AwakeOverFlow

Inspiration

Ensuring the security of software is a vital and continuous challenge in today's software development. In 2021, the NIST Computer Security Division1 reported more than 18,000 software flaws, and this figure has been rising since 2016. Faulty applications may act in unexpected ways, and these vulnerabilities are often exploited by malicious hackers. For instance, recent studies reveal that cybercriminals use special platforms and search engines, such as Shodan2, to find networks that are vulnerable to known attacks and take advantage of them before a patch can be applied.

Our mission is to create an IDE plugin that not only detects vulnerability in code, but to also have a generated AI assistant along side you to guide you through a secure code development.

What it does

The plugin analyzes C/C++ and Java source code for common vulnerabilities such as memory addresses issues (e.g., buffer overflows) and thread synchronization issues (e.g., data race). The plugin highlights the code segment that is the cause of the vulnerability and re-write a secure version of the code without messing up the intended behavior of the code.

How we built it

We used Python and Bash as scripting languages, VS code and its dependencies to build the extension, Google Gemini for fixing vulnerable code, Clang infrastructure and Infer for detecting vulnerable code patterns.

Challenges we ran into

We haven't slept since yesterday. It's our first time to work such kind of coding projects, we are mostly interested in research. It's hard to find updated analysis tools that can analyze different programming language. Our project has many components, integrating them together was very challenging.

Accomplishments that we're proud of

We learned a lot from that, it's our first to get exposed to such a challenge. We believe we could integrate the "creativity" component in our project. We learned how to push/pull changes from different machines into the same GitHub repository without messing up versions.

What we learned

We learned how to push/pull changes from different machines into the same GitHub repository without messing up versions. We learned manage our time, and make decision about what to integrate and what to ignore.