| | --- |
| | license: mit |
| | language: |
| | - code |
| | library_name: transformers |
| | tags: |
| | - text-classification |
| | - code-classification |
| | - vulnerability-detection |
| | - automatic-vulnerability-detection |
| | - secure-coding |
| | --- |
| | |
| | # Vulnerability Detector for C Code (SARD) |
| |
|
| | This model is a fine-tuned version of `microsoft/codebert-base` designed to detect vulnerabilities in C source code functions. |
| |
|
| | ## Model Description |
| |
|
| | This is a binary text-classification model that takes a C function as input and classifies it as either **Vulnerable** (`LABEL_1`) or **Safe** (`LABEL_0`). |
| |
|
| | The model was specifically fine-tuned on the [NIST SARD (Software Assurance Reference Dataset)](https://samate.nist.gov/SARD/), focusing on common C vulnerabilities like Memory Leaks, Buffer Overflows, and other CWEs present in the Juliet Test Suite. Due to the clean and structured nature of the SARD dataset, the model achieved a very high accuracy on the validation set. |
| |
|
| | ## Intended Uses & Limitations |
| |
|
| | This model is intended as a proof-of-concept tool to assist developers in identifying potentially vulnerable code patterns during the development lifecycle. |
| |
|
| | **Limitations:** |
| | * The model is highly specialized for the types of vulnerabilities found in the SARD dataset. Its performance on real-world, messy, or obfuscated code may be lower. |
| | * It should be used as an assistive tool, not as a replacement for comprehensive security audits or other static analysis tools. |
| | * The model classifies entire functions and may not pinpoint the exact line of code responsible for the vulnerability. |
| |
|
| | ## How to Use |
| |
|
| | The model can be easily used with the `transformers` library `pipeline`. |
| |
|
| | ```python |
| | from transformers import pipeline |
| | |
| | # Load the classifier pipeline |
| | classifier = pipeline("text-classification", model="jacpacd/vuln-detector-codebert-c-sard") |
| | |
| | # Example of a vulnerable C function (Memory Leak) |
| | vulnerable_code = """ |
| | void CWE401_Memory_Leak__strdup_char_01_bad() |
| | { |
| | char * data; |
| | data = NULL; |
| | { |
| | char myString[] = "myString"; |
| | /* POTENTIAL FLAW: Allocate memory from the heap */ |
| | data = strdup(myString); |
| | printLine(data); |
| | } |
| | /* POTENTIAL FLAW: No deallocation of memory */ |
| | ; |
| | } |
| | """ |
| | |
| | # Example of a safe C function |
| | safe_code = """ |
| | void CWE401_Memory_Leak__strdup_char_01_goodB2G() |
| | { |
| | char * data; |
| | data = NULL; |
| | { |
| | char myString[] = "myString"; |
| | data = strdup(myString); |
| | printLine(data); |
| | } |
| | /* FIX: Deallocate memory */ |
| | free(data); |
| | } |
| | """ |
| | |
| | results_vuln = classifier(vulnerable_code) |
| | results_safe = classifier(safe_code) |
| | |
| | print(f"Vulnerable Code Prediction: {results_vuln[0]}") |
| | # Expected output: {'label': 'LABEL_1', 'score': 0.99...} |
| | |
| | print(f"Safe Code Prediction: {results_safe[0]}") |
| | # Expected output: {'label': 'LABEL_0', 'score': 0.99...} |
