Litcius/Paper detail

A Study of Vulnerability Repair in JavaScript Programs with Large Language Models

Tan Khang Le, Saba Alimadadi, Steven Y. Ko

202419 citationsDOIOpen Access PDF

Abstract

In recent years, JavaScript has become the most widely used programming language, especially in web development. However, writing secure JavaScript code is not trivial, and programmers often make mistakes that lead to security vulnerabilities in web applications. Large Language Models (LLMs) have demonstrated substantial advancements across multiple domains, and their evolving capabilities indicate their potential for automatic code generation based on a required specification, including automatic bug fixing. In this study, we explore the accuracy of LLMs, namely ChatGPT and Bard, in finding and fixing security vulnerabilities in JavaScript programs. We also investigate the impact of context in a prompt on directing LLMs to produce a correct patch of vulnerable JavaScript code. Our experiments on real-world software vulnerabilities show that while LLMs are promising in automatic program repair of JavaScript code, achieving a correct bug fix often requires an appropriate amount of context in the prompt.

Topics & Concepts

JavaScriptComputer scienceUnobtrusive JavaScriptSecure codingWeb applicationContext (archaeology)Programming languageWorld Wide WebComputer securityVulnerability (computing)Code (set theory)Software engineeringRich Internet applicationSoftware security assuranceInformation securityPaleontologySet (abstract data type)BiologySecurity serviceSoftware Testing and Debugging TechniquesSoftware Engineering ResearchSoftware Reliability and Analysis Research
A Study of Vulnerability Repair in JavaScript Programs with Large Language Models | Litcius