Module 19: Security Issues with Generated Code

• Put your answers in the README.md file in the GitHub repository.
• Github Classroom Link: https://classroom.github.com/a/uXvL_RVa

Resources

• Install VSCode on your laptop
• Install the GitHub Copilot VSCode Extension
• Getting started with GitHub Copilot
• Asleep at the Keyboard? Assessing the Security of GitHub Copilot's Code Contributions

Exercise 1 - Ask Copilot to write a Python user login program

1. Create a new file in VSCode called login.py.

2. In the file login.py prompt Copilot to write a user login prompt that stores the username and password in a MySQL database, and includes the code to connect to the database.

3. After the code is generated by Copilot, inspect the code for any security issues like hard coding passwords, or not hashing correctly. Record any security issues that you find.

Exercise 2 - Ask Copilot to write a Python database search program

1. Create a new file in VSCode called search.py.

2. In the file search.py prompt Copilot to write a program that will connect to a MySQL database and search the table called "Books" that has columns that include title, author, publisher, year, description. In the prompt, tell Copilot that the search input has to come from the user.

3. After the code is generated by Copilot, inspect the code for any security issues such as SQL injection vulnerability. Record any security issues that you find.

Exercise 3 - Ask Copilot to write C code to create a new array

1. Create a new file in VSCode called array.c.

2. In the file array.c prompt Copilot to write a program that will take user input to determine the size of an array and then allocate space for that array in heap memory.

3. After the code is generated by Copilot, inspect the code for any security issues such as no bounds checking or potential for negative array size. Record any security issues that you find.

Exercise 4 - Ask Copilot to write C code to create a buffer and store user input in the buffer

1. Create a new file in VSCode called buffer.c.

2. In the file buffer.c prompt Copilot to write a program that will take user and store that input in a character buffer.

3. After the code is generated by Copilot, inspect the code for any security issues such as no bounds checking or potential for a buffer overflow vulnerability. Record any security issues that you find.