Well, the plugin developers can't really do anything about it.
And it's the one thing the LLM developers have been trying to fix for the last 2 years. Apparently, even at the cost of some other functionality. It's not like they can do it reliably.
It’s an interesting question: I’d say this is more of a vulnerability creator than the actual vulnerability.
Similar to how using very difficult technologies makes you more likely to create code with vulnerabilities: the technologies are not the vulnerability, but it’s easier to cause them.
Maybe not a vulnerability per se, but definitely conducing to ones, as others have noted. However, those completions are quite unfortunate to say the least, thus one would hope JetBrains would endeavour to improve the local (S)LM they're using, or at least offer the user the option to use one of their own, better tuned ones instead?
I have this line completion feature in koieditor.com as well, and it's hard to suggest "safe"/good completions at a low latency. Best approach I could think of is a second pass to verify first pass, but adds to latency, or change to better model, which often also impacts latency.
10 comments
[ 2.7 ms ] story [ 17.8 ms ] threadAnd it's the one thing the LLM developers have been trying to fix for the last 2 years. Apparently, even at the cost of some other functionality. It's not like they can do it reliably.
Similar to how using very difficult technologies makes you more likely to create code with vulnerabilities: the technologies are not the vulnerability, but it’s easier to cause them.
See also: https://nocomplexity.github.io/pythonsecurity/fundamentals/w...
https://stackoverflow.com/a/28002687
https://stackoverflow.com/a/32282390
https://stackoverflow.com/a/18062293
Naive users used to copy paste those things from StackOverflow, now they can use line completion in their editor.