DOCSLIB.ORG

Enhancing IDE Representation of Changes in Git with Refactorings Information

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Enhancing IDE Representation of Changes in Git with Refactorings Information REFACTORINSIGHT: Enhancing IDE Representation of Changes in Git with Refactorings Information Zarina Kurbatova,∗ Vladimir Kovalenko,∗y Ioana Savu,z Bob Brockbernd,z Dan Andreescu,z Matei Anton,z Roman Venediktov,x Elena Tikhomirova,∗ Timofey Bryksin∗x ∗JetBrains Research, yJetBrains N.V., zDelft University of Technology, xHigher School of Economics fzarina.kurbatova, vladimir.kovalenko, elena.tikhomirova, [email protected], fa.i.savu-1, B.J.Brockbernd, D.Andreescu, [email protected], [email protected] Abstract—Inspection of code changes is a time-consuming task However, currently IDEs do not provide much insight into that constitutes a big part of everyday work of software engineers. the semantics of changes, and developers still need to put effort Existing IDEs provide little information about the semantics of into figuring out whether and how the changes influence the code changes within the file editor view. Therefore developers have to track changes across multiple files, which is a hard task behavior of code and whether changes across multiple files are with large codebases. connected to each other. Visualizing information related to the In this paper, we present REFACTORINSIGHT, a plugin for semantics of code changes is a promising way to augment the IntelliJ IDEA that introduces a smart diff for code changes in presentation of changes in an IDE. One way of doing it is Java and Kotlin where refactorings are auto-folded and provided to separate the changes that represent refactorings from such with their description, thus allowing users to focus on changes that modify the code behavior like bug fixes and new features. changes that modify the behavior of code. Refactoring is a REFACTORINSIGHT supports three usage scenarios: viewing fundamental practice in software development and consists in smart diffs with auto-folded refactorings and hints, inspecting changing code without affecting its behavior [4]. Leppanen refactorings in pull requests and in any specific commit in the et al. interviewed software developers about the role and im- project change history, and exploring the refactoring history portance of refactoring [5]. The authors show that developers of methods and classes. The evaluation shows that commit processing time is acceptable: on median it is less than 0.2 are cautious of introducing new defects during refactoring and seconds, which delay does not disrupt developers’ IDE workflows. emphasize the importance of careful checking of such kind of REFACTORINSIGHT is available at https://github.com/ changes. These findings suggest that separating refactorings JetBrains-Research/RefactorInsight. The demonstration video is from other changes could be a promising developer assistance available at https://youtu.be/-6L2AKQ66nA. technique. Several refactoring-aware tools have been proposed to help I. INTRODUCTION developers during the inspection of code changes. Some of Inspecting code changes is a daily routine for software the tools are implemented as plugins for the Eclipse IDE and, engineers. Improving this procedure and its efficiency has been sadly, are limited in the number of refactorings they are able a focus of many efforts [1], [2], [3]. For example, developers to detect [6], [7]. Other tools are implemented as plugins to examine changes made by their colleagues to search for the Google Chrome browser and provide information about possible defects, check if the code follows project conventions, performed refactorings in changes on GitHub. RAID [8] can suggest better solutions and share the knowledge with the detect only 13 refactoring types in commits and pull requests, team [3]. Manual inspection of a large number of changes may while Refactoring Aware Commit Review works [9] only with be challenging. To reduce the cognitive load on developers, it commits. could be useful to simplify the process of inspecting changes We present REFACTORINSIGHT, a plugin for IntelliJ arXiv:2108.11202v1 [cs.SE] 25 Aug 2021 by presenting them in a more structured and compact way. IDEA [10] that auto folds refactorings in code diffs in Java A lot of features in modern IDEs are designed to boost and Kotlin and shows hints with their short descriptions. developers’ productivity. For example, code completion helps Also the plugin allows users to view a