FlawFix:Automated Vulnerability Fixing Tool for Open Source Libraries

Abstract

In recent years, software applications use open source software (OSS) libraries extensively to speed up the development. These open source software libraries are prone to increasingly prominent vulnerabilities that are publicly disclosed. It is consequently essential for software developers to identify dependencies on vulnerable libraries regularly, to concretely assess their impact, and to alleviate any potential risk. Vulnerability scan and assessment tools, therefore, are being used to keep track of vulnerable dependencies. Various tools are available in the market that scan, assess and provide remediations for various vulnerabilities caused due to open source library dependencies. Manual efforts are required to fix the vulnerabilities once the remediation is provided. Here, in this paper, we are going to discuss a tool "FlawFix" which scans, assesses and fixes the vulnerabilities caused by open source library dependencies automatically thereby, overcoming the limitation of relying on manual .By using this tool we not only reduce manual errors but also save many man days, which can be used to focus more on business logic. The paper is organized as follows, section 1 gives a brief introduction of the tool’s necessity and definitions of few important terms. Section 2 highlights the work that has been done in this domain, the methodologies and their limitations. The paper then gives the methodology of our proposed tool which highlights the features, steps to be followed etc. Finally we conclude our work by mentioning some of the limitations which lays potential scope for our future work.