A simple tool to mine before and after states of methods in commits, that are marked as vulnerability fixes in the project-kb repo.

The following must be installed beforehand:

• Java SE 15

This tool uses the JavaParser tool to parse the ast from the java files, and the a Java wrapper for the GitHub API to parse the commits. For the GitHub API to work, an oath token must be provided as stated in the official documentation:

• Create file ~/.github
• Place the text oauth=<TOKEN> into it, where is substituted with your own GitHub oath access token.

Compilation, building is done with the help of Gradle:

• gradlew run --args="<OUTPUT CSV PATH> <PROJECT_KB/STATEMENTS PATH>"

<OUTPUT CSV PATH> should be the path to a csv where the results will be written.
<PROJECT_KB/STATEMENTS PATH> should be the path to the statements folder in the vulnerability-data branch of project-kb repo.