Data is hold in dataset.db, which contains four tables: ARTIFACT, CVE, DEP and PATCH, and you can also find the data in the corresponding csv files.
The following figure shows various metadata of the collected dataset, and more detailed information is available in Section III-A of the paper.
The information and structure of each table is as follows:
-
ARTIFACT:
GROUP_ID | ARTIFACT_ID | VERSION | LOC | USAGE_NUM | CLASS_NUM | ID -
CVE:
CVE_ID | CVSS | CWE | VUL_FUNs -
DEP
UP_GAV_ID(referred from ARTIFACT) | DOWN_GAV_ID(referred from ARTIFACT) -
PATCH
CVE(referred from CVE) | Patch | AFFECT_GAV_ID(referred from ARTIFACT)
This dataset contains 300 CVE and the detailed information of the corresponding patches and affected artifacts.
Downstream response is hold in response.csv file and the structure is as follows:
CVE | Upstream_GAV | Downstream_GAV | Downstream_repo | Downstream_commit
This directory contains scripts for the figures of the three research questions, all of which can be run directly from their current directories.
.
βββ README.md
βββ csv
β βββ ARTIFACT.csv
β βββ CVE.csv
β βββ DEP.csv
β βββ PATCH.csv
β βββ README.md
β βββ RESPONSE.csv
βββ dataset.db
βββ plot_script
βββ README.md
βββ RQ1
β βββ RQ1.1
β β βββ upstream_jar
β β βββ vulnerabel_function
β βββ RQ1.2
β βββ risky_mtd_acc_ratio
β βββ risky_mtd_num
βββ RQ2
β βββ constraint
β βββ downstream_context
β βββ exploitable_path_ratio
βββ RQ3
β βββ distribution
β βββ overview
β βββ response_speed
β βββ survey
βββ data collection