list of performed developers to write code faster and make fewer errors through refactorings in any specific commit or pull request as well reduced typing, while code folding1 helps developers to main- as the refactoring history for methods and classes. To detect tain focus by collapsing irrelevant code elements. Some of refactorings, our tool relies on RefactoringMiner [11], which such productivity-enhancing features are related to the process demonstrates the highest accuracy among existing approaches of reviewing code changes. For example, IntelliJ IDEA allows as shown in [11]. REFACTORINSIGHT is published in the its users to explore the change history of files or pieces of JetBrains plugin repository3. Its source code is available on code2. GitHub4. 1Code folding in IntelliJ IDEA: https://www.jetbrains.com/help/idea/ 3REFACTORINSIGHT in the plugin repository: https://plugins.jetbrains.com/ working-with-source-code.html#code folding plugin/14704-refactorinsight 2Explore change history in IntelliJ IDEA: https://www.jetbrains.com/help/ 4REFACTORINSIGHT on GitHub: https://github.com/JetBrains- idea/viewing-changes-information.html#changes history Research/RefactorInsight II. BACKGROUND TABLE I REFACTORING TYPES SUPPORTED BY REFACTORINSIGHT. Existing research suggests that developers benefit from refactoring-aware tool support in code review. Kim et al. [12] Java, Kotlin Java interviewed developers from Microsoft about the challenges Rename Variable/Method/Class Merge Variable/Parameter/Field and benefits of refactorings. One of the findings of the study Rename Parameter/Field Change Package Extract Variable/Method/Class Parameterize Variable is that refactoring may entail merge conflicts, regression bugs, Extract Interface/Superclass Extract Subclass impeded code review, and other risks. Besides, the developers Extract And Move Method Replace Variable/Field with Field reported that changes that contain refactorings are more diffi- Move Method/Class Split Variable/Parameter/Field Move And Rename Method Move And Rename Field cult to review. Thus, the authors conclude that development Pull Up Method/Field Pull Up Field of tools that make inspection of refactorings isolated from Push Down Method/Field Push Down Field other changes can be a promising direction for future research. Inline Method Move And Inline Method Alomar et al. [13] conducted an industrial case study involving Change Variable/Parameter developers from Xerox to investigate the mechanisms of Change Field Type refactoring-aware code review. The results show that one of Add/Remove/Reorder Parameter the main challenges is that refactoring changes are interleaved with bug fixes and new features. The reviewers need to make an effort to separate the changes in code logic and behavior- GitHub with information about performed refactorings. To preserving changes. detect refactorings in code changes, RAID relies on RefD- iff [14] that currently supports the detection of 13 refactor- There have been proposed several tools for automatic detec- ing types in code changes in Java, C, JavaScript, and Go. tion of refactorings in code changes [11], [14]. Tsantalis et al. The tool does not detect low-level refactorings that relate presented a standalone library called RefactoringMiner [11]. to variables. Another extension for Google Chrome called It demonstrates 99.6% precision and 94% recall, which are Refactoring Aware Commit Review [9] relies on the above- the highest results among other approaches, as shown in its mentioned RefactoringMiner library [11] to detect refactorings evaluation. The tool supports the detection of 40 refactoring and highlights them in commits on GitHub. The extension types. It analyzes the commit history using a statement match- works only with commits and as well as RAID works only in ing algorithm and refactoring detection rules, and provides a the Google Chrome browser. list of refactorings with descriptions for each commit. Each description contains information about code elements involved III. IMPLEMENTATION in the refactoring and their code ranges before and after the Some users prefer to review pull requests from GitHub refactoring. RefactoringMiner’s output is programmatic, but, within their IDE because it minimizes the context switches be- if integrated into existing tools that support working with Git, tween the IDE and the browser and therefore saves time [17]. can augment diffs and history, significantly saving developers’ Our solution is implemented as an IntelliJ IDEA plugin code