Purpose Existing vulnerability repair methods are often suboptimal to timely and accurately fix vulnerabilities in smart infrastructures, due to lack of domain-specific knowledge (e.g. vulnerability root causes and repair strategies) and the structure information of target codes. This study aims to solve this academic problem. Design/methodology/approach To address these problems, in this paper, the authors propose OpenFix, which leverage graph representation and Large Language Model (LLM) knowledge augmentation to achieve prompt-guided vulnerability repair. OpenFix primarily consists of a vulnerability cause and code semantic-fused hybrid retrieval (VCCS-HR) module and a code structure graph generation (CSGG) module: the VCCS-HR module computes a hybrid similarity between the target code and knowledge, combining vulnerability cause and code semantic similarities, and selects the most relevant knowledge to assist the model in understanding vulnerabilities. The CSGG module leverages Joern to generate code property graphs and prunes information irrelevant to vulnerabilities, helping LLMs understand the code syntax and semantics to improve the quality of generated patches. Findings The experimental results on 97 zero-day vulnerabilities and 20 existing vulnerabilities validate that its superior performance to five state-of-the-art vulnerability repair baselines (by up to 29.61% in F1 and 14.29% in recall over the best baseline). Originality/value This study introduces OpenFix, a novel method that leveraging graph representation and LLM knowledge augmentation to substantially improve their effectiveness in vulnerability repair. To supply the model with highly relevant domain knowledge for improved vulnerability comprehension, the authors propose an efficient retrieval approach that jointly incorporates vulnerability causes and code semantic similarity, thereby identifying the knowledge most pertinent to the target vulnerable code. The authors introduce graph structural information of vulnerabilities into LLMs for vulnerability repair, thereby enriching the models with syntactic and semantic code information which can effectively address the limitations of LLM when only treating the code as plain text. The authors conducted an evaluation of OpenFix on 97 zero-day samples and 20 existing real-world vulnerability samples. The results show that, compared with state-of-the-art vulnerability repair methods, OpenFix achieved the highest recall of 57.73% and 92.00%.
Xiang et al. (Fri,) studied this question.