It's no secret that developers use code snippets a lot. Whether it's from StackOverflow, GitHub snippets, or random Google searches, whenever a junior developer is asked to do something they don't know how to do, they tend to browse the web and find an existing piece of code they can copy and paste into their text editor. We all do it. After all, most things have been solved with code already, so why should you spend an hour trying to find out how to connect to a Snowflake endpoint using Python and listing all databases, when it's something that thousands of coders have done before?
The issue with code snippets however, is that they tend to be very bad from a security standpoint. They tend to focus on the problem at hand, and give you the simplest way to solve it, without thoughts about context. If you don't understand what the code does, you won't know the potential security issues with that code, and that's one of the biggest way the Internet ends up filled with insecure software. A code sample on some website doesn't give you any opportunity to think about what the code does or how secure it is. But AI changes things.
With ChatGPT having been released recently, more and more people have been introduced to the concept that an AI is very good at producing code. For example, here is a code sample produced by ChatGPT to do the task above.
import snowflake.connector
def list_databases(user, password, account, role, warehouse, database):
# create a connection object
ctx = snowflake.connector.connect(
user=user,
password=password,
account=account,
role=role,
warehouse=warehouse,
database=database
)
# create a cursor object
cursor = ctx.cursor()
# execute a SQL statement to list databases
cursor.execute("SHOW DATABASES")
# get the result
result = cursor.fetchall()
# close the cursor and connection
cursor.close()
ctx.close()
return result
Now looking at that code, it's pretty basic and most likely will look very similar to a sample you could find on any website. But since you're talking to an AI, you can actually take things further. You can ask the AI to think about the code it just gave you, and then identify potential security issues:
Once identified, you can ask the AI to rewrite that code in a way that addresses the issues, and get a much more secure version:
import secrets
def list_databases(account, role, warehouse, database):
# retrieve the user and password credentials from the secrets management solution
user = secrets.get_secrets("snowflake_user")
password = secrets.get_secrets("snowflake_password")
# validate the input parameters
if not all([account, role, warehouse, database]):
raise ValueError("Missing required parameter")
# create a connection object
ctx = snowflake.connector.connect(
user=user,
password=password,
account=account,
role=role,
warehouse=warehouse,
database=database
)
# create a cursor object
cursor = ctx.cursor()
# execute a SQL statement to list databases using a parameterized query
cursor.execute("SHOW DATABASES WHERE database = %s", (database,))
# get the result
result = cursor.fetchall()
# close the cursor and connection
cursor.close()
ctx.close()
return result
This is something truly revolutionary. An AI that can not only help you code, but actually can help make your code more secure, more performant, efficient, etc. So next time you're looking on how to write something, ask an AI. But use it to its fullest. Don't just ask for code, ask for secure code.