inspection time. RefactoringMiner is also limited to that processes pull requests and the project Git history and working with Java projects only. We reduced both usability integrates refactoring reports in file diffs. REFACTORINSIGHT limitations, as we show in Section III. detects 40 types of refactorings in Java code changes and There is a number of working plugins for Eclipse IDE [7], 19 types of refactorings in Kotlin code changes. To save [15], [16], [6] and extensions for Chrome which visualize processing time, all information about refactorings detected refactoring information in Git diffs. Let’s have a brief overview in a project is stored locally. of their functionality. Ge et al. presented
Load more

Recommended publications
  • Analysis and Prediction of Number of Open Bugs Per Day by Using
    International Journal of Research and Scientific Innovation (IJRSI) | Volume V, Issue V, May 2018 | ISSN 2321–2705 Analysis and Prediction of Open Bugs Using Machine Learning Algorithms Sachin A S, Dr. Rajashree Shettar Department of Computer Science and Engineering, R V College of Engineering, Mysuru Road, Bengaluru, Karnataka, India. Abstract– There are many fault tracking repositories, some of problem[2]. Atlassian JIRA, Bugzilla, Mantis BT, Trac, them are YouTrack, Bugzilla, MantisBT and Atlassian JIRA. YouTrack etc., are some of the issue tracking systems which Atlassian JIRA repository has been used in this study, as it is are used in the software industries. But most extensively extensively accepted by most of the software companies. This accepted are JIRA and Bugzilla as they provide many features repository contains significant information of many projects. which are helpful for software development like task tracking, Each project has different kinds of issues such as bug(faults) reports, enhancement required to an existing feature, and new issues, bug, features many plugins to integrate with versioning feature of the product and task that needs to be done. This paper systems such as Git, mercury etc., and project management. focuses on analysing the previously raised bug report(history) to Consistently both commercial and open source projects understand the correlation and dependability of the attributes experience many changes to represent new client requirements like number of bugs created per day, their priority, number of days or hours taken to resolve etc., The data is then processed with the consideration of improving existing features, creation into a new format which will comply to machine learning of new features or to fix bugs.
    [Show full text]
  • Project Management Software March 2019
    PROJECT MANAGEMENT SOFTWARE MARCH 2019 Powered by Methodology CONTENTS 3 Introduction 5 Defining Project Management Software 6 FrontRunners (Small Vendors) 8 FrontRunners (Enterprise Vendors) 10 Runners Up 22 Methodology Basics 2 INTRODUCTION his FrontRunners analysis minimum qualifying score of 3.96 Tis a data-driven assessment for Usability and 3.91 for User identifying products in the Project Recommended, while the Small Management software market that Vendor graphic had a minimum offer the best capability and value qualifying score of 4.55 for Usability for small businesses. For a given and 4.38 for User Recommended. market, products are evaluated and given a score for Usability (x-axis) To be considered for the Project and User Recommended (y-axis). Management FrontRunners, a FrontRunners then plots 10-15 product needed a minimum of 20 products each on a Small Vendor user reviews published within 18 and an Enterprise Vendor graphic, months of the evaluation period. based on vendor business size, per Products needed a minimum user category. rating score of 3.0 for both Usability and User Recommended in both In the Project Management the Small and Enterprise graphics. FrontRunners infographic, the Enterprise Vendor graphic had a 3 INTRODUCTION The minimum score cutoff to be included in the FrontRunners graphic varies by category, depending on the range of scores in each category. No product with a score less than 3.0 in either dimension is included in any FrontRunners graphic. For products included, the Usability and User Recommended scores determine their positions on the FrontRunners graphic. 4 DEFINING PROJECT MANAGEMENT SOFTWARE roject management software and document management, as well Phelps organizations manage as at least one of the following: time and deliver projects on time, on tracking, budgeting, and resource budget and within scope.
