Home 零对冲(ZeroHedge)每日HackerNews

PyCharm 中的不安全代码补全是一种漏洞吗?
Are insecure code completions in PyCharm a vulnerability?

原始链接: https://sethmlarson.dev/are-insecure-code-completions-a-vulnerability

作者对 PyCharm 的“全行代码补全”(Full Line Completion)功能进行了评估,指出该 AI 工具经常建议不安全的代码模式,例如在 `urllib3` 中禁用 SSL 警告和证书验证。如果开发人员采纳这些建议,可能会无意中给代码库引入严重的漏洞。 在报告此问题后,作者发现 JetBrains 对这种行为是否构成正式的安全漏洞态度模糊。虽然 JetBrains 最初为了披露目的将其标记为漏洞,但后来似乎不愿将其列为优先处理事项。尽管经过了 90 天的等待并确认问题在最新更新中依然存在,作者指出该功能并未得到实质性改进。 作者认为,虽然为 AI 代码生成错误分配 CVE 编号可能不是合适的解决方案,但目前的状况确实存在问题。由于开发人员为了提高效率而依赖 IDE 的建议,这些模型中普遍存在的“不安全默认设置”构成了系统性风险。作者总结称,这些工具必须进行改进以优先考虑安全性,因为忽视这一问题会迫使开发人员承担风险,而这些风险正是由本应提供辅助的工具所引入的。

Hacker News 最新 | 过往 | 评论 | 提问 | 展示 | 招聘 | 提交 登录 PyCharm 中的不安全代码补全算是一种漏洞吗?(sethmlarson.dev) 9 点,由 12_throw_away 发布于 3 小时前 | 隐藏 | 过往 | 收藏 | 1 条评论 帮助 marcosdumay 7 分钟前 [–] 嗯,插件开发者对此确实无能为力。而且这正是大模型开发者在过去两年里一直试图解决的问题。显然,即便牺牲掉一些其他功能也难以做到。他们并不是不想,而是无法可靠地实现。 回复 指南 | 常见问题 | 列表 | API | 安全 | 法律 | 申请 YC | 联系 搜索:
相关文章
原文

Three months ago I saw that PyCharm shipped with a “Full Line Completion” plugin that “uses a local deep learning model to suggest entire lines of code”. These suggestions manifest as whole-line suggestions after you start typing and can be accepted with Tab. Essentially auto-complete for entire lines.

I decide to test this functionality. I started by writing import urllib3, created a new line, and then typed u and received a suggested completion for the line marked below with a dashed border. I was not impressed by the result:

import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

Accepting this line would mean that any insecure requests made with urllib3 would not result in a user-visible warning. I didn't accept this suggestion and then began to instantiate a urllib3.PoolManager and what I feared would come next was confirmed:

import urllib3

urllib3.PoolManager(
    cert_reqs='CERT_NONE',

The suggestion offered to disable certificate verification (CERT_NONE) which would make every request made by the PoolManager susceptible to monster-in-the-middle (MITM) attacks. Accepting this code as-is would mean the program I am writing has a severe vulnerability. If I had accepted the prior suggestion too, then urllib3 would have no chance to warn the user about this mistake prior to productionizing this code.

Clearly something insecure is going on here, but for a CVE to be assigned we have to decide which software component is vulnerable. Does this behavior warrant a CVE at all? I am not sure which is unfortunate, without a security-angle to a bug report companies are less likely to prioritize reports.

I reported this behavior to JetBrains for “Full Line Code Completion” v253.29346.142 and clearly their support staff weren't certain whether this defect was a security vulnerability or not either. When I asked to publish a blog post about this behavior after they confirmed this report wasn’t a “direct security vulnerability” (which I agree with) but then was asked not to publicize my report and referred to PyCharm’s Coordinated Disclosure Policy so... which is it? Security vulnerability or not?

I ended up waiting the 90 days anyway and I didn't hear back with any substantive update from the development team. I double-checked again today using “Full Line Code Completion” v261.24374.152 and the behavior is identical, suggesting the same insecure code for both contexts.

This isn’t meant to be a specific dig at PyCharm or JetBrains, I have no-doubt that examples like this exist in every code generation model available. I don’t think using CVEs for this purpose is appropriate or helpful for users, either. But not prioritizing and addressing this behavior at the source means more work to mitigate the potential for insecure code to be accepted by users who are trusting what is offered to them by their IDE.

What do you think? I am interested in knowing your thoughts about this specific class of issue with code generation models.

Wow, you made it to the end!

联系我们 contact @ memedata.com