Abstract

Vulnerable code reuse in open source software is a serious threat to software security. However, the existing high-efficiency methods for vulnerable code clone detection have a large number of false-negatives when the code is modified, which results in limited application scenarios. In this paper, we present an innovative fingerprint model to describe the vulnerability code and propose VFDETECT, an efficient system to detect vulnerable code clones based on the fingerprints. Firstly, the fingerprint is constructed by applying hash function to appropriate code blocks in the diff which are preprocessed. Then, VFDETECT detects the vulnerable code clone by matching the preprocessed code blocks in target project with the fingerprint, which is mapped to a bitmap so that can be identified efficiently. VFDETECT could maintain better performance and acquire higher robustness under multiple code modification methods such as variable renaming, code sequence changing and redundancy inserting, which is difficult to achieve in existing research work. Our results in real-world datasets detection demonstrate that it is of practical values.