Data

Tools

Indexes

Applications

Experiments

Open Source Science

glitch

GLITCH is a technology-agnostic framework that enables automated detection of code smells in Infrastructure-as-Code scripts.

https://github.com/sr-lab/glitch

Science Score: 67.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
    Found 5 DOI reference(s) in README
  • Academic publication links
    Links to: arxiv.org, zenodo.org
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (11.9%) to scientific vocabulary

Keywords

ansible chef iac linter puppet smell-detector
Last synced: 6 months ago · JSON representation ·

Repository

GLITCH is a technology-agnostic framework that enables automated detection of code smells in Infrastructure-as-Code scripts.

Basic Info
  • Host: GitHub
  • Owner: sr-lab
  • License: gpl-3.0
  • Language: Python
  • Default Branch: main
  • Homepage:
  • Size: 4.02 MB
Statistics
  • Stars: 22
  • Watchers: 3
  • Forks: 6
  • Open Issues: 23
  • Releases: 2
Topics
ansible chef iac linter puppet smell-detector
Created about 4 years ago · Last pushed 10 months ago
Metadata Files
Readme License Citation

README.md

GLITCH

DOI License: GPL-3.0 Python Version Last release

alt text

GLITCH is a technology-agnostic framework that enables automated detection of IaC smells. GLITCH allows polyglot smell detection by transforming IaC scripts into an intermediate representation, on which different smell detectors can be defined. GLITCH currently supports the detection of nine different security smells [1, 2] and nine design & implementation smells [3] in scripts written in Puppet, Ansible, or Chef.

Paper and Academic Usage

"GLITCH: Automated Polyglot Security Smell Detection in Infrastructure as Code" is the main paper that describes the implementation of security smells in GLITCH. It also presents a large-scale empirical study that analyzes security smells on three large datasets containing 196,755 IaC scripts and 12,281,251 LOC.

If you use GLITCH or any of its datasets, please cite:

@inproceedings{saavedraferreira22glitch, title={{GLITCH}: Automated Polyglot Security Smell Detection in Infrastructure as Code}, author={Saavedra, Nuno and Ferreira, Jo{\~a}o F}, booktitle={Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering}, year={2022} }

@inproceedings{saavedra23glitchdemo, author={Saavedra, Nuno and Gonçalves, João and Henriques, Miguel and Ferreira, João F. and Mendes, Alexandra}, booktitle={2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE)}, title={Polyglot Code Smell Detection for Infrastructure as Code with GLITCH}, year={2023}, pages={2042-2045}, doi={10.1109/ASE56229.2023.00162} }

Installation

To install run: python -m pip install -e .

To use the tool for Chef you also need Ruby and its Ripper package installed.

Poetry

To install GLITCH using Poetry, run: poetry install

WARNING: For now, the GLITCH VSCode extension does not function if GLITCH is installed via Poetry. Since Poetry uses virtual environments it does not create a binary for GLITCH available in the user's PATH, which is required for the VSCode extension.

Usage

To explore all available options, use the command: glitch --help

To analyze a file or folder and retrieve CSV results, use the following command: glitch --tech (chef|puppet|ansible|terraform) --csv --config PATH_TO_CONFIG PATH_TO_FILE_OR_FOLDER

If you want to consider the module structure you can add the flag --module.

Poetry

If GLITCH was installed using Poetry, execute GLITCH commands as follows: poetry run glitch --help

Alternatively, you can use poetry shell: poetry shell glitch --help

Tests

To run the tests for GLITCH go to the folder glitch and run: python -m unittest discover tests

Configs

New configs can be created with the same structure as the ones found in the folder configs.

Documentation

More information can be found in GLITCH's documentation.

VSCode extension

GLITCH has a Visual Studio Code extension which is available here.

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

License

GPL-3.0

References

[1] Rahman, A., Parnin, C., & Williams, L. (2019, May). The seven sins: Security smells in infrastructure as code scripts. In 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE) (pp. 164-175). IEEE.

[2] Rahman, A., Rahman, M. R., Parnin, C., & Williams, L. (2021). Security smells in ansible and chef scripts: A replication study. ACM Transactions on Software Engineering and Methodology (TOSEM), 30(1), 1-31.

[3] Schwarz, J., Steffens, A., & Lichter, H. (2018, September). Code smells in infrastructure as code. In 2018 11th International Conference on the Quality of Information and Communications Technology (QUATIC) (pp. 220-228). IEEE.