    [Show full text]
  • Jetbrains Upsource Comparison Upsource Is a Powerful Tool for Teams Wish- Key Benefits Ing to Improve Their Code, Projects and Pro- Cesses
    JetBrains Upsource Comparison Upsource is a powerful tool for teams wish- Key benefits ing to improve their code, projects and pro- cesses. It serves as a polyglot code review How Upsource Compares to Other Code Review Tools tool, a source of data-driven project ana- lytics, an intelligent repository browser and Accuracy of Comparison a team collaboration center. Upsource boasts in-depth knowledge of Java, PHP, JavaScript, Integration with JetBrains Tools Python, and Kotlin to increase the efcien- cy of code reviews. It continuously analyzes Sales Contacts the repository activity providing a valuable insight into potential design problems and project risks. On top of that Upsource makes team collaboration easy and enjoyable. Key benefits IDE-level code insight to help developers Automated workflow, to minimize manual tasks. Powerful search engine. understand and review code changes more efectively. Smart suggestion of suitable reviewers, revi- IDE plugins that allow developers to partici- sions, etc. based on historical data and intel- pate in code reviews right from their IDEs. Data-driven project analytics highlighting ligent progress tracking. potential design flaws such as hotspots, abandoned files and more. Unified access to all your Git, Mercurial, Secure, and scalable. Perforce or Subversion projects. To learn more about Upsource, please visit our website at jetbrains.com/upsource. How Upsource Compares to Other Code Review Tools JetBrains has extensively researched various As all the products mentioned in the docu- tools to come up with a useful comparison ment are being actively developed and their table. We tried to make it as comprehensive functionality changes on a regular basis, this and neutral as we possibly could.
    [Show full text]
  • You Need to Know About Working from Home
    Everything you need to know about working from home Everything you need to know about working from home - Ebook. 1 Table of contents What is remote work and why most people choose to 01 work from home? 4 Benefits of working from home for 02 employees 6 Benefits of working from home for 03 employers 12 Remote work is here to stay, it’s not 04 a temporary trend 16 Debugging work from 05 home 18 Designing your home 06 work space 22 Art of Staying 07 Productive 26 Motivate 08 yourself! 36 Everything you need to know 2 about working from home - Ebook. How to make yourself known 09 and seen 42 Creating “virtual water cooler” in 10 your work space 48 Switching 11 off 52 Addressing loneliness while 12 working remotely 54 Meditation & 13 mindfulness 58 Global Work From 14 Home Day 62 Everything you need to know about working from home - Ebook. 3 What is remote work and why most people choose 01 to work from home? With continuously improving tech- Coworking spaces, social activities, nology and an ever changing work- and regular outdoor trips for example ing culture, remote work is becoming may not be relevant or recommended increasingly common in companies depending on your location and local around the globe. But now a lot of us are government guidelines. Please take finding ourselves in a situation where what you feel makes sense to you and we have to work from home due to the apply it in the safest way possible. We recent COVID-19 outbreak.
    [Show full text]
  • Agile Project Management Tools
    BULGARIAN ACADEMY OF SCIENCES CYBERNETICS AND INFORMATION TECHNOLOGIES Volume 19, No 4 Sofia 2019 Print ISSN: 1311-9702; Online ISSN: 1314-4081 DOI: 10.2478/cait-2019-0033 Agile Project Management Tools: A Brief Comprative View Deniz Özkan1,2, Alok Mishra2 1Havelsan, A.Ş., 06510, Mustafa Kemal, Çankaya, Ankara, Turkey 2Department of Software Engineering, Atilim University, Turkey E-mails: [email protected] [email protected] Abstract: Agile methodologies are becoming popular in software development. Managers are required to understand project’s progress and product quality without development documents. During Agile practices of the teams and organizations, Agile project management tools are frequently used. The use of such tools leads to achieving speed and efficiency, affects the quality of the software. The quality of final product is mostly related with to project management. Accordingly, the paper provides brief comparative perspective about the popular project management tools for agile projects. 16 popular Agile project management tools have been presented helping agile developers to plan and manage their tasks in an efficient manner. Taiga, Axosoft, Agielan, Planbox are more appropriate for start-up projects. The most twitted and most appreciated tools are reported as Jira, Trello, and VersionOne. SpiraTeam by Inflectra and Pivotal Tracker are other pricing and popular agile tools, providing flexibility to Agile developers and increase collaboration among team members. Keywords: Agile Methodologies, Agile Project Management Tool, Tools, Software Project Management. 1. Introduction Presently, Agile software development method is becoming popular as it helps organizations to develop software projects faster. Most organizations (71%), mention that by using this methodology, projects are 28% more successful than projects managed with traditional methods [1].
