This repository is provide the scripts and technical documentation of Empirical Analysis of Vulnerabilities Life Cycle in Golang Ecosystem.
note: These files' functions should be executed sequentially.
- Run index_crawl.py to gather Golang Index information.
- Utilize vulnerability_mongodb.py to create the vulnerability database.
- Execute generate_safe_range.py to determine the safe range of vulnerabilities.
- Fetch the dependency relation from the Bigquery Database.
- Run generate_vul_dependents.py to identify repositories for analysis.
- Use download_libs_vul.py to download vulnerable repositories.
- Utilize get_exactly_patch_time.py to pinpoint the exact fix time for impacted modules.
- Run research_questions.py to analyze the generated data, covering analysis for rq1-rq4. (Note: In research_questions.py, each RQ and Figure introduce functions to retrieve corresponding data.)
Because of the limit of large files, we only provide dataset here(https://drive.google.com/file/d/1T9aqAmDJlQO3ytWzGv3cT0oxL3yOB69Y/view?usp=sharing, https://drive.google.com/file/d/1d4MR5YtfzBUgeWoGzTELLIeNYSdV8OJ6/view?usp=sharing, https://drive.google.com/file/d/1dHUZ6p01d8CBdAbNrIR3qqArIyne7QiA/view?usp=sharing, https://drive.google.com/file/d/1q--I7Ysz14v834M7EeQIaF7ewM3u1A_m/view?usp=sharing, https://drive.google.com/file/d/1to6i9pmhwUsw0PnvABdC2oa5EEJLa8Mf/view?usp=sharing)