15:38:05Z An in-depth study of software library upgrade dependency issues Teo, Dave Hwa Tao Li Yi School of Computer Science and Engineering yi_li@ntu.edu.sg Engineering::Computer science and engineering::Software The massive demand of software systems brought about a growth in efficiency in software creation. As such, it is standard practice for modern day developers to reuse codes written not just by themselves but from third-party developers in the form of libraries. These third-party libraries are consistently growing and updated through time, which can have an adverse impact on all software utilizing them, such as the growth of security vulnerabilities unbeknownst to the software creator. These vulnerabilities can be exploited by malicious users, which can have deadly consequences depending on the nature of the software. Furthermore, compatibility issues between third-party libraries and the software that utilizes them can arise due to negligence and the lack of regular updates for these libraries. This final year project will be an extension of a previous study done by my senior, Nicholas Yeo Ming Jie (Project ID: SCSE21-0215), which had proposed a method to detect these vulnerabilities using Concrete Syntax Tree (CST) generated by parsing projects using LibCST. A discussion on the effort needed to detect, prevent, or mitigate these issues will be made in the report. The methods used to detect vulnerabilities will be applied to 15 open-source projects written in Python. We will be analyzing 6 different libraries, with 5 projects under each library. In this study, it has further acknowledged the findings in the previous study that there is a high level of third-party library dependency. This result is due to the large amount of Application Programming Interface (API) calls made from the selected open-source projects, and the high number of distinct usage patterns. The findings have further proven that the detection of security vulnerabilities is extremely important, and there is a need to further investigate the security vulnerabilities that affect these software libraries as the potential impact can be extremely harmful. Bachelor of Engineering Science (Computer Science) 2023-04-18T05:37:08Z 2023-04-18T05:37:08Z 2023 Final Year Project (FYP) Teo, D. H. T. (2023). An in-depth study of software library upgrade dependency issues. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/165991 https://hdl.handle.net/10356/165991 en SCSE22-0202 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Software |
| spellingShingle |
Engineering::Computer science and engineering::Software Teo, Dave Hwa Tao An in-depth study of software library upgrade dependency issues |
| description |
The massive demand of software systems brought about a growth in efficiency in software creation. As such, it is standard practice for modern day developers to reuse codes written not just by themselves but from third-party developers in the form of libraries.
These third-party libraries are consistently growing and updated through time, which can have an adverse impact on all software utilizing them, such as the growth of security vulnerabilities unbeknownst to the software creator. These vulnerabilities can be exploited by malicious users, which can have deadly consequences depending on the nature of the software. Furthermore, compatibility issues between third-party libraries and the software that utilizes them can arise due to negligence and the lack of regular updates for these libraries.
This final year project will be an extension of a previous study done by my senior, Nicholas Yeo Ming Jie (Project ID: SCSE21-0215), which had proposed a method to detect these vulnerabilities using Concrete Syntax Tree (CST) generated by parsing projects using LibCST. A discussion on the effort needed to detect, prevent, or mitigate these issues will be made in the report.
The methods used to detect vulnerabilities will be applied to 15 open-source projects written in Python. We will be analyzing 6 different libraries, with 5 projects under each library. In this study, it has further acknowledged the findings in the previous study that there is a high level of third-party library dependency. This result is due to the large amount of Application Programming Interface (API) calls made from the selected open-source projects, and the high number of distinct usage patterns.
The findings have further proven that the detection of security vulnerabilities is extremely important, and there is a need to further investigate the security vulnerabilities that affect these software libraries as the potential impact can be extremely harmful. |
| author2 |
Li Yi |
| author_facet |
Li Yi Teo, Dave Hwa Tao |
| format |
Final Year Project |
| author |
Teo, Dave Hwa Tao |
| author_sort |
Teo, Dave Hwa Tao |
| title |
An in-depth study of software library upgrade dependency issues |
| title_short |
An in-depth study of software library upgrade dependency issues |
| title_full |
An in-depth study of software library upgrade dependency issues |
| title_fullStr |
An in-depth study of software library upgrade dependency issues |
| title_full_unstemmed |
An in-depth study of software library upgrade dependency issues |
| title_sort |
in-depth study of software library upgrade dependency issues |
| publisher |
Nanyang Technological University |
| publishDate |
2023 |
| url |
https://hdl.handle.net/10356/165991 |
| _version_ |
1764208171630460928 |