Detecting Functionality-Specific Vulnerabilities via Retrieving Individual Functionality-Equivalent APIs in Open-Source Repositories

Tianyu, Chen,; Zeyu, Wang,; Lin, Li,; Ding, Li,; Zongyang, Li,; Xiaoning, Chang,; Pan, Bian,; Guangtai, Liang,; Qianxiang, Wang,; Tao, Xie,

doi:10.4230/lipics.ecoop.2025.6

preprintDagstuhl Research Online Publication ServerJan 1, 2025GREEN OA

Detecting Functionality-Specific Vulnerabilities via Retrieving Individual Functionality-Equivalent APIs in Open-Source Repositories

CTChen, TianyuWZWang, ZeyuLLLi, LinLDLi, DingLZLi, Zongyang

Peking University · Huawei Technologies (China) · +1 more institution

Indexed indatacite

Abstract

Functionality-specific vulnerabilities, which mainly occur in Application Programming Interfaces (APIs) with specific functionalities, are crucial for software developers to detect and avoid. When detecting individual functionality-specific vulnerabilities, the existing two categories of approaches are ineffective because they consider only the API bodies and are unable to handle diverse implementations of functionality-equivalent APIs. To effectively detect functionality-specific vulnerabilities, we propose APISS, the first approach to utilize API doc strings and signatures instead of API bodies. APISS first retrieves functionality-equivalent APIs for APIs with existing vulnerabilities and then migrates…

Citation impact

16,128

total citations

FWCI: 3142.38
Percentile: 100%
References: 0

Citations per year

Authors

10

CT
Chen, TianyuCorresponding
Peking University
WZ
Wang, Zeyu
Huawei Technologies (China), Huawei Technologies (United States)
LL
Li, Lin
Huawei Technologies (China), Huawei Technologies (United States)
LD
Li, Ding
Peking University
LZ
Li, Zongyang
Peking University

Topics & keywords

Topics

Keywords

Computer science
Graph
Convolutional neural network
Scalability
Artificial intelligence
ENCODE
Margin (machine learning)
Theoretical computer science

No related works found for this paper.