StaticFixer: From Static Analysis to Static Repair

TL;DR

StaticFixer leverages static analysis to automatically repair information flow vulnerabilities in code, introducing a novel DSL and learning strategies that outperform neural baselines on real-world JavaScript vulnerabilities.

Contribution

The paper presents StaticFixer, a system that uses static analysis perturbations and a new DSL to synthesize non-local repairs for information flow vulnerabilities, outperforming neural methods.

Findings

Successfully repaired hundreds of vulnerabilities in open source JavaScript code.

Outperformed neural baselines like CodeT5 and Codex.

Introduced a novel approach combining static analysis and strategy learning.

Abstract

Static analysis tools are traditionally used to detect and flag programs that violate properties. We show that static analysis tools can also be used to perturb programs that satisfy a property to construct variants that violate the property. Using this insight we can construct paired data sets of unsafe-safe program pairs, and learn strategies to automatically repair property violations. We present a system called \sysname, which automatically repairs information flow vulnerabilities using this approach. Since information flow properties are non-local (both to check and repair), \sysname also introduces a novel domain specific language (DSL) and strategy learning algorithms for synthesizing non-local repairs. We use \sysname to synthesize strategies for repairing two types of information flow vulnerabilities, unvalidated dynamic calls and cross-site scripting, and show that \sysname successfully repairs several hundred vulnerabilities from open source {\sc JavaScript} repositories, outperforming neural baselines built using {\sc CodeT5} and {\sc Codex}. Our datasets can be downloaded from \url{http://aka.ms/StaticFixer}.