    [Show full text]
  • Serge Kosyrev Curriculum Vitae
    Serge Kosyrev Curriculum vitae ROLE SOUGHT b Zelenograd, Moscow (RU) ) Technologist T +7 (905) 5380951 ) Architect / team lead B kosyrev.serge protonmail com ) Senior software engineer E deepfire.github.io SYSTEM BUILDING EDUCATION 2000-2001 Engineering institute ) a SoC-targeted system software development and National Research University of assurance toolchain (IEEE 1149.1) Electronic Technology, Moscow ) two transpilers (one used in critical production environment) 2002-2006 Business school Institute of International Business ) a package manager and a proto-CI system for a Education, Moscow diverse environment (personal project) ) a hypervisor-based secure endpoint (prototype); the hypervisor was written from scratch PUBLIC PROJECTS 2017 undisclosed project HIGH-LEVEL DECLARATIVE DESIGN a knowledge representation & PROGRAMMING and visualisation tool. Don’t feel like talking about it yet ) pure, typed, functional: to support program rea- 2017 reflex-glfw soning, refactoring and assurance a library facilitating use of Re- • Haskell (expressive higher-kinded & dependent flex FRP with OpenGL/GLFW types, reactive (FRP), lazy evaluation) 2017 Barrelfish OS contributions ) metaprogramming: expanding ability to express Nix-based build environment solutions to very complex problems reproducibility (merged up- • Common Lisp (an extensible compiler) stream), stack traces (work in progress) PROGRAM SEMANTICS, 2015-ONGOING Contributions to Nixpkgs packaging software I need COMPILATION AND ANALYSIS for the NixOS Linux distribu- tion/package repository
    [Show full text]
  • Estudos Preliminares
    IGOR BESSA MENEZE PODER JUDICIÁRIO S JOSE MARIO VIANA JUSTIÇA DO TRABALHO BARBOSA JUNIOR LENIVIA TRIBUNAL REGIONAL DO TRABALHO DA 7ª REGIÃO DE CASTRO E SILVA MENDES FRANCISC O JONATHAN SECRETARIA DE TECNOLOGIA DA INFORMAÇÃO E COMUNICAÇÃO REBOUCAS MAIA Estudos Preliminares Contratação de Suporte Técnico, incluindo atualizações evolutivas e corretivas, para a ferramenta Atlassian Jira e Plugins eazyBI Reports and Charts e Git Integration. Estudos Preliminares - Contratação de Suporte Técnico, incluindo atualizações evolutivas e corretivas, para a ferramenta Atlassian Jira e Plugins eazyBI Reports and Charts e Git Integration. 1 PODER JUDICIÁRIO JUSTIÇA DO TRABALHO TRIBUNAL REGIONAL DO TRABALHO DA 7ª REGIÃO SECRETARIA DE TECNOLOGIA DA INFORMAÇÃO E COMUNICAÇÃO Sumário ANÁLISE DE VIABILIDADE DA CONTRATAÇÃO (Art.14) 4 Contextualização 4 Definição e Especificação dos Requisitos da Demanda (Art. 14, I) 5 Requisitos de Negócio 5 Requisitos Técnicos 6 Requisitos Temporais 6 Soluções Disponíveis no Mercado de TIC (Art. 14, I, a) 7 Contratações Públicas Similares (Art. 14, I, b) 10 Outras Soluções Disponíveis (Art. 14, II, a) 11 Portal do Software Público Brasileiro (Art. 14, II, b) 11 Alternativa no Mercado de TIC (Art. 14, II, c) 12 Modelo Nacional de Interoperabilidade – MNI (Art. 14, II, d) 12 Infraestrutura de Chaves Públicas Brasileira – ICP-Brasil (Art. 14, II, e) 12 Modelo de Requisitos Moreq-Jus (Art. 14, II, f) 12 Análise Comparativa dos Custos das Soluções (Art. 14, III) 12 Escolha e Justificativa da Solução (Art. 14, IV) 15 Descrição da Solução (Art. 14, IV,a) 21 Alinhamento da Solução (Art. 14, IV, b) 22 Benefícios Esperados (Art. 14, IV, c) 22 Relação entre a Demanda Prevista e a Contratada (Art.
