This project identifies vulnerabilities in JavaScript file diffs retrieved from the GitHub API. It processes these diffs and uses OpenAI's GPT-4o-mini to analyze and report potential security risks.
This tool automates the detection of potential security vulnerabilities in JavaScript projects by leveraging diffs from GitHub repositories and analyzing them using OpenAI’s GPT-4. The main workflow involves:
- Diff Extraction: Fetch and clean relevant file diffs from GitHub repositories.
- Vulnerability Analysis: Process the cleaned diffs and analyze them with GPT-4o-mini to identify potential risks.
- Integration: Orchestrate the entire workflow through
main.pyfor seamless operation.
Purpose: Handles interaction with the GitHub API to retrieve and prepare file diffs for analysis.
Key Functions:
get_file_diff(): Fetches diff data from the GitHub API.clean_data(): Filters and cleans diff patches for improved analysis accuracy.del_comments(): Strips out comments while preserving relevant lines of code.
Purpose: Formats and sends cleaned diffs to OpenAI’s GPT-4 for vulnerability analysis.
Key Functions:
feed(): Sends prompts and diff data to GPT-4o-mini.final_output(): Extracts structured results (e.g., vulnerabilities, affected functions) from GPT-4 responses.
Purpose: Orchestrates the workflow and integrates all components.
Key Workflow:
- Loads API keys and initializes the environment.
- Extracts and cleans diffs using
diff_extractor.py. - Sends cleaned data to GPT-4o-mini via
llm.pyfor analysis. - Outputs structured results detailing identified vulnerabilities.
Below is a sample JSON output generated by the tool:
{
"cve_id": "CVE-2019-5413",
"vulnerable_function": "compile",
"file_path": "index.js",
"source_Code": "https://api.github.com/repos/expressjs/morgan/compare/1.9.0...1.9.1",
"explanation": "The compile function uses `new Function`, which can execute arbitrary code if untrusted input is passed."
}