Applied Sciences (Feb 2020)

Collecting Vulnerable Source Code from Open-Source Repositories for Dataset Generation

  • Razvan Raducu,
  • Gonzalo Esteban,
  • Francisco J. Rodríguez Lera,
  • Camino Fernández

DOI
https://doi.org/10.3390/app10041270
Journal volume & issue
Vol. 10, no. 4
p. 1270

Abstract

Read online

Different Machine Learning techniques to detect software vulnerabilities have emerged in scientific and industrial scenarios. Different actors in these scenarios aim to develop algorithms for predicting security threats without requiring human intervention. However, these algorithms require data-driven engines based on the processing of huge amounts of data, known as datasets. This paper introduces the SonarCloud Vulnerable Code Prospector for C (SVCP4C). This tool aims to collect vulnerable source code from open source repositories linked to SonarCloud, an online tool that performs static analysis and tags the potentially vulnerable code. The tool provides a set of tagged files suitable for extracting features and creating training datasets for Machine Learning algorithms. This study presents a descriptive analysis of these files and overviews current status of C vulnerabilities, specifically buffer overflow, in the reviewed public repositories.

Keywords