Vulnerability-Triggering Test Case Generation from Third-Party Libraries

TL;DR

This paper introduces VULEUT, a novel method combining reachability analysis and LLM-based test generation to automatically verify vulnerabilities in third-party libraries within client projects, improving detection accuracy.

Contribution

VULEUT is the first approach to integrate vulnerability reachability analysis with LLM-driven unit test generation for third-party library vulnerability verification.

Findings

VULEUT successfully confirmed 229 vulnerabilities out of 292 tests.

It outperforms baseline tools TRANSFER and VESTA by 24%.

Effective in real-world client project scenarios.

Abstract

Open-source third-party libraries are widely used in software development. These libraries offer substantial advantages in terms of time and resource savings. However, a significant concern arises due to the publicly disclosed vulnerabilities within these libraries. Existing automated vulnerability detection tools often suffer from false positives and fail to accurately assess the propagation of inputs capable of triggering vulnerabilities from client projects to vulnerable code in libraries. In this paper, we propose a novel approach called VULEUT (Vulnerability Exploit Unit Test Generation), which combines vulnerability exploitation reachability analysis and LLM-based unit test generation. VULEUT is designed to automatically verify the exploitability of vulnerabilities in third-party libraries commonly used in client software projects. VULEUT first analyzes the client projects to determine the reachability of vulnerability conditions. And then, it leverages the Large Language Model (LLM) to generate unit tests for vulnerability confirmation. To evaluate the effectiveness of VULEUT, we collect 32 vulnerabilities from various third-party libraries and conduct experiments on 70 real client projects. Besides, we also compare our approach with two representative tools, i.e., TRANSFER and VESTA. Our results demonstrate the effectiveness of VULEUT, with 229 out of 292 generated unit tests successfully confirming vulnerability exploitation across 70 client projects, which outperforms baselines by 24%.