Program Slice based Vulnerable Code Clone Detection

Vulnerabilities in software will not only lead to security problems of the software itself, but also cause the spread of vulnerabilities through code clones. It is important to detect and locate vulnerabilities among the source code to facilitate the fix. Although many methods are proposed to detect code clones in source code, most of them fail to detect code clones that involve statement addition and deletion effectively or are not suitable for vulnerability detection. In this paper, we propose a method that can detect vulnerabilities caused by code clones. Program slices are used to filter statements that are not related to vulnerabilities and extract important vulnerable statements in function. Hash function and bitvector are applied to improve efficiency during the detection. The results are displayed in html, among which the vulnerable statements are highlighted to help subsequent patching work. Our method is evaluated on open source software (Openssl, Linux Kernel, FFmpeg and QEMU). The results of experiments show that our method detects 12.72% more vulnerable clones in acceptable time compared with Vuddy, proving the effectiveness of our method.