An End-to-End Framework for Detecting and Repairing Potential Vulnerabilities

Nowadays, program development is getting easier and easier as the various IDE tools provide advice on what to write in the program. But it is not enough to implement a solution to a problem, it is also important that the non-functional properties, like the quality or security of the code is appropriate in all aspects. One of the most widely used techniques to ensure quality is testing. If the tests fail, one can fix the code immediately. However, security issues in the program are cases that we do not expect when implementing the program, which is why we do not write tests for them in advance. In many cases, security relevant bugs can not only cause financial loss but also put human lives at risk, so detecting and fixing them is an important step for the reliability and quality of the program. The aim of the tool presented in this paper is to generate automatic code repairs to potential vulnerabilities in the program. By integrating the recommended fixes, one can easily harden the security of their program early in the development process. A case study on 6 open-source subject systems showed that we were able to generate viable repair patches for 57 out of the 81 detected security issues (70%). For certain types (e.g., revealing private references of mutable objects) our tool reached close to perfect performance. This data package contains the detailed results of the study.