A Study of Vulnerability Repair in JavaScript Programs with Large Language Models
This addresses the problem of security vulnerabilities in web applications for JavaScript developers, but it is incremental as it builds on existing LLM capabilities for code repair.
The study evaluated ChatGPT and Bard for finding and fixing security vulnerabilities in JavaScript programs, showing that LLMs are promising but achieving correct patches often requires appropriate context in prompts.
In recent years, JavaScript has become the most widely used programming language, especially in web development. However, writing secure JavaScript code is not trivial, and programmers often make mistakes that lead to security vulnerabilities in web applications. Large Language Models (LLMs) have demonstrated substantial advancements across multiple domains, and their evolving capabilities indicate their potential for automatic code generation based on a required specification, including automatic bug fixing. In this study, we explore the accuracy of LLMs, namely ChatGPT and Bard, in finding and fixing security vulnerabilities in JavaScript programs. We also investigate the impact of context in a prompt on directing LLMs to produce a correct patch of vulnerable JavaScript code. Our experiments on real-world software vulnerabilities show that while LLMs are promising in automatic program repair of JavaScript code, achieving a correct bug fix often requires an appropriate amount of context in the prompt.