IF4053 - CAPRA: Context-Aware Patch Risk Assessment - Kelompok F

Kelompok F:
- Arlow Emmanuel Hergara (13523161)
- Fachriza Ahmad Setiyono (13523162)
- Filbert Engyo (13523163)

Reference:
Benxiao Tang, Shilin Zhang, Fei Zhu, Aoshuang Ye,
CAPRA: Context-Aware patch risk assessment for detecting immature vulnerability in open-source software,
Computers & Security,
Volume 157,
2025,
104540,
ISSN 0167-4048,
Abstract: Software development increasingly relies on open-source contributions, yet these projects face significant security challenges. Large collaborative codebases frequently encounter vulnerabilities due to varying developer skill levels and reviewers’ incomplete understanding of code changes’ contextual implications. Traditional detection measures typically activate only after code merging, missing opportunities for detecting potential risks (e.g. immature vulnerability). This paper presents CAPRA, a security detection tool analyzing pending patches through static analysis to identify potential memory leak and Use-After-Free vulnerabilities before integration. Our approach employs code property graph, eliminating compilation environment dependencies while efficiently detecting whether code modifications activate latent vulnerabilities. Using our newly constructed dataset targeting risk-triggering scenarios, experimental results demonstrate CAPRA achieves 97.3% accuracy with 98% recall and only 3.5% false positives—confirming its effectiveness for enhancing code review processes through targeted, early vulnerability detection in rapidly iterating collaborative projects.
Keywords: Open-source software; Defect detection; Immature vulnerability; Static analysis; Patch security; Code property graph

Видео IF4053 - CAPRA: Context-Aware Patch Risk Assessment - Kelompok F канала KrakacatS