Hugging Face's logo

jacpacd
/
vuln-detector-codebert

Text Classification
Transformers
Safetensors
code
roberta
code-classification
vulnerability-detection
automatic-vulnerability-detection
secure-coding
Model card Files
xet
Community
jacpacd commited on
Commit
4879017
·
verified ·
1 Parent(s): 19457b9

Update README.md

Browse files
Files changed (1) hide show
  1. README.md +62 -36
README.md CHANGED
@@ -1,57 +1,83 @@
1
  ---
 
 
 
2
  library_name: transformers
3
- base_model: microsoft/codebert-base
4
  tags:
5
- - generated_from_trainer
6
- model-index:
7
- - name: vuln-detector-codebert
8
- results: []
 
9
  ---
10
 
11
- <!-- This model card has been generated automatically according to the information the Trainer had access to. You
12
- should probably proofread and complete it, then remove this comment. -->
13
 
14
- # vuln-detector-codebert
15
 
16
- This model is a fine-tuned version of [microsoft/codebert-base](https://huggingface.co/microsoft/codebert-base) on an unknown dataset.
17
- It achieves the following results on the evaluation set:
18
- - Loss: 0.0000
19
 
20
- ## Model description
21
 
22
- More information needed
23
 
24
- ## Intended uses & limitations
25
 
26
- More information needed
27
 
28
- ## Training and evaluation data
 
 
 
29
 
30
- More information needed
31
 
32
- ## Training procedure
33
 
34
- ### Training hyperparameters
 
35
 
36
- The following hyperparameters were used during training:
37
- - learning_rate: 5e-05
38
- - train_batch_size: 8
39
- - eval_batch_size: 8
40
- - seed: 42
41
- - optimizer: Use OptimizerNames.ADAMW_TORCH_FUSED with betas=(0.9,0.999) and epsilon=1e-08 and optimizer_args=No additional optimizer arguments
42
- - lr_scheduler_type: linear
43
- - num_epochs: 1
44
 
45
- ### Training results
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
46
 
47
- | Training Loss | Epoch | Step | Validation Loss |
48
- |:-------------:|:-----:|:-----:|:---------------:|
49
- | 0.0 | 1.0 | 17310 | 0.0000 |
 
 
 
 
 
 
 
 
 
 
 
 
50
 
 
 
51
 
52
- ### Framework versions
 
53
 
54
- - Transformers 4.56.0
55
- - Pytorch 2.8.0+cu126
56
- - Datasets 4.0.0
57
- - Tokenizers 0.22.0
 
1
  ---
2
+ license: mit
3
+ language:
4
+ - code
5
  library_name: transformers
 
6
  tags:
7
+ - text-classification
8
+ - code-classification
9
+ - vulnerability-detection
10
+ - automatic-vulnerability-detection
11
+ - secure-coding
12
  ---
13
 
14
+ # Vulnerability Detector for C Code (SARD)
 
15
 
16
+ This model is a fine-tuned version of `microsoft/codebert-base` designed to detect vulnerabilities in C source code functions. It was developed as a submission for the AI Grand Challenge (PS-1).
17
 
18
+ ## Model Description
 
 
19
 
20
+ This is a binary text-classification model that takes a C function as input and classifies it as either **Vulnerable** (`LABEL_1`) or **Safe** (`LABEL_0`).
21
 
22
+ The model was specifically fine-tuned on the [NIST SARD (Software Assurance Reference Dataset)](https://samate.nist.gov/SARD/), focusing on common C vulnerabilities like Memory Leaks, Buffer Overflows, and other CWEs present in the Juliet Test Suite. Due to the clean and structured nature of the SARD dataset, the model achieved a very high accuracy on the validation set.
23
 
24
+ ## Intended Uses & Limitations
25
 
26
+ This model is intended as a proof-of-concept tool to assist developers in identifying potentially vulnerable code patterns during the development lifecycle.
27
 
28
+ **Limitations:**
29
+ * The model is highly specialized for the types of vulnerabilities found in the SARD dataset. Its performance on real-world, messy, or obfuscated code may be lower.
30
+ * It should be used as an assistive tool, not as a replacement for comprehensive security audits or other static analysis tools.
31
+ * The model classifies entire functions and may not pinpoint the exact line of code responsible for the vulnerability.
32
 
33
+ ## How to Use
34
 
35
+ The model can be easily used with the `transformers` library `pipeline`.
36
 
37
+ ```python
38
+ from transformers import pipeline
39
 
40
+ # Load the classifier pipeline
41
+ classifier = pipeline("text-classification", model="jacpacd/vuln-detector-codebert-c-sard")
 
 
 
 
 
 
42
 
43
+ # Example of a vulnerable C function (Memory Leak)
44
+ vulnerable_code = """
45
+ void CWE401_Memory_Leak__strdup_char_01_bad()
46
+ {
47
+ char * data;
48
+ data = NULL;
49
+ {
50
+ char myString[] = "myString";
51
+ /* POTENTIAL FLAW: Allocate memory from the heap */
52
+ data = strdup(myString);
53
+ printLine(data);
54
+ }
55
+ /* POTENTIAL FLAW: No deallocation of memory */
56
+ ;
57
+ }
58
+ """
59
 
60
+ # Example of a safe C function
61
+ safe_code = """
62
+ void CWE401_Memory_Leak__strdup_char_01_goodB2G()
63
+ {
64
+ char * data;
65
+ data = NULL;
66
+ {
67
+ char myString[] = "myString";
68
+ data = strdup(myString);
69
+ printLine(data);
70
+ }
71
+ /* FIX: Deallocate memory */
72
+ free(data);
73
+ }
74
+ """
75
 
76
+ results_vuln = classifier(vulnerable_code)
77
+ results_safe = classifier(safe_code)
78
 
79
+ print(f"Vulnerable Code Prediction: {results_vuln[0]}")
80
+ # Expected output: {'label': 'LABEL_1', 'score': 0.99...}
81
 
82
+ print(f"Safe Code Prediction: {results_safe[0]}")
83
+ # Expected output: {'label': 'LABEL_0', 'score': 0.99...}