DeepAI AI Chat
Log In Sign Up

Python Crypto Misuses in the Wild

by   Anna-Katharina Wickert, et al.
Technische Universität Darmstadt

Background: Previous studies have shown that up to 99.59 using crypto APIs misuse the API at least once. However, these studies have been conducted on Java and C, while empirical studies for other languages are missing. For example, a controlled user study with crypto tasks in Python has shown that 68.5 crypto task. Aims: To understand if this observation holds for real-world code, we conducted a study of crypto misuses in Python. Method: We developed a static analysis tool that covers common misuses of 5 different Python crypto APIs. With this analysis, we analyzed 895 popular Python projects from GitHub and 51 MicroPython projects for embedded devices. Further, we compared our results with the findings of previous studies. Results: Our analysis reveals that 52.26 libraries API design helps developers from misusing crypto functions, which were much more common in studies conducted with Java and C code. Conclusion: We conclude that we can see a positive impact of the good API design on crypto misuses for Python applications. Further, our analysis of MicroPython projects reveals the importance of hybrid analyses.


page 4

page 5


Method Chaining Redux: An Empirical Study of Method Chaining in Java, Kotlin, and Python

There are possible benefits and drawbacks to chaining methods together, ...

Blindspots in Python and Java APIs Result in Vulnerable Code

Blindspots in APIs can cause software engineers to introduce vulnerabili...

Revisiting Dockerfiles in Open Source Software Over Time

Docker is becoming ubiquitous with containerization for developing and d...

What should I document? A preliminary systematic mapping study into API documentation knowledge

Background: Good API documentation facilities the development process, i...

PyART: Python API Recommendation in Real-Time

API recommendation in real-time is challenging for dynamic languages lik...

CryptoExplorer: An Interactive Web Platform Supporting Secure Use of Cryptography APIs

Research has shown that cryptographic APIs are hard to use. Consequently...

The NLTK FrameNet API: Designing for Discoverability with a Rich Linguistic Resource

A new Python API, integrated within the NLTK suite, offers access to the...