After a software vulnerability was found in code blocks in April 2020 developers have begun asking if Code::Blocks is safe. Having a piece of software with security flaws on your computer can be a recipe for disaster if it is exploited.
Despite the announcement of the vulnerability Code Blocks is considered safe but you need to download it from reputable sources. Like any application you must use official sources to acquire the software, otherwise, you could be left open to attack.
Let’s take a look at what Code Blocks does and discuss whether the application is safe for software engineers to use.
What is Code::Blocks?
Code::Blocks is a free IDE that was built to be used with C, C++, and Fortran, but can be extended for use with other languages. By design, it is highly customizable and extensible because it is built around a plugin framework. Core functionality like compiling and debugging is just one example of the way the application leans on plugins.
Code Blocks comes with a lot of bunch of core functionality that is provided by plugins, these include:
- Compilers – The extensible nature of Code Blocks means you can create compilers for virtually any language. Although the most popular area for Fortran, C++, D, and C.
- Code Editor – The IDE provides syntax highlighting, code folding, code completion, a hex editor, and other utilities out of the box. Files are organized in tabs and support the personalization of font size and colors.
- Debugger – Code::Blocks gives users access to a bunch of things that make debugging easier. You can access user-defined watches, disassembly, custom memory dump, call stacks, CPU registers, thread switching, and GNU Debugger Interface. It also has full breakpoint support.
- GUI designer – For those that want to design GUIs Code Blocks comes with.
- User Migration – Developers using Dev-C++, Microsoft Visual C++, and Dev-C++ Devpak Code Blocks have built-in features to help with migration.
- Project files – Code::Blocks stores information in XML-based files with the option of using external makefiles.
Is Code Blocks safe?
Despite the vulnerability that was found in 2020, Code Blocks is still safe to use and doesn’t present any major security flaws. With more than 1.3 billion viruses in circulation ensuring the software you use is safe is vital.
The issue was first identified by CVE-2020-10814 but the ticket now has a status of invalid on Code::Blocks’ open tickets section on the SourceForge platform. The exact status of the flaw is now unknown but Code::Blocks has been in continual use since the patch was identified and there have been no reports from other users of it causing any actual problems. The issue was detected in version 17.12 but the latest stable release of Code::Blocks is 20.03. It can be assumed that either the issue was a red herring or not important enough to deliver a fix for.
Like with any bug it would have been great to see a resolution on the official NVD page but none has been posted yet. In the meantime, it’s best just to handle the software with the best practices you’d use for other applications.
If you are going to download Code Blocks make sure you do it from an official source. Like any major application, it is essential you get it from the people who actually distribute it rather than a random website. Make sure to go to Code::Blocks official downloads and get the nightly build, binary release, or the source code.
If you download a version of Code Blocks that has to be compiled your antivirus software may flag it as containing malicious files. These warnings are false positives that regularly occur for pre-compiled applications. If you have downloaded it from the links above you can guarantee there isn’t going to be malicious code within the build.
Is Code::Blocks outdated?
Code Blocks is outdated and the community surrounding it has shrunk significantly in recent years. Plenty of forum posts on the official site are years old and have no answers, and even the security breach we discussed above doesn’t have a full resolution.
Code Blocks was originally built as an IDE for Fortran. The aging language has seen some resurgence recently. It moved up to 13th from 42nd on the TIOBE Index, which indicates the popularity of programming languages. However, the original language Code Blocks was built for has been largely reduced to the history books.
On top of that, there are now some exceptional IDEs for C and C++ development. The most popular is Microsoft’s commercial offering, Visual Studio. It requires significantly less setup than Code::Blocks and does an all-around better job. Its support across platforms is also much better.
Code Blocks came about in a time when developers wanted endless customizations in their IDE, hence the extensibility of it. However, the majority of the out-of-the-box solutions now do a fantastic job and have Code Blocks seem outdated.