final pre-submission

afl_data.txt

@@ -0,0 +1,325 @@
+CVE-2014-6277
+CVE-2014-6278
+CVE-2013-6629
+CVE-2014-9495
+CVE-2015-8126
+CVE-2015-5477
+CVE-2015-5722
+CVE-2015-5986
+CVE-2015-0252
+CVE-2016-0729
+CVE-2016-4463
+CVE-2015-5781
+CVE-2015-5782
+CVE-2014-8127
+CVE-2014-8128
+CVE-2014-8129
+CVE-2014-8130
+CVE-2016-10092
+CVE-2016-10093
+CVE-2016-10094
+CVE-2016-10095
+CVE-2014-1564
+CVE-2014-1580
+CVE-2014-8637
+CVE-2015-0329
+CVE-2015-0323
+CVE-2014-9116
+CVE-2015-1463
+CVE-2015-2170
+CVE-2015-2221
+CVE-2015-2222
+CVE-2015-1802
+CVE-2015-1803
+CVE-2015-1804
+CVE-2015-0848
+CVE-2015-4695
+CVE-2015-4696
+CVE-2015-5522
+CVE-2015-5523
+CVE-2014-9637
+CVE-2015-1788
+CVE-2015-0288
+CVE-2015-3193
+CVE-2014-8564
+CVE-2014-9556
+CVE-2014-9732
+CVE-2015-4467
+CVE-2015-4468
+CVE-2015-4469
+CVE-2015-4470
+CVE-2015-4471
+CVE-2015-4472
+CVE-2015-1858
+CVE-2015-1859
+CVE-2015-1860
+CVE-2015-2063
+CVE-2015-2782
+CVE-2015-3905
+CVE-2014-8123
+CVE-2015-4590
+CVE-2014-9679
+CVE-2015-2310
+CVE-2015-2312
+CVE-2015-3622
+CVE-2016-4008
+CVE-2014-9274
+CVE-2014-9275
+CVE-2015-1315
+CVE-2015-1845
+CVE-2015-1846
+CVE-2015-3228
+CVE-2015-1606
+CVE-2015-1607
+CVE-2014-9087
+CVE-2014-6355
+CVE-2015-0061
+CVE-2015-7855
+CVE-2016-7434
+CVE-2015-7941
+CVE-2015-8035
+CVE-2015-8241
+CVE-2015-8242
+CVE-2015-8317
+CVE-2016-4658
+CVE-2016-5131
+CVE-2015-5309
+CVE-2015-5311
+CVE-2015-0232
+CVE-2017-5340
+CVE-2015-2158
+CVE-2015-0860
+CVE-2015-8380
+CVE-2016-1925
+CVE-2014-9771
+CVE-2016-3994
+CVE-2015-8863
+CVE-2015-5726
+CVE-2016-2194
+CVE-2016-2195
+CVE-2016-2196
+CVE-2015-8872
+CVE-2016-4804
+CVE-2016-0718
+CVE-2015-8915
+CVE-2015-8916
+CVE-2015-8917
+CVE-2015-8918
+CVE-2015-8919
+CVE-2015-8920
+CVE-2015-8928
+CVE-2015-8921
+CVE-2015-8922
+CVE-2015-8923
+CVE-2015-8924
+CVE-2015-8925
+CVE-2015-8926
+CVE-2015-8927
+CVE-2015-8929
+CVE-2015-8930
+CVE-2015-8931
+CVE-2015-8932
+CVE-2015-8933
+CVE-2015-8934
+CVE-2016-5844
+CVE-2016-1541
+CVE-2016-8687
+CVE-2016-8688
+CVE-2016-8689
+CVE-2016-2226
+CVE-2016-4487
+CVE-2016-4488
+CVE-2016-4489
+CVE-2016-4490
+CVE-2016-4491
+CVE-2016-4492
+CVE-2016-4493
+CVE-2016-6131
+CVE-2016-6239
+CVE-2016-6240
+CVE-2016-6241
+CVE-2016-6242
+CVE-2016-6243
+CVE-2016-6244
+CVE-2016-6245
+CVE-2016-6246
+CVE-2016-6247
+CVE-2016-6254
+CVE-2016-6261
+CVE-2016-6263
+CVE-2016-9422
+CVE-2016-9423
+CVE-2016-9424
+CVE-2016-9425
+CVE-2016-9426
+CVE-2016-9427
+CVE-2016-9428
+CVE-2016-9429
+CVE-2016-9430
+CVE-2016-9431
+CVE-2016-9432
+CVE-2016-9433
