Code and Dataset for "Examining Zero-Shot Vulnerability Repair with Large Language Models"

Code and Dataset for "Examining Zero-Shot Vulnerability Repair with Large Language Models"

The following Zenodo contains the resources associated with the S&P accepted paper ‘Examining Zero Shot Vulnerability Repair with Large Language Models’, https://arxiv.org/abs/2112.02125

In this resource, you can find the following.

    - 'important_results' directory:
This directory is for containing the final raw results as generated by the framework, including a global CSV of all generations and an HTML file containing all of the diffs generated for the 'high-confidence' real-world scenarios.
        - final_results.csv
            - This contains the final results of all generated software patches.
            - Note the nomenclature differences with the manuscript tables. These are explained in the README in the framework.
        - Original vs LLM-Generated Vulnerability Fixes.html
            - This contains all of the diffs for the real-world patches versus the canonical developer-provided patches.

    - 'framework' directory:
This directory contains the complete archive of the code framework and all results at the time of the paper’s submission. It contains every language model prompt, suggestions, assembled repair patch and analysis data. It contains every script used for generation and analysis. It is a large archive, and within it contains an included README describing how to understand and use it.
        - For convenience, we include a copy of the README external to the zipped archive.

    - 'resources' directory:  
This directory contains the resources used by our large associated tools, including:
        - 'gpt2-csrc' subdirectory:
Everything to do with the gpt2-csrc model, including the trained files, training scripts, and training data.

        - 'ExtractFix' subdirectory:
A docker image containing all ExtractFix scenarios, even those we did not use. Provided for interest (not required for usage).