公开(公告)号：US20240004638A1

公开(公告)日：2024-01-04

申请号：US18468126

申请日：2023-09-15

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jiayuan ZHOU ,  Michael PACHECO ,  Xin XIA ,  Yuan WANG

IPC: G06F8/65 ,  G06F21/57

CPC classification number: G06F8/65 ,  G06F21/577 ,  G06F2221/033

Abstract: Methods and systems are described for detecting and reporting a vulnerability fix in a code repository. A commit obtained from the code repository is preprocessed to generate file-level token sequences each representing a file-level code change for respective files. Respective file-level code change embedding vectors are generated by inputting each file-level token sequence into a transformer model, each file-level code change embedding vector being a vector representation of the file-level code change for the respective file. The file-level code change embedding vectors are combined into a commit-level code change embedding vector that represents all code changes contained in the commit. A predicted commit-level vulnerability fix score is generated by inputting the commit-level code change embedding vector into a classifier. A vulnerability fix report is outputted, containing an identification of the commit and the predicted commit-level vulnerability fix score.