As we near the deadline for publishing version 0.0.1 of our project, there are some tasks that have quickly become time-consuming and feel somewhat re-iterative. A significant portion of our project is the creation and modification of a full-stack web application. We use a MySQL database, a Flask server/API and VueJS for our front end. We all have experience building this type of application, and it is not the focus of our project. I have discovered that the more important aspect of our work will be in researching security vulnerabilities and writing reports based on them.
When we first met, one of the team members suggested we use the code editor Cursor, which is a fork of Visual Studio Code, but with AI tools and automation built in. I had the chance to use Cursor this week when we started coding version 0.0.1, and it was almost a revelation. Instead of manually writing SQL queries to create a database, tables and sample data, I wrote a prompt describing the tables and Cursor created a SQL script for me. I started editing some of the fields and the auto-complete feature made changes accordingly in the rest of the document. I still spent some time editing, fine-tuning and debugging the application, especially when it came to integrating the API and the database server, but having Cursor complete the somewhat mundane aspects of the task was really nice.
As the project goes on, we will have to create new and more secure iterations of the application, so having a tool that automates the easy stuff will become quite valuable and allow us to dedicate more time to write ups and presentations.
Now, of course, everything comes with a price, in this case literally. Cursor has three tiers, and the free one only allows a certain amount of “tab completions” or code suggestions. This may be a limiting factor soon, and it has led me to start researching other AI solutions. I will probably try a few Visual Studio Code plugins before I consider paying a monthly fee for a code editor.
Term: naive
As mentioned above, our general task is to create a web application with certain vulnerabilities and to re-iteratively redesign the application to address those vulnerabilities. As I get into coding and actually designing this application, I am finding it a little difficult to intentionally make it “bad” or “naive.” The tools that exist for databases and servers are built around making it easy to do things right, and finding workarounds to make things “poorly” is becoming more of a task than I thought it might.
For example, the default server design for Flask interacting with MySQL is that of an object-relational mapper, where you can just write object-oriented Python code to create queries on the database. I had to look up how to execute a text based SQL script (to be intentionally subject to SQL injection).