+CVE-2016-9434
+CVE-2016-9435
+CVE-2016-9436
+CVE-2016-9437
+CVE-2016-9438
+CVE-2016-9439
+CVE-2016-9440
+CVE-2016-9441
+CVE-2016-9442
+CVE-2016-9443
+CVE-2016-9622
+CVE-2016-9623
+CVE-2016-9624
+CVE-2016-9625
+CVE-2016-9626
+CVE-2016-9627
+CVE-2016-9628
+CVE-2016-9629
+CVE-2016-9630
+CVE-2016-9631
+CVE-2016-9632
+CVE-2016-9633
+CVE-2016-5823
+CVE-2016-5824
+CVE-2016-5825
+CVE-2016-5826
+CVE-2016-5827
+CVE-2017-5357
+CVE-2017-5356
+CVE-2017-5193
+CVE-2016-8690
+CVE-2016-8691
+CVE-2016-8692
+CVE-2016-8693
+CVE-2016-8884
+CVE-2016-8885
+CVE-2016-8886
+CVE-2016-8887
+CVE-2016-9387
+CVE-2016-9388
+CVE-2016-9389
+CVE-2016-9390
+CVE-2016-9391
+CVE-2016-9392
+CVE-2016-9393
+CVE-2016-9394
+CVE-2016-9395
+CVE-2016-9396
+CVE-2016-9397
+CVE-2016-9398
+CVE-2016-9399
+CVE-2016-9557
+CVE-2016-9560
+CVE-2017-5502
+CVE-2017-5501
+CVE-2017-5500
+CVE-2017-5499
+CVE-2017-5498
+CVE-2017-5503
+CVE-2017-5504
+CVE-2017-5505
+CVE-2016-4198
+CVE-2016-6969
+CVE-2016-6978
+CVE-2016-1516
+CVE-2016-1517
+CVE-2016-10169
+CVE-2016-10170
+CVE-2016-10171
+CVE-2016-10172
+CVE-2017-5665
+CVE-2017-5666
+CVE-2017-5851
+CVE-2016-8677
+CVE-2016-8678
+CVE-2016-8862
+CVE-2016-8866
+CVE-2016-9556
+CVE-2016-9559
+CVE-2017-12983
+CVE-2016-7449
+CVE-2016-8682
+CVE-2016-8683
+CVE-2016-8684
+CVE-2015-5479
+CVE-2016-6832
+CVE-2016-7393
+CVE-2016-7424
+CVE-2016-7477
+CVE-2016-7499
+CVE-2016-8676
+CVE-2016-9819
+CVE-2016-9820
+CVE-2016-9821
+CVE-2016-9822
+CVE-2016-9823
+CVE-2016-9824
+CVE-2016-9825
+CVE-2016-9826
+CVE-2016-8679
+CVE-2016-8680
+CVE-2016-8681
+CVE-2016-9275
+CVE-2016-9276
+CVE-2016-9558
+CVE-2016-9264
+CVE-2016-9265
+CVE-2016-9266
+CVE-2016-9827
+CVE-2016-9828
+CVE-2016-9829
+CVE-2016-9831
+CVE-2016-9011
+CVE-2016-8685
+CVE-2016-8686
+CVE-2016-8694
+CVE-2016-8695
+CVE-2016-8696
+CVE-2016-8697
+CVE-2016-8698
+CVE-2016-8699
+CVE-2016-8700
+CVE-2016-8701
+CVE-2016-8702
+CVE-2016-8703
+CVE-2016-8674
+CVE-2017-7264
+CVE-2015-8981
+CVE-2017-5852
+CVE-2017-5853
+CVE-2017-5854
+CVE-2017-5855
+CVE-2017-5886
+CVE-2016-10198
+CVE-2016-10199
+CVE-2017-5840
+CVE-2017-5844
+CVE-2017-5846
+CVE-2017-5974
+CVE-2017-5975
+CVE-2017-5976
+CVE-2017-5977
+CVE-2017-5978
+CVE-2017-5980
+CVE-2017-5981
+CVE-2015-8985
+CVE-2017-6312
+CVE-2017-6311
+CVE-2015-3145
+CVE-2015-3144
+CVE-2017-7407
+CVE-2017-7476
+CVE-2017-7475
+CVE-2017-6829
+CVE-2017-6830
+CVE-2017-6831
+CVE-2017-6832
+CVE-2017-6833
+CVE-2017-6834
+CVE-2017-6835
+CVE-2017-6836
+CVE-2017-6837
+CVE-2017-6838
+CVE-2017-6839

