Reduktion von Quellcoderedundanz als Motivator der Evolution von Programmiersprachen am Beispiel von Java 8

Triebel, Anna Juliane

23 April 2018

Ist die Reduktion von Quellcoderedundanz ein Motivator für die Evolution von Programmiersprachen? Das ist die Ausgangsfrage der Untersuchung, die exemplarisch an Sprachfeatures von Java 8 beleuchtet wird. Code Clones und Boilerplate Code werden als Formen von Quellcoderedundanz aufgefasst, beschrieben und definiert. Quellcoderedundanz wird als das Verhältnis der Komplexität des Ausdrucks und der durch diesen transportierte Information definiert und operationalisiert. Zur Messung der Änderung der Quellcoderedundanz durch Java 8 werden Codesegmente von Java 7 auf Java 8 migriert. Bei konstantem Informationsgehalt wird die Ausdruckskomplexität durch Maße der statischen Codeanalyse verglichen. Die Untersuchung zeigt für alle betrachteten Sprachfeatures eine Abnahme der Quellcoderedundanz, die aus einer Reduktion von Boilerplate Code oder dem Wegfall von Code Clones resultiert. Die Ergebnisse deuten darauf hin, dass die Reduktion von Quellcoderedundanz für die mit Java 8 in die Sprache eingeführten Neuerungen zumindest eine notwendige Eigenschaft ist. Um im Ökosystem der Programmiersprachen weiter bestehen zu können, müssen sich Sprachen weiterentwickeln, da ihr technologisches Umfeld stets im Wandel ist. Um seinen Nutzern die Möglichkeit zu geben, qualitativ hochwertigen Quellcode zu verfassen, müssen Sprachmittel zur Verfügung gestellt werden, die eine elegante Ausdrucksform komplexer Sachverhalte erlauben. Eine geringe Quellcoderedundanz kann also als Qualitätsmerkmal für Quellcode gelten und deren Ermöglichung als Evolutionsvorteil für Programmiersprachen angesehen werden.:1 Einleitung 2 Programmiersprachen und Quellcoderedundanz 2.1 Code Clones 2.2 Boilerplate Code 2.3 Quellcoderedundanz 3 Paradigmenwechsel mit Java 8 3.1 Streams API 3.2 Lambda-Ausdrücke 3.3 Die Klasse Optional<T> 3.4 default-Methoden in Interfaces 4 Schluss

info:eu-repo/classification/ddc/330

ddc:330

Enhancing CryptoGuard's Deployability for Continuous Software Security Scanning

Frantz, Miles Eugene

21 May 2020

The increasing development speed via Agile may introduce overlooked security steps in the process, with an example being the Iowa Caucus application. Verifying the protection of confidential information such as social security numbers requires security at all levels, providing protection through any connected applications. CryptoGuard is a static code analyzer for Java. This program verifies that developers do not leave vulnerabilities in their application. The program aids the developer by identifying cryptographic misuses such as hard-coded keys, weak program hashes, and using insecure protocols. In my Master thesis work, I made several important contributions to improving the deployability, accessibility, and usability of CryptoGuard. I extended CryptoGuard to scan source and compiled code, created live documentation, and supported a dual cloud and local tool-suite. I also created build tool plugins and a program aid for CryptoGuard. In addition, I also analyzed several Java-related surveys encompassing more than 50,000 developers and reported interesting current practices of real-world software developers. / Master of Science / Throughout the rise of software development, there has been an increase in development speed with developers embracing methodologies that use higher rates of changes, such as Agile. Since Agile naturally addresses "problems of rapid change", this also increases the likelihood of insecure and vulnerable coding practices. Though consumers depend on various public applications, there can still be failures throughout the development process in applications such as the Iowa caucus application. It was determined the Iowa cacus application development teams' repository credentials (API key) was left within the application itself. API keys provide the credential to be able to directly interact with server systems, and if left unguarded can be easily exploited. Since the Iowa cacus application was released publicly, malicious actors (other people looking to exploit the application) may have already discovered this credential. Within our team we have created CryptoGuard, a program to analyze applications to detect cryptographic issues such as an API key. Creating it with scalability in mind, it was created to be able to scan enterprise code at a reasonable speed. To ensure its use within companies, we have been working on extending and enhancing the work to the current needs of Java developers. Verifying the current Java landscape, we investigated three different companies and their developer ecosystem surveys that are publicly available. Amongst these companies are; JetBrains, known for their Integrated Development Environments (IDE, or application to help write applications) and their own programming language, Snyk, known for their public security platform and anti-virus capability, and Jakarta EE, which is the new platform for the enterprise version of Java. Throughout these surveys, we accumulate more than 50,000 developers' responses, spanning various countries, company experience, and ages. With their responses amalgamated, we enhance CryptoGuard to be available to as many developers and their requests as possible.First, CryptoGuard is enhanced to scan a projects source code. After that, ensuring our project is hosted by a cloud service, we actively are extending our project to the Security Assurance Marketplace (SWAMP). Funded by the DHS, SWAMP not only supplies a public cloud for developers to use, but a local download option to scan a program within the user's own computer. Next, we create a plugin for two most used build tools, Gradle and Maven. Then to ensure CryptoGuard can be have reactive aide, CryptoSoule is created to aide minimal interface aide. Finally utilizing a live documentation service, an open source documentation website was created to provide working examples to the community.

Cryptoguard

Static-Code Analyzer

Java

Deployment Grade

Gradle

Maven

Java 8

Java 7

Java 11

Možnosti deklarativního programování v jazyku Java 8 / Possibilities of Declarative Programming in Java 8

Rytych, Maxim

January 2015

This paper concerns itself with possibilities of declarative programming in the new version of Java 8 language, specifically using elements adopted from the domain of functional programming languages: function as a value and lazy streams of data. The goal of this paper is to demonstrate possibilities of declarative programming using these elements, analyze its implementation and design own extensions. The contribution lies particularly in showing possibilities of the new elements, implementation analysis and design of a new functionality. The output can be used by a Czech reader, who is at least slightly advanced in the field of information technologies. The paper is divided into a theoretical and practical parts. Theoretical part is covered by chapters 3-8. Theoretical part describes motivation for introduction of the new elements, describes functional programming and its basic principles, then it shows basic principles of the newly introducted elements and ends with the description of the java.util.stream package. Pactical part is covered by chapters 9 and 10. Practical part concerns with stream oper-ations and extension design of existing functionality.