    [Show full text]
  • Veni, Vidi, Vici
    Code Review: Veni, ViDI, Vici Yuriy Tymchuk, Andrea Mocci, Michele Lanza REVEAL @ Faculty of Informatics - University of Lugano, Switzerland Abstract—Modern software development sees code review as For example many of them leverage static code analysis a crucial part of the process, because not only does it facilitate techniques, like the ones provided by FindBugs [5], to spot the sharing of knowledge about the system at hand, but it may implementation problems. However, the results from such also lead to the early detection of defects, ultimately improving techniques are poorly integrated in a code review process, as the quality of the produced software. Although supported by we will see later. numerous approaches and tools, code review is still in its infancy, and indeed researchers have pointed out a number of We propose an approach to augment code review by inte- shortcomings in the state of the art. grating software quality evaluation, and more general design We present a critical analysis of the state of the art of code assessment, not only as a first class citizen, but as the core review tools and techniques, extracting a set of desired features concern of code review. Our approach, called Visual Design that code review tools should possess. We then present our vision Inspection (ViDI), uses visualization techniques to drive the and initial implementation of a novel code review approach quality assessment of the reviewed system, exploiting data named Visual Design Inspection (ViDI), illustrated through a set obtained through static code analysis. ViDI enables intuitive of usage scenarios. ViDI is based on a combination of visualization and easy defect fixing, personalized annotations, and review techniques, design heuristics, and static code analysis techniques.
    [Show full text]
  • Add a Commit Reference to a Issue
    Add A Commit Reference To A Issue Opened Zelig reprograms very bilaterally while William remains uncontaminated and formulary. Say staved slubberingly. Wiggly Dawson never pargeted so meteorically or cant any Copland anthropologically. The image after a reference points is the history showing the root. VCS, then the message body. Git is a distributed version-control system for tracking changes in any coincidence of files originally. This is demonstrated with the following command. Thanks for later feedback. Within this project, that create a snack for selected commits based on back HEAD pointer you can consent the following commands. Contact support to moving or erode the redirect URL for you. For most rules, institutions and governments raise, push requires no further parameters and hence can be performed without showing another dialog based on the stored upstream configuration. But still commit reference issues, add references found it only to refer to push. At Morgan Stanley, like the assignee, Bitbucket Cloud was not an exception in my seeking for enhancements. How do you attach a planter to a fence? URI of the upstream repository you company to him to. NET date and ASP. To use Git LFS, Git LFS replaces its contents with a pointer, the staging view can be kept walking while doing changes. Learn to add cognitive complexity issue and sometimes you all projects are committing, tags are not required status when you specify ranges can have been fetched will. See the issue in the most obvious typos, committing the log messages and answer. Those protections also include electronic intrusions a reference to.
