Difference between revisions of "SVCP4C"

From Security Unileon
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Description ==
 
 
 
''SonarCloud Vulnerable Code Prospector for C'' (SVCP4C) is a tool that aims to collect vulnerable source code (written in C) from open-source repositories linked to [https://sonarcloud.io/ SonarCloud] by using its [https://sonarcloud.io/web_api REST API]. The output consists of a set of tagged files suitable for extracting features and creating training datasets for Machine Learning algorithms.
 
''SonarCloud Vulnerable Code Prospector for C'' (SVCP4C) is a tool that aims to collect vulnerable source code (written in C) from open-source repositories linked to [https://sonarcloud.io/ SonarCloud] by using its [https://sonarcloud.io/web_api REST API]. The output consists of a set of tagged files suitable for extracting features and creating training datasets for Machine Learning algorithms.
  
[[File:SVCP4C.png|720px|frameless|center]]
+
[[File:SVCP4C.png|720px|frame|center|SVCP4C overview]]
  
 
Vulnerabilities are listed in each file using comments appended at the end of each file. Such comments follow the format <code>/// starting_line,starting_offset;ending_line,ending_offset</code> (with offset being the column). For example:
 
Vulnerabilities are listed in each file using comments appended at the end of each file. Such comments follow the format <code>/// starting_line,starting_offset;ending_line,ending_offset</code> (with offset being the column). For example:
  
<code>
+
<pre>
 
/// ###BEGIN_VULNERABLE_LINES###
 
/// ###BEGIN_VULNERABLE_LINES###
  
Line 17: Line 15:
  
 
/// 1734,6;1734,12
 
/// 1734,6;1734,12
</code>
+
</pre>
 +
 
 +
== Built With ==
 +
 
 +
* [https://docs.python.org/3/library/index.html Python 3]
 +
* [https://docs.python-requests.org/en/latest/ Requests] - Library to send HTTP/1.1 requests.
 +
 
 +
== Reference ==
 +
 
 +
To cite this work, please use the following BibTeX entry:
 +
 
 +
<pre>
 +
@ARTICLE{Raducu2020,
 +
  Title    = {Collecting Vulnerable Source Code from Open-Source Repositories for Dataset Generation},
 +
  Author    = {Raducu, Razvan and Esteban, Gonzalo and Rodr{\'i}guez Lera, Francisco Javier and Fern{\'a}ndez, Camino},
 +
  Journal  = {Applied Sciences},
 +
  Volume    = {10},
 +
  Number    = {4},
 +
  Pages    = {1270},
 +
  Year      = {2020},
 +
  Publisher = {Multidisciplinary Digital Publishing Institute},
 +
  Doi      = {https://doi.org/10.3390/app10041270},
 +
}
 +
</pre>
  
== References ==
+
== License ==
  
* Raducu, R., Esteban, G., Rodríguez Lera, F. J., & Fernández, C. (2020). Collecting Vulnerable Source Code from Open-Source Repositories for Dataset Generation. Applied Sciences, 10 (4), 1270. DOI: https://doi.org/10.3390/app10041270
+
This project is licensed under [https://choosealicense.com/licenses/gpl-3.0/ GNU GPLv3].
  
 
== External links ==
 
== External links ==
  
* [https://github.com/uleroboticsgroup/SVCP4C Source code]
+
# SonarCloud Vulnerable Code Prospector for C (SVCP4C), (2020), ''GitHub repository'', https://github.com/uleroboticsgroup/SVCP4C
* [https://github.com/uleroboticsgroup/SVCP4CDataset Datasets examples]
+
# Vulnerable Source Code Collected from Open Source Repositories for Dataset Generation, (2020), ''GitHub repository'', https://github.com/uleroboticsgroup/SVCP4CDataset

Latest revision as of 18:06, 9 November 2021

SonarCloud Vulnerable Code Prospector for C (SVCP4C) is a tool that aims to collect vulnerable source code (written in C) from open-source repositories linked to SonarCloud by using its REST API. The output consists of a set of tagged files suitable for extracting features and creating training datasets for Machine Learning algorithms.

SVCP4C overview

Vulnerabilities are listed in each file using comments appended at the end of each file. Such comments follow the format /// starting_line,starting_offset;ending_line,ending_offset (with offset being the column). For example:

/// ###BEGIN_VULNERABLE_LINES###

/// 1126,3;1126,9

/// 1153,9;1153,15

/// 1341,9;1341,15

/// 1734,6;1734,12

Built With

Reference

To cite this work, please use the following BibTeX entry:

@ARTICLE{Raducu2020,
  Title     = {Collecting Vulnerable Source Code from Open-Source Repositories for Dataset Generation},
  Author    = {Raducu, Razvan and Esteban, Gonzalo and Rodr{\'i}guez Lera, Francisco Javier and Fern{\'a}ndez, Camino},
  Journal   = {Applied Sciences},
  Volume    = {10},
  Number    = {4},
  Pages     = {1270},
  Year      = {2020},
  Publisher = {Multidisciplinary Digital Publishing Institute},
  Doi       = {https://doi.org/10.3390/app10041270},
}

License

This project is licensed under GNU GPLv3.

External links

  1. SonarCloud Vulnerable Code Prospector for C (SVCP4C), (2020), GitHub repository, https://github.com/uleroboticsgroup/SVCP4C
  2. Vulnerable Source Code Collected from Open Source Repositories for Dataset Generation, (2020), GitHub repository, https://github.com/uleroboticsgroup/SVCP4CDataset