Owner

  • Name: Software Reliability Lab
  • Login: sr-lab
  • Kind: organization
  • Location: Spread across the globe

Group of researchers interested in formal methods and verification techniques for software reliability

Citation (CITATION.cff) 

cff-version: 1.2.0
message: "If you use this software, please cite it as below."
authors:
- family-names: "Saavedra"
  given-names: "Nuno"
  orcid: "https://orcid.org/0000-0003-4148-5991"
- family-names: "Ferreira"
  given-names: "João F."
  orcid: " https://orcid.org/0000-0002-6612-9013"
title: "GLITCH"
version: 1.0.0
doi: 10.5281/zenodo.6670081
date-released: 2022-06-20
url: "https://github.com/sr-lab/GLITCH"

GitHub Events

Total
  • Issues event: 1
  • Watch event: 6
  • Issue comment event: 2
  • Push event: 31
  • Pull request review comment event: 12
  • Pull request event: 4
  • Pull request review event: 13
  • Fork event: 5
  • Create event: 1
Last Year
  • Issues event: 1
  • Watch event: 6
  • Issue comment event: 2
  • Push event: 31
  • Pull request review comment event: 12
  • Pull request event: 4
  • Pull request review event: 13
  • Fork event: 5
  • Create event: 1

Issues and Pull Requests

Last synced: over 1 year ago

All Time
  • Total issues: 80
  • Total pull requests: 34
  • Average time to close issues: 3 months
  • Average time to close pull requests: 22 days
  • Total issue authors: 5
  • Total pull request authors: 5
  • Average comments per issue: 0.49
  • Average comments per pull request: 0.41
  • Merged pull requests: 34
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 46
  • Pull requests: 22
  • Average time to close issues: 2 months
  • Average time to close pull requests: 11 days
  • Issue authors: 3
  • Pull request authors: 4
  • Average comments per issue: 0.57
  • Average comments per pull request: 0.09
  • Merged pull requests: 22
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
  • Nfsaavedra (36)
  • barek2k2 (2)
  • Tianyi2 (1)
  • jff (1)
  • miguelchenriques (1)
  • jperas243 (1)
Pull Request Authors
  • Nfsaavedra (15)
  • joaotgoncalves (4)
  • jff (2)
  • miguelchenriques (2)
  • sfondev (2)
  • Ashrick12 (2)
Top Labels
Issue Labels
enhancement (21) bug (7) good first issue (4)
Pull Request Labels
enhancement (1)

Dependencies

.github/workflows/tests.yml actions
  • actions/checkout v3 composite
  • actions/setup-python v4 composite
  • ruby/setup-ruby v1 composite
vscode-extension/glitch/package-lock.json npm
  • 203 dependencies
vscode-extension/glitch/package.json npm
  • @types/glob ^7.2.0 development
  • @types/mocha ^9.1.1 development
  • @types/node 16.x development
  • @types/vscode ^1.68.0 development
  • @typescript-eslint/eslint-plugin ^5.27.0 development
  • @typescript-eslint/parser ^5.27.0 development
  • @vscode/test-electron ^2.1.3 development
  • eslint ^8.16.0 development
  • glob ^8.0.3 development
  • mocha ^10.0.0 development
  • typescript ^4.7.2 development
  • child_process ^1.0.2
poetry.lock pypi
  • about-time 4.2.1
  • alive-progress 3.0.1
  • bashlex 0.18
  • certifi 2023.11.17
  • charset-normalizer 3.3.2
  • click 8.1.7
  • colorama 0.4.6
  • configparser 5.3.0
  • dockerfile-parse 2.0.0
  • exceptiongroup 1.2.0
  • glitch-python-hcl2 0.1.4
  • grapheme 0.6.0
  • idna 3.6
  • iniconfig 2.0.0
  • jinja2 3.1.2
  • lark 1.1.8
  • markupsafe 2.1.3
  • numpy 1.26.2
  • packaging 23.2
  • pandas 1.5.3
  • pluggy 1.3.0
  • ply 3.11
  • prettytable 3.6.0
  • puppetparser 0.2.0
  • pytest 7.3.1
  • python-dateutil 2.8.2
  • pytz 2023.3.post1
  • requests 2.31.0
  • ruamel-yaml 0.17.21
  • ruamel-yaml-clib 0.2.8
  • six 1.16.0
  • tomli 2.0.1
  • urllib3 2.1.0
  • wcwidth 0.2.12
pyproject.toml pypi
  • Jinja2 3.1.2
  • alive-progress 3.0.1
  • bashlex 0.18
  • click 8.1.7
  • configparser 5.3.0
  • dockerfile-parse 2.0.0
  • glitch-python-hcl2 0.1.4
  • pandas 1.5.3
  • ply 3.11
  • prettytable 3.6.0
  • puppetparser 0.2.0
  • python ^3.9
  • requests ^2.31.0
  • ruamel.yaml 0.17.21
scripts/requirements.txt pypi
  • beautifulsoup4 ==4.11.2
  • certifi ==2023.11.17
  • charset-normalizer ==3.0.1
  • idna ==3.4
  • requests ==2.31.0
  • soupsieve ==2.3.2.post1
  • urllib3 ==2.1.0
.github/workflows/lint.yml actions
  • actions/checkout v3.5.2 composite
  • actions/setup-python v4 composite
  • psf/black stable composite