DiffCode website with details

This website includes additional information about the paper "Inferring Security Rules for Crypto APIs from Code Changes". Here, we list information to reproduce our results. The key idea of the paper is to discover static analysis rules by observing code changes in open source projects. Below, we provide details how to discover semantically relevant changes for a number of security related classes.

Table 6 from paper: Usage changes per target API class after abstraction and filtering.

Target API class Usage Changes Number of changes after filtering step
    f_same f_rem f_add f_dup
Cipher     15829 419 204 116 75
IvParameterSpec     4967 58 24 12 11
MessageDigest     8277 116 78 27 17
SecretKeySpec     15543 226 120 55 45
SecureRandom     26008 309 131 26 21
PBEKeySpec     1549 29 21 17 17
Based on exploring the commits in the last column for each security class, we created rules that let us find bugs in other code. Here are some of the bugs that we filed.

List of filed bugs from CryptoChecker