Existence of Security Vulnerable Code Clones in Microservice Systems: An Exploratory Study

Abstract

Microservice architecture has become one of the most popular emerging trends in software development because of its beneficial features, such as improved scalability, better defect isolation, and increased agility. However, microservices are not devoid of security concerns and code smells such as code clones. The existence of such code clones can cause the propagation and multiplication of security vulnerabilities within and across services. Although researchers have conducted extensive studies on code cloning, the security issues of cloned code in microservices have remained ignored. So, we aim to perform an exploratory study to identify the security vulnerabilities of cloned code in microservices. We performed a quantitative analysis of security vulnerabilities based on Common Weakness Enumeration (CWE) by detecting code clones along with their security issues across eight well-known microservice systems. Our study revealed that code clones in microservices do not comprise a significant amount of security vulnerabilities. However, among the discovered vulnerabilities, some security issues are enlisted in the top 25 most dangerous software weaknesses in the CWE database in 2021. Our study will be helpful in creating awareness among developers so that they can deal with security issues while applying cloning for code reuse purposes.