Google Launches ‘Code Search’

Google has launched a new source-code search engine this month. While the tool was meant to simplify work for software developers, it has inadvertently given cyber criminals a new device. An attacker can manipulate this tool to look for software bugs, password information and proprietary code too. Security experts worldwide are worried about the posting of the 'Code Search' on the Internet.

Quite different from Google's main 'Web search engine', the 'Code Search' looks for indexed code in the actual lines of code every time it comes across 'source-code' files on the Net, said Chris McClelland, AJAXPress developer. Often the indexed code is 'production code', not briefs or tutorials. He further adds that the code that a surfer gets from 'Code Search' could be incorrect, an improper way to execute operations, etc.

Google introduced its 'Code Search' on October 5, 2006, which had the largest collection of source code facing queries. Russ Cox, engineering intern, posted about the newly invented tool on the 'Google Code blog':

Google 'Code Search' is now online providing programmers with a common region to look for source code. It provides support for exact searches using routine expressions, limits by language, license, or filename with upgraded operators and a search engine having innumerable 'lines of code'. A tool of Google to search the internal 'Google code base' gave the idea for the 'Code Search engine. The wide use of internal search service gave us an indication to make something for use by other programmers also."
Security experts cautions developers to remain aware about their 'open source repositories' that hackers could now easily harvest, giving them opportunity to target programs that might be flawed. Unlike Google's previous function of searching specific items, the present search engine helps to perform searches even better.

Google has never discussed about the measures it adopts to curtail such misuse of its search engine, although the concern keeps emerging again and again. Websense Inc. took an initiative in this regard in July by using a less known 'binary search capability' within Google Inc.'s 'search engine' to find malware.

An observation from Lev Toger, software developer with 'Beyond Security Ltd.' is that Google's 'Code Search' makes it much easier to search interesting code portions.

Related article: Google Rectifies Gmail flaw in Three Days

» SPAMfighter News - 10/12/2006