Skip to content

sergiuzaharia/CWE_Scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
CKeywords_nodups.txt
CKeywords_nodups.txt
 
 
CWE325_Missing_Required_Cryptographic_Step__KeyGenerator_init_10.java.1.2.bad.java
CWE325_Missing_Required_Cryptographic_Step__KeyGenerator_init_10.java.1.2.bad.java
 
 
C_Java_all_tokens.txt
C_Java_all_tokens.txt
 
 
Feature importance.jpg
Feature importance.jpg
 
 
Feature_importance_ALL_CWEs.xlsx
Feature_importance_ALL_CWEs.xlsx
 
 
JavaKeywordsIndex.txt
JavaKeywordsIndex.txt
 
 
JavaKeywords_basic.txt
JavaKeywords_basic.txt
 
 
Java_all_tokens.txt
Java_all_tokens.txt
 
 
Java_vocab_W2V_all_tokens
Java_vocab_W2V_all_tokens
 
 
Java_vocab_W2V_all_tokens.jpg
Java_vocab_W2V_all_tokens.jpg
 
 
Java_vocab_W2V_all_tokens_3D
Java_vocab_W2V_all_tokens_3D
 
 
Java_vocab_W2V_zoom1
Java_vocab_W2V_zoom1
 
 
Java_vocab_W2V_zoom1.jpg
Java_vocab_W2V_zoom1.jpg
 
 
Java_vocab_W2V_zoom2
Java_vocab_W2V_zoom2
 
 
Java_vocab_W2V_zoom2.bmp
Java_vocab_W2V_zoom2.bmp
 
 
README.md
README.md
 
 
Tokenizer.c
Tokenizer.c
 
 
X_CWE78_OS_Command_Injection_KMEANS.csv
X_CWE78_OS_Command_Injection_KMEANS.csv
 
 
creare_Y.sh
creare_Y.sh
 
 
dir_list.txt
dir_list.txt
 
 
dir_list_1.txt
dir_list_1.txt
 
 
list_dir.sh
list_dir.sh
 
 
list_dir_NV.sh
list_dir_NV.sh
 
 
mutare_csv.sh
mutare_csv.sh
 
 
parser_Java_591tk_ctrl_flow.exe
parser_Java_591tk_ctrl_flow.exe
 
 
results_KMEANS_ALL_CWEs_FINAL.xlsx
results_KMEANS_ALL_CWEs_FINAL.xlsx
 
 
tokenized_NIST_C.csv
tokenized_NIST_C.csv
 
 
y_CWE78_OS_Command_Injection.csv
y_CWE78_OS_Command_Injection.csv
 
 

Repository files navigation

CWE_Scanner

CWE classifier using Word Embeddings

Files named as dir_list.txt contain the names of directories where C/C++ CWE vulnerable code is located (in Juliet testcases)

Scripts named list_dir.sh, list_dir_NV.sh creates the files with C/C++ CWEXX vulnerable/not vulnerable samples, per each CWEXX in Juliet testcases

Script mutare_csv.sh moves between folders and concatenate csv tokenized files per each CWE, and creates files X_CWEXX (both for HAC and KMEANS)

Script creare_Y.sh creates files Y_CWEXX (identical for HAC and KMEANS), starting with value 0 (per line) for non-vulnerable samples, and 1 for vulnerable samples (at the end)

parser_Java_591tk_ctrl_flow.exe - parser for Java code and C code, using the all Java and C tokens we could identify in NIST suite.

About

CWE classifier using Word Embeddings

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages