2787 - 高效人工智能Java编码的七个习惯.pdf

1、Orlando,FLOctober 69IBM TechXchange 20252787Seven Habits of Highly Effective AI Java codingJonathan VilaSonar123456789AgendaState of CodeAI code generationAccountabilityDocumentationSimplicityNo stray codeVerifyTestReviewState of Code3BugsMessyVulnerableHard to readCoupledInefficientDrawbacks90%of t

2、ime reading*(2021)4 days per month and developer to fix them28000 CVEs in 202345LOC per Issue(the bigger the better)300 billion LOC daily analyzed1408060State of Code Report67.9 Billion LOC(6 months)170Vulnerabilities53,000Code Smells2,100BugsMost detected issues7Delivering code in production with d

3、ebug features activated is security-sensitiveSECURITY HOTSPOTNull pointers should not be dereferencedBUGLogging should not be vulnerable to injection attacksVULNERABILITYExceptions should not be thrown from servlet methodsVULNERABILITYOptional value should only be accessed after calling isPresent()B

4、UGMost detected SECURITY issues8Logging should not be vulnerable to injectionExceptions should not be thrown from servlet methodsEndpoints should not be vulnerable to XSS scriptingDatabase queries should not be vulnerable to injectionWeak SSL/TLS protocols should not be usedSECRETS9465,000 Hard-code

5、d SecretsOVHDatabaseAzureMongoDBAWSUber-Hardcoded CredentialsUber Data Exposure(2017)Incident:Hardcoded credentials in IaC scripts led to unauthorized access to Ubers AWS S3 buckets,exposing personal data of 57 million users and drivers.11The State of Code Read the ReportsAI Code Generation12AI Gene

6、rated codeJuniors+20%vs SeniorsGeneration Pace1341%40%Acceptance Rate2023202535%30%JetBrainsAmazonGitHub20232025Role usageTest-Code Quality14LLM ModelTotal BugsVulnerabilitiesCode SmellsClaude Sonnet 44231416,661Claude 3.7 Sonnet3521166,108GPT-4o4063524,958Llama 3.2 90B3981234,638OpenCoder-8B247673,