{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,2]],"date-time":"2026-02-02T11:58:02Z","timestamp":1770033482304,"version":"3.49.0"},"reference-count":9,"publisher":"SAGE Publications","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IFS"],"published-print":{"date-parts":[[2021,9,15]]},"abstract":"<jats:p>In the software development process, many developers learn from code snippets in the open-source community to implement specific functions. However, few people think about whether these code have vulnerabilities, which provides channels for developing unsafe programs. To this end, this paper constructs a source code snippets vulnerability mining system named PyVul based on deep learning to automatically detect the security of code snippets in the open source community. PyVul builds abstract syntax tree (AST) for the source code to extract its code feature, and then introduces the bidirectional long-term short-term memory (BiLSTM) neural network algorithm to detect vulnerability codes. If it is vulnerable code, the further constructed a multi-classification model could analyze the context discussion contents in associated threads, to classify the code vulnerability type based the content description. Compared with traditional detection methods, this method can identify vulnerable code and classify vulnerability type. The accuracy of the proposed model can reach 85%. PyVul also found 138 vulnerable code snippets in the real public open-source community. In the future, it can be used in the open-source community for vulnerable code auditing to assist users in safe development.<\/jats:p>","DOI":"10.3233\/jifs-211011","type":"journal-article","created":{"date-parts":[[2021,8,10]],"date-time":"2021-08-10T14:32:36Z","timestamp":1628605956000},"page":"3615-3628","source":"Crossref","is-referenced-by-count":4,"title":["Intelligent mining vulnerabilities in python code snippets"],"prefix":"10.1177","volume":"41","author":[{"given":"Wenbo","family":"Guo","sequence":"first","affiliation":[{"name":"School of Cyber Science and Engineering, Sichuan University, Chengdu, China"}]},{"given":"Cheng","family":"Huang","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Sichuan University, Chengdu, China"}]},{"given":"Weina","family":"Niu","sequence":"additional","affiliation":[{"name":"Institute for Cyber Security, School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China"}]},{"given":"Yong","family":"Fang","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Sichuan University, Chengdu, China"}]}],"member":"179","reference":[{"issue":"3","key":"10.3233\/JIFS-211011_ref3","doi-asserted-by":"crossref","first-page":"1259","DOI":"10.1007\/s10664-018-9650-5","article-title":"Usage and attribution of Stack Overflow code snippets in GitHub projects","volume":"24","author":"Baltes","year":"2019","journal-title":"Empirical Software Engineering"},{"issue":"110","key":"10.3233\/JIFS-211011_ref6","first-page":"1","article-title":"ScanDal: Static analyzer for detecting privacy leaks in android applications","volume":"12","author":"Kim","year":"2012","journal-title":"MoST"},{"issue":"7","key":"10.3233\/JIFS-211011_ref8","first-page":"775","article-title":"A static analyzer for finding dynamic programming errors","volume":"30","author":"Bush","year":"2000","journal-title":"Software: Practice and Experience"},{"issue":"2","key":"10.3233\/JIFS-211011_ref12","doi-asserted-by":"crossref","first-page":"141","DOI":"10.1007\/s11859-019-1379-5","article-title":"A Python security analysis framework in integrity verification and vulnerability detection","volume":"24","author":"Peng","year":"2019","journal-title":"Wuhan University Journal of Natural Sciences"},{"issue":"11","key":"10.3233\/JIFS-211011_ref18","doi-asserted-by":"crossref","first-page":"e0225196","DOI":"10.1371\/journal.pone.0225196","article-title":"TAP: A static analysis model for PHP vulnerabilities based on token and deep learning technology","volume":"14","author":"Fang","year":"2019","journal-title":"PloS One"},{"key":"10.3233\/JIFS-211011_ref26","doi-asserted-by":"crossref","first-page":"221","DOI":"10.1016\/j.eswa.2016.10.065","article-title":"Improving sentiment analysis via sentence type classification using BiLSTM-CRF and CNN","volume":"72","author":"Chen","year":"2017","journal-title":"Expert Systems with Applications"},{"issue":"10","key":"10.3233\/JIFS-211011_ref27","doi-asserted-by":"crossref","first-page":"993","DOI":"10.1109\/TSE.2014.2340398","article-title":"Predicting vulnerable software components via text mining","volume":"40","author":"Scandariato","year":"2014","journal-title":"IEEE Transactions on Software Engineering"},{"issue":"2","key":"10.3233\/JIFS-211011_ref30","doi-asserted-by":"crossref","first-page":"289","DOI":"10.1109\/TNNLS.2013.2274735","article-title":"Multiclass from binary: Expanding one-versus-all, one-versus-one and ecoc-based approaches","volume":"25","author":"Rocha","year":"2013","journal-title":"IEEE Transactions on Neural Networks and Learning Systems"},{"issue":"7","key":"10.3233\/JIFS-211011_ref34","first-page":"1329","article-title":"DeepBalance: Deep-learning and fuzzy oversampling for vulnerability detection","volume":"28","author":"Liu","year":"2019","journal-title":"IEEE Transactions on Fuzzy Systems"}],"container-title":["Journal of Intelligent &amp; Fuzzy Systems"],"original-title":[],"link":[{"URL":"https:\/\/content.iospress.com\/download?id=10.3233\/JIFS-211011","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,2]],"date-time":"2026-02-02T01:59:52Z","timestamp":1769997592000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/full\/10.3233\/JIFS-211011"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,9,15]]},"references-count":9,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.3233\/jifs-211011","relation":{},"ISSN":["1064-1246","1875-8967"],"issn-type":[{"value":"1064-1246","type":"print"},{"value":"1875-8967","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,9,15]]}}}