Data

Tools

Indexes

Applications

Experiments

Open Source Science

python-crypto-misuses-study-results

Study results and scripts to obtain the results for our paper "Python Crypto Misuses in the Wild" [@akwick @gh0st42 @Breitfelder @miramezini]

https://github.com/stg-tud/python-crypto-misuses-study-results

Science Score: 65.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
    Found 2 DOI reference(s) in README
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
    Organization stg-tud has institutional domain (www.stg.tu-darmstadt.de)
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (9.5%) to scientific vocabulary
Last synced: 6 months ago · JSON representation ·

Repository

Study results and scripts to obtain the results for our paper "Python Crypto Misuses in the Wild" [@akwick @gh0st42 @Breitfelder @miramezini]

Basic Info
Statistics
  • Stars: 3
  • Watchers: 3
  • Forks: 2
  • Open Issues: 0
  • Releases: 0
Created over 4 years ago · Last pushed almost 2 years ago
Metadata Files
Readme License Citation

README.md

Data Set: Python Crypto Misuses in the Wild

This are the evaluation and scripts for out paper: Python Crypto Misuses in the Wild.

Authors: Anna-Katharina WickertORCID iD icon, Lars BaumgärtnerORCID iD icon, Florian BreitfelderORCID iD icon, and Mira MeziniORCID iD icon. Technische Universität Darmstadt, D-64289 Darmstadt, Germany.

Directory structure

The directories in this repository contain the following: - evaluations/evaluation-python-code contains the evaluation of the Python and MircoPython projects. Also includes the R-scripts used to generate Figure 2 to 4 included in our paper. - evaluations/evaluation/crypto-api-bench contain the evaluation of the Java analysis component of LICMA. As our paper focused on the misuses in Python, we did not discuss these results in the paper. - tools contains Python and Shell scripts to replicate our results.

Raw project data: Project Source Files

We analyzed the top 895 Python repositories from GitHub sorted by stars. Further, we downloaded the dependencies from these projects with the standard dependency manager pip. To gather these data, we used the Python and Shell scripts in tools.

To improve the reproduction of our study, we provide the projects and dependencies source code as zip archives on Figshare: https://doi.org/10.6084/m9.figshare.16499085.v1.

Data: Python Crypto Misuses

The evaluations/evaluation-python-code/python/06_licma_analysis_results/FINAL_licma-result-2020-08-06_152020507612.csv file contains all our findings of misuses in Python. Each line represents one finding with the matching file, the identified rule, and further infromation like the misused API, and the identified parameter. The hit-type distinguishes between a definite (critical) and potential (warning) misuse.

How to Reproduce the Figures 2 to 4

To reproduce Figures 2 to 4, you can simply run the R markdown which also provides more details. - Fig. 2 and Fig. 3: evaluations/evaluation-python-code/python/06_licma_analysis_results/evaluation.Rmd - Fig. 4: evaluations/evaluation-python-code/python/06_licma_analysis_results/meta-analysis.Rmd

You can also view the corresponding by us generated md files.

License

All project and dependency code is licensed under the terms of the respective licenses for the specific projects.

Creative Commons Lizenzvertrag
Our study material and data set is licensed under a Creative Commons Attribution 4.0 International License.

Owner

  • Name: Software Technology Group
  • Login: stg-tud
  • Kind: organization
  • Location: Technische Universität Darmstadt, Germany

Citation (CITATION.cff) 

cff-version: 1.2.0
message: "If you use this data, please cite the 'preferred-citation'."
authors:
- family-names: "Wickert"
  given-names: "Anna-Katharina"
  orcid: "https://orcid.org/0000-0002-1441-2423"
- family-names: "Baumgärtner"
  given-names: "Lars"
  orcid: "https://orcid.org/0000-0002-5805-2773"
- family-names: "Breitfelder"
  given-names: "Florian"
  orcid: "https://orcid.org/0000-0003-2337-1819"
- family-names: "Mezini"
  given-names: "Mira"
  orcid: "https://orcid.org/0000-0001-6563-7537"
title: "Data set for the paper Python Crypto Misuses in the Wild"
doi: 10.6084/m9.figshare.16499085.v1
date-released: 2021-08-30
url: "https://github.com/stg-tud/python-crypto-misuses-study-results"
preferred-citation:
  type: conference-paper
  authors:
  - family-names: "Wickert"
    given-names: "Anna-Katharina"
    orcid: "https://orcid.org/0000-0002-1441-2423"
  - family-names: "Baumgärtner"
    given-names: "Lars"
    orcid: "https://orcid.org/0000-0002-5805-2773"
  - family-names: "Breitfelder"
    given-names: "Florian"
    orcid: "https://orcid.org/0000-0003-2337-1819"
  - family-names: "Mezini"
    given-names: "Mira"
    orcid: "https://orcid.org/0000-0001-6563-7537"
  doi: "10.1145/3475716.3484195"
  booktitle: "Proceedings of the 15th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)"
  month: 10
  year: 2021
  title: "Python Crypto Misuses in the Wild"

GitHub Events

Total
  • Fork event: 1
Last Year
  • Fork event: 1