A Novel Vulnerable Code Clone Detector Based on Context Enhancement and Patch Validation

With the rapid growth of open-source software, code cloning has become increasingly prevalent. If there are security vulnerabilities in a cloned segment, those may spread related software to potentially lead incidents. The existing methods vulnerable detection performed on condition that source is converted into an intermediate representation. However, these do not fully consider rich semantic knowledge and patch information available for codes, which can induce high false positive rate (FPR). To address this problem, paper proposes clone method based fingerprints, named Context-enhanced Patch-validation-based Vulnerable Detector (CPVDetector). A fingerprint database built functions, snippets, patches derived from preprocessed code. target be detected firstly transformed function-level fingerprints. fails at coarse granularity, detector then applied finer line-level granularity. When matching successful between segments, will proceed verify context codes. Finally, CPVDetector fingerprints corresponding codes further reduce FPR. Based generally accepted classification clones, identify Type 1 2 clones coarse-grained level offers significantly improved sensitivity 3 4 fine-grained level. Experimental results show proposed achieve accuracy with fast speed, FPR as low 2.35%, less than one-third other methods. In view its competitive performance efficiency, large-scale scenarios.