计算机应用与软件2025,Vol.42Issue(4):1-7,32,8.DOI:10.3969/j.issn.1000-386x.2025.04.001
一种面向开源软件漏洞的补丁查找与解析方法
A METHOD FOR FINDING AND PARSING PATCHES FOR OPEN SOURCE SOFTWARE VULNERABILITIES
摘要
Abstract
Patches,as a valuable piece of information for security-related tasks,are often missing in security advisories.In this article,we propose an automated approach,named PatFinder,to find and parse patches for open source software(OSS)vulnerabilities.First,PatFinder identified commits from numerous vulnerability-related references.Then,PatFinder selected patches based on code changes of identified commits and a weighted voting mechanism.Finally,based on designed patch parsing methods,metadata of patches(i.e.,paths of modified files and names of functions)was obtained.Our experiment has shown that PatFinder can achieve a coverage of 73.10%and a recall of 0.802,significantly improving the coverage and recall of existing approaches.关键词
软件安全/漏洞/补丁Key words
Software security/Vulnerability/Patch分类
计算机与自动化引用本文复制引用
许聪颖,陈碧欢,赵文耘..一种面向开源软件漏洞的补丁查找与解析方法[J].计算机应用与软件,2025,42(4):1-7,32,8.基金项目
国家自然科学基金项目(61802067). (61802067)
