MOVERY is a tool for discovering modified vulnerable code clones. Principles and experimental results are discussed in our paper, which will be published in 31st USENIX Security Symposium (Security 2022).
[2023-03-31: NOW IT IS UPDATED] You can test MOVERY using Docker. All the datasets used in MOVERY and the source code of the detector are contained in the Docker image.
$ sudo docker run -it seunghoonwoo/movery-public:latest
# cd /home/MOVERY
Suppose we want to scan the "redis" repository.
# git clone https://github.com/redis/redis
Now "/home/MOVERY/redis" is prepared.
# python3 Preprocessor.py TARGET_PROGRAM
(e.g., python3 Preprocessor.py redis)
This may take several minutes depending on the code size.
# python3 Detector.py TARGET_PROGRAM 0
(e.g., python3 Detector.py redis 0)
The vulnerability detection result will be printed.
- You can check vulnerability and patch datasets from Docker.
- A patch signature only considers code lines that are not included in the respective vulnerability signature.
This repository is authored and maintained by Seunghoon Woo.
For reporting bugs, you can submit an issue to the GitHub repository or send me an email (seunghoonwoo@korea.ac.kr).