CPGVA: Code Property Graph based Vulnerability Analysis by Deep Learning

“…Examples include ASTs, CFGs, PDGs, or a combined representation of graph‐like structures. Some examples of tools used to extract graph‐based representations from the source code files include Joern [71, 80, 87 ] and CodeSensor [14, 15, 19 ]. Graph‐based representations of source code use some form of abstract representation that preserves the semantic information along with the syntax.…”

“…The main idea behind the use of CPGs as a portable output feature is capturing the characteristics brought about by the representations mentioned above and offering the advantages as a single representation. To enhance the semantic information that can be gathered by code representations as features, a few of the surveyed works utilise CPGs [71, 80 ]. In order to generate CPGs, tools such a Joern [71, 80, 87 ] are utilised for C/C++ code. (d) Lexed representation of source code: Lexing is a process which involves the use of a lexer in order to generate useful features from raw source code.…”

“…To enhance the semantic information that can be gathered by code representations as features, a few of the surveyed works utilise CPGs [71, 80 ]. In order to generate CPGs, tools such a Joern [71, 80, 87 ] are utilised for C/C++ code. (d) Lexed representation of source code: Lexing is a process which involves the use of a lexer in order to generate useful features from raw source code. In lexing, critical tokens are captured from source code functions while the representation is kept generic and the total vocabulary size is minimised.…”

“…Recognising whether a source code file is vulnerable or not is highly significant as it helps testers focus their tests on catering to these files, which have a high possibility of being vulnerable. Also, this objective has been studied in the literature, and several reviewed papers target identifying whether a set of source code files are vulnerable or not [14, 16, 18, 19, 60, 67–76 ]. Considering a large number of vulnerable source code that is available, the significance of recognising which files are vulnerable can help reduce the workload on testers.…”

“…Several of the reviewed papers use this form of feature extraction due to the semantic benefits. Some of the reviewed works use a single form of graphical representation for their feature extraction [14–19, 71, 73, 75, 80, 87 ] (b) Code block‐based feature representation: For code block‐based feature representation, studies under this category utilise DNNs for extracting feature representations from sequential code entities such as function calls, code snippets, code gadgets, and so on. Some of the reviewed papers rely on the use of code block‐based representations of source code [67, 70, 72, 74, 76, 77, 82, 83, 85 ] (c) Text‐based feature representation: For this category of feature, representations are learned directly from the source code text surface.…”

Literature survey of deep learning-based vulnerability analysis on source code

“…Examples include ASTs, CFGs, PDGs, or a combined representation of graph‐like structures. Some examples of tools used to extract graph‐based representations from the source code files include Joern [71, 80, 87 ] and CodeSensor [14, 15, 19 ]. Graph‐based representations of source code use some form of abstract representation that preserves the semantic information along with the syntax.…”

“…The main idea behind the use of CPGs as a portable output feature is capturing the characteristics brought about by the representations mentioned above and offering the advantages as a single representation. To enhance the semantic information that can be gathered by code representations as features, a few of the surveyed works utilise CPGs [71, 80 ]. In order to generate CPGs, tools such a Joern [71, 80, 87 ] are utilised for C/C++ code. (d) Lexed representation of source code: Lexing is a process which involves the use of a lexer in order to generate useful features from raw source code.…”

“…To enhance the semantic information that can be gathered by code representations as features, a few of the surveyed works utilise CPGs [71, 80 ]. In order to generate CPGs, tools such a Joern [71, 80, 87 ] are utilised for C/C++ code. (d) Lexed representation of source code: Lexing is a process which involves the use of a lexer in order to generate useful features from raw source code. In lexing, critical tokens are captured from source code functions while the representation is kept generic and the total vocabulary size is minimised.…”

“…Recognising whether a source code file is vulnerable or not is highly significant as it helps testers focus their tests on catering to these files, which have a high possibility of being vulnerable. Also, this objective has been studied in the literature, and several reviewed papers target identifying whether a set of source code files are vulnerable or not [14, 16, 18, 19, 60, 67–76 ]. Considering a large number of vulnerable source code that is available, the significance of recognising which files are vulnerable can help reduce the workload on testers.…”

“…Several of the reviewed papers use this form of feature extraction due to the semantic benefits. Some of the reviewed works use a single form of graphical representation for their feature extraction [14–19, 71, 73, 75, 80, 87 ] (b) Code block‐based feature representation: For code block‐based feature representation, studies under this category utilise DNNs for extracting feature representations from sequential code entities such as function calls, code snippets, code gadgets, and so on. Some of the reviewed papers rely on the use of code block‐based representations of source code [67, 70, 72, 74, 76, 77, 82, 83, 85 ] (c) Text‐based feature representation: For this category of feature, representations are learned directly from the source code text surface.…”

Literature survey of deep learning-based vulnerability analysis on source code

Representing LLVM-IR in a Code Property Graph

A Review of Code Vulnerability Detection Techniques Based on Static Analysis