FixVibe
Covered by FixVibemedium

Ihe ize ndụ nchekwa nke koodu Vibe: Auditing AI-Ekepụtara Koodu

Mmụba nke 'vibe codeing' — ngwa ụlọ bụ isi site na ngwa ngwa AI na-akpalite — na-ewebata ihe egwu dị ka nzere koodu siri ike yana ụkpụrụ koodu enweghị nchebe. N'ihi na ụdị AI nwere ike na-atụ aro koodu dabere na data ọzụzụ nwere adịghị ike, a ga-emeso nsonaazụ ha ka enweghị ntụkwasị obi yana nyochaa site na iji ngwaọrụ nyocha akpaaka iji gbochie ikpughe data.

CWE-798CWE-200CWE-693

Ngwa ụlọ site na ngwa ngwa AI na-akpalite, nke a na-akpọkarị "vibe codeing," nwere ike iduga nleba anya nchekwa dị ịrịba ama ma ọ bụrụ na enyochaghị mmepụta nke ọma [S1]. Ọ bụ ezie na ngwaọrụ AI na-eme ka usoro mmepe ahụ dịkwuo elu, ha nwere ike ịtụ aro ụkpụrụ koodu na-enweghị nchebe ma ọ bụ duga ndị mmepe ka ha mee ozi dị nro na mberede na ebe nchekwa [S3].

Mmetụta

Ihe ize ndụ kachasị ngwa ngwa nke koodu AI a na-enyochaghị bụ ikpughe ozi dị nro, dị ka igodo API, akara ngosi, ma ọ bụ nzere nchekwa data, nke ụdị AI nwere ike ikwu dị ka ụkpụrụ siri ikeZXBETOKEN. Ọzọkwa, snippets emepụtara AI nwere ike ọ nweghị njikwa nchekwa dị mkpa, na-ahapụ ngwa webụ meghere vector ọgụ nkịtị akọwara na akwụkwọ nchekwa ọkọlọtọ [S2]. Ntinye nke adịghị ike ndị a nwere ike iduga ịnweta ikike ma ọ bụ ikpughe data ma ọ bụrụ na achọpụtaghị ya n'oge usoro ndụ mmepe [S1][S3].

Ihe kpatara ya

Ngwa koodu mmechi AI na-ewepụta aro dabere na data ọzụzụ nke nwere ike ịnwe usoro enweghị nchebe ma ọ bụ ihe nzuzo ewepụtara. N'ime usoro ọrụ "vibe codeing", itinye uche na ọsọ ọsọ na-ebutekarị ndị mmepe ịnakwere aro ndị a na-enweghị nyocha nke ọma [S1]. Nke a na-eduga na ntinye nke nzuzo nzuzo [S3] na enwere ike ịhapụ njirimara nchekwa dị oke mkpa achọrọ maka ọrụ weebụ echekwara [S2].

Concrete ndozi

  • Mejuputa nyocha nzuzo: * Jiri ngwaọrụ akpaaka chọpụta ma gbochie ntinye nke igodo API, akara akara na nzere ndị ọzọ na ebe nchekwa gị [S3].
  • Kwado nyocha koodu akpaaka: Tinye ngwa nyocha static n'ime usoro ọrụ gị iji chọpụta adịghị ike na koodu AI mepụtara tupu ibuga [S1].
  • Jide n'aka na usoro kachasị mma nke nchekwa weebụ: Gbaa mbọ hụ na koodu niile, ma mmadụ ma ọ bụ AI mepụtara, na-agbaso ụkpụrụ nchekwa eguzobere maka ngwa weebụ [S2].

Kedu ka FixVibe si nwalee ya

FixVibe kpuchiri nyocha a ugbu a site na nyocha GitHub repo.

  • repo.ai-generated-secret-leak na-enyocha isi mmalite nchekwa maka igodo ndị na-eweta koodu, Supabase ọrụ-ọrụ JWT, igodo nzuzo, yana ọrụ nzuzo dị elu dị ka ọrụ. Ihe akaebe na-echekwa nlebanya ahịrị kpuchiri ekpuchi yana hashes nzuzo, ọ bụghị ihe nzuzo siri ike.
  • code.vibe-coding-security-risks-backfill na-enyocha ma repo nwere ụzọ nchekwa gburugburu AI mmepe enyere aka: nyocha koodu, nyocha nzuzo, akpaaka dabere, yana ntuziaka onye nnọchite anya AI.
  • Nlele ngwa ebugharị dị adị ka na-ekpuchi ihe nzuzo ruru ndị ọrụ, gụnyere mkpofu JavaScript, akara nchekwa ihe nchọgharị na maapụ isi mmalite ekpughere.

Ọnụ, nyocha ndị a na-ekewapụta ihe akaebe nzuzo siri ike site na oghere usoro ọrụ sara mbara.