afl_types.py

@@ -0,0 +1,86 @@
+from pymongo import MongoClient
+from vendors.debian.CVEParse import CVEParse as cparse
+import json
+from fixcwes import ret_roots
+import matplotlib.pyplot as plt
+import seaborn as sns
+import paper_plots as carlosplt
+
+cves = []
+client = MongoClient()
+
+
+with open('afl_data.txt', 'r') as f:
+    for line in f:
+        cves.append(line[:-1])
+
+cwes = []
+
+for cve_id in cves:
+    cve = cparse.fetchCVE(cve_id, client)
+    cvestats = cparse.parseCVE(cve_id, cve)
+    cwes.append(cvestats[4])
+
+cwes_counter = dict()
+
+for cwe in cwes:
+    if cwe in cwes_counter:
+        cwes_counter[cwe] += 1
+    else:
+        cwes_counter[cwe] = 1
+
+with open("cwe_afl.json","w") as fp:
+        json.dump(cwes_counter,fp)
+
+print(cwes_counter)
+path = './vendors/debian/cache/cvetable'
+cvetable = dict()
+
+with open(path) as f:
+    cvetable = json.load(f)
+
+ii = 0
+
+for cve_id in cves:
+    if cve_id in cvetable:
+        ii += 1
+
+cwes_deb = []
+
+for cve_id in cves:
+    if cve_id in cvetable:
+        cve = cparse.fetchCVE(cve_id, client)
+        cvestats = cparse.parseCVE(cve_id, cve)
+        cwes_deb.append(cvestats[4])
+
+cwes_counter_deb = dict()
+
+for cwe in cwes_deb:
+    if cwe in cwes_counter_deb:
+        cwes_counter_deb[cwe] += 1
+    else:
+        cwes_counter_deb[cwe] = 1
+
+with open("cwe_afl_deb.json","w") as fp:
+        json.dump(cwes_counter_deb,fp)
+
+print(ii)
+root_list = ['CWE-682', 'CWE-118', 'CWE-664', 'CWE-693', 'CWE-710', 'rest' ]
+data = [29, 158, 23, 27, 39, 62]
+
+carlosplt.pre_paper_plot()
+
+fig1, ax1 = plt.subplots()
+
+ax1.pie(data, labels=root_list, autopct='%1.1f%%', startangle=90)
+
+#draw circle
+centre_circle = plt.Circle((0,0),0.70,fc='white')
+fig = plt.gcf()
+fig.gca().add_artist(centre_circle)
+
+# Equal aspect ratio ensures that pie is drawn as a circle
+ax1.axis('equal')  
+plt.tight_layout()
+carlosplt.post_paper_plot(True,True,True)
+plt.show()

cwe_afl.json

@@ -0,0 +1,22 @@
+"CWE-78": 2
+"CWE-200": 9
+"CWE-119": 107
+"CWE-19": 2
+"CWE-20": 26
+"CWE-125": 38
+"0": 18
+"CWE-787": 2
+"CWE-369": 8
+"CWE-189": 27
+"CWE-824": 1
+"CWE-17": 1
+"CWE-399": 9
+"CWE-310": 1
+"CWE-190": 20
+"CWE-400": 1
+"CWE-416": 10
+"CWE-191": 1
+"CWE-476": 37
+"CWE-415": 2
+"Unknown": 2
+"CWE-284": 1

cwe_afl_deb.json

@@ -0,0 +1 @@
+{"CWE-200": 1, "CWE-119": 43, "CWE-19": 1, "CWE-20": 10, "CWE-125": 15, "0": 7, "CWE-787": 1, "CWE-189": 8, "CWE-399": 3, "CWE-416": 2, "CWE-476": 8, "CWE-190": 7, "CWE-369": 4, "CWE-415": 1, "CWE-284": 1}

plot_functions.py

@@ -404,9 +404,10 @@ class WheezyPloter:
 def plot_all(src2month, src2sloccount, pkg_with_cvss):
     years = 18
     # 2001-2000+years
+
     myplotter = Plotter(src2month, src2sloccount, pkg_with_cvss, years)
     
     # consider severity (low, medium, high, undefined)
     # Undefined is usual for newly added packages
-    myplotter.plot_all_severity(False,False,True,False)
+    myplotter.plot_all_severity(True,True,True,True)
     myplotter.plot_severity_percentage()

types.py

@@ -19,7 +19,12 @@ def main():
     # 2000-2018
     
     j = TypePlotter(data, years)
-    j.plot_types()
+    #j.plot_types()
+
+    sum_linux = 0
+    for num in data.src2month['linux'][:-12]:
+        sum_linux += num
+    print(sum_linux)
 
     #l = claplace(data,years)