    [Show full text]
  • JIRA Administration 7.3 Documentation for JIRA Administration 7.3 2
    JIRA administration 7.3 Documentation for JIRA administration 7.3 2 Contents Administering JIRA applications 7.3 . 7 JIRA applications and project types overview . 7 Installing JIRA applications . 10 JIRA applications installation requirements . 10 Installing Java . 12 Supported platforms . 16 End of support announcements . 19 Evaluation installation . 24 Installing JIRA applications on Windows . 25 Uninstalling JIRA applications from Windows . 30 Installing JIRA applications on Windows from Zip File . 31 Installing JIRA applications on Linux . 35 Uninstalling JIRA applications from Linux . 38 Installing JIRA applications on Linux from Archive File . 39 Unattended installation . 45 Installing additional applications and version updates . 46 Connecting JIRA applications to a database . 48 Connecting JIRA applications to PostgreSQL . 48 Connecting JIRA applications to MySQL . 52 Connecting JIRA applications to Oracle . 57 Connecting JIRA applications to SQL Server 2012 . 60 Connecting JIRA applications to SQL Server 2014 . 64 Tuning database connections . 69 Surviving connection closures . 78 Switching databases . 80 Installing JIRA Data Center . 81 Running the setup wizard . 86 Licensing and application access . 89 License compatibility . 90 Extending JIRA applications . 91 Using AppLinks to link to other applications . 92 Administering projects and links across multiple applications . 94 Managing add-ons . 95 Integrating with development tools . 96 Synchronize an account . 101 Configure automatic team invitations . 102 Linking a Bitbucket or GitHub repository with JIRA . 103 Enable Smart Commits . 108 Getting started with Bitbucket and JIRA Cloud . 111 Integrating with other tools . 117 Listeners . 119 Managing webhooks . 121 Services . 121 Integrating with collaboration tools . 123 Upgrading JIRA applications . 127 Upgrading JIRA applications manually . 128 Upgrading JIRA applications with a fallback method .
    [Show full text]
  • Khodayari and Giancarlo Pellegrino, CISPA Helmholtz Center for Information Security
    JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals Soheil Khodayari and Giancarlo Pellegrino, CISPA Helmholtz Center for Information Security https://www.usenix.org/conference/usenixsecurity21/presentation/khodayari This paper is included in the Proceedings of the 30th USENIX Security Symposium. August 11–13, 2021 978-1-939133-24-3 Open access to the Proceedings of the 30th USENIX Security Symposium is sponsored by USENIX. JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals Soheil Khodayari Giancarlo Pellegrino CISPA Helmholtz Center CISPA Helmholtz Center for Information Security for Information Security Abstract ior and avoiding the inclusion of HTTP cookies in cross-site Client-side CSRF is a new type of CSRF vulnerability requests (see, e.g., [28, 29]). In the client-side CSRF, the vul- where the adversary can trick the client-side JavaScript pro- nerable component is the JavaScript program instead, which gram to send a forged HTTP request to a vulnerable target site allows an attacker to generate arbitrary requests by modifying by modifying the program’s input parameters. We have little- the input parameters of the JavaScript program. As opposed to-no knowledge of this new vulnerability, and exploratory to the traditional CSRF, existing anti-CSRF countermeasures security evaluations of JavaScript-based web applications are (see, e.g., [28, 29, 34]) are not sufficient to protect web appli- impeded by the scarcity of reliable and scalable testing tech- cations from client-side CSRF attacks. niques. This paper presents JAW, a framework that enables the Client-side CSRF is very new—with the first instance af- analysis of modern web applications against client-side CSRF fecting Facebook in 2018 [24]—and we have little-to-no leveraging declarative traversals on hybrid property graphs, a knowledge of the vulnerable behaviors, the severity of this canonical, hybrid model for JavaScript programs.
    [Show full text]
  • Judging Handbook: Part 1 a Guide to Judging at the Igem Jamboree
    Judging Handbook: Part 1 A Guide to Judging at the iGEM Jamboree Judging Handbook: Part 1 A Guide to Judging at the iGEM Jamboree iGEM 2015 | Judging Handbook 3 Table of Contents Table of Contents Introduction from the Executive Judging Committee .............................................. 6 How to begin your judging assignment ............................................................... 8 To consider during your evaluations ......................................................................... 9 On Feedback ...................................................................................................... 9 A note on the Responsible Conduct Committee .................................................. 9 Excellence in iGEM: Finalist Case Studies ............................................................... 10 Case Study 1: Heidelberg 2014 ........................................................................... 11 Case Study 2: UC Davis 2014 .............................................................................. 14 Case Study 3: Paris-Bettencourt 2013 ................................................................. 17 Case Study 4: Calgary 2012 ................................................................................ 19 Medals ........................................................................................................................... 21 NEW Standard Pages and Static Links ........................................................................ 21 Judging Forms ...................................................................................................
    [Show full text]