Loading [MathJax]/extensions/MathZoom.js
Polyglot Code Smell Detection for Infrastructure as Code with GLITCH | IEEE Conference Publication | IEEE Xplore
Access provided by:
MIT Libraries
Sign Out
Access provided by:
MIT Libraries
Sign Out
ADVANCED SEARCH
Conferences >2023 38th IEEE/ACM Internatio...

Polyglot Code Smell Detection for Infrastructure as Code with GLITCH

PDF
Nuno Saavedra; João Gonçalves; Miguel Henriques; João F. Ferreira; Alexandra Mendes
All Authors

Abstract:

This paper presents GLITCH, a new technology-agnostic framework that enables automated polyglot code smell detection for Infrastructure as Code scripts. GLITCH uses an in...Show More

Metadata

Abstract:

This paper presents GLITCH, a new technology-agnostic framework that enables automated polyglot code smell detection for Infrastructure as Code scripts. GLITCH uses an intermediate representation on which different code smell detectors can be defined. It currently supports the detection of nine security smells and nine design & implementation smells in scripts written in Ansible, Chef, Docker, Puppet, or Terraform. Studies conducted with GLITCH not only show that GLITCH can reduce the effort of writing code smell analyses for multiple IaC technologies, but also that it has higher precision and recall than current state-of-the-art tools. A video describing and demonstrating GLITCH is available at: https://youtu.be/E4RhCcZjWbk.
Published in: 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE)
Date of Conference: 11-15 September 2023
Date Added to IEEE Xplore: 08 November 2023
ISBN Information:

ISSN Information:

DOI: 10.1109/ASE56229.2023.00162
Conference Location: Luxembourg, Luxembourg
No metrics found for this document.
Contents

I. Introduction

Infrastructure as Code (IaC) is the process of managing IT infrastructure via programmable configuration files (also called IaC scripts). In recent years, several tools for detecting code smells in IaC scripts have been proposed [1]–[6]. These tools are very valuable, since they cover a wide range of code smells and several major IaC technologies. However, their implementations are separate and involve substantial duplication. If one wishes to implement the detection of a new smell, one has to develop a different implementation for each of the IaC technologies supported. Consequently, it is often the case that the detection of code smells is inconsistent for different IaC technologies. For example, Figure 1 presents a line of code with a comment taken from the project puppet-foreman by The Foreman

https://github.com/theforeman/puppet-foreman/blob/1d09876d7838bcd133add6266f4ba19b936ccb6c/manifests/init.pp#L57

. For this example, Schwarz et al.'s tool [2] detects the Long Statement smell because the line has exactly 140 characters, and the tool reports the smell for lines with 140 characters or more. However, if we use the tool Puppeteer [1] to analyze the same line in Puppet, the smell will not be detected since Puppeteer only detects the Long Statement smell for lines with more than 140 characters. Even though this example might be considered a minor problem, it shows that having separate implementations for code smell analysis can easily lead to inconsistent code smell detection. Ensuring consistency is particularly important for projects that use more than one IaC technology.

Usage
Select a Year
2025

View as

Total usage sinceNov 2023:288
051015202530JanFebMarAprMayJunJulAugSepOctNovDec121423000000000
Year Total:49
Data is updated monthly. Usage includes PDF downloads and HTML views.
Citations
4
Crossref®
Search for
Citations in
Google Scholar®

Contact IEEE to Subscribe
More Like This
Teaching secure software engineering: Writing secure code

2011 7th Central and Eastern European Software Engineering Conference (CEE-SECR)

Published: 2011

An Empirical Study to Evaluate AIGC Detectors on Code Content

2024 39th IEEE/ACM International Conference on Automated Software Engineering (ASE)

Published: 2024

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.