GPTAid

This is the repository of the study Generating API Parameter Security Rules with LLM for API Misuse Detection（Accepted by NDSS 2025)

NOTE: It is highly recommended to run in a virtual machine environment.

1. Install

1.1 install tiktoken, tree-sitter and openai

pip install tiktoken, tree-sitter==0.20.1, openai==0.27.6

1.2 install cinspector (0.0.1)

https://github.com/PeiweiHu/cinspector

2. Usage

2.1 Preprocess:

Preprocess the target library code to get the function code.

    cd GPTAid/src/Preprocess

Step 1: Set data

Before running the preprocessing scripts, ensure that you have correctly set the required data (project_dir, lib_name and out_dir) in the code.

• project_dir: The directory containing the target library code.
  • Example: ../../test_info/libpcap/
• lib_name: The name of the target library/software.
  • Example: libpcap
• out_dir: The output directory where the processed data will be stored.
  • Ensure that this directory follows the naming convention: xxx-funcs (e.g., libpcap-funcs).
  • Ensure the out_dir is same for get-graph-treesitter and gen_callgraph.

Step 2: Run the Preprocessing Scripts

python3 ./get-graph-treesitter.py
python3 ./gen_callgraph.py

2.2 Stage-1 Raw APSRs Generation

cd GPTAid/src

Step 1: Set data

• orig_key: Organization key required to query OpenAI.
• api_key: API key for authenticating OpenAI queries.
• api_path: Path to the list of APIs to be parsed.
  • Example: ../../test_info/api_info/api_list
• callgraph_path: Path to the API call graph information, generated by gen_callgraph.py.
  • The call graph data is stored in libname-funcs/0call_graph.json.
  • Example: ../../test_info/api_info/call_graph
• out_dir: The output directory where the processed data will be stored.

Step 2: Run the Scripts

python3 ./auto_gen_rule.py

2.3 Stage-2 APSRs Validation

cd GPTAid/src

Step 1: Set data

• orig_key: Organization key required to query OpenAI.

• api_key: API key for authenticating OpenAI queries.

• api_path: Path to the list of APIs to be parsed.

  • Example: ../../test_info/api_info/api_list

• callgraph_path: Path to the API call graph information, generated by gen_callgraph.py.

  • The call graph data is stored in libname-funcs/0call_graph.json.
  • Example: ../../test_info/api_info/call_graph

• root_passwd: Required for certain APIs that need sudo privileges. You can either provide the password here or run the script as root.

• info_dir: The output directory of Stage-1

• out_dir: The output directory where the processed data will be stored.

Step 2: Run the Scripts (Right code generation)

python3 /auto_gen_right_code.py right

Step 3: Update Output directory and Info directory.

• Set info_dir to the the output directory of Right code generation.
• Set out_dir to the new output direcroty.

Step 4: Run the Scripts (Violation code generation)

python3 ./auto_gen_right_code.py wrong

2.4 Stage-3 APSRs Refinement

cd GPTAid/src

Step 1: Set data

• orig_key: Organization key required to query OpenAI.
• api_key: API key for authenticating OpenAI queries.
• api_path: Path to the list of APIs to be parsed.
  • Example: ../../test_info/api_info/api_list
• callgraph_path: Path to the API call graph information, generated by gen_callgraph.py.
  • The call graph data is stored in libname-funcs/0call_graph.json.
  • Example: ../../test_info/api_info/call_graph
• root_passwd: Required for certain APIs that need sudo privileges. You can either provide the password here or run the script as root.
• info_dir: The output directory of Stage-2 (Violation code generation)
• out_dir: The output directory where the processed data will be stored.

Step 2: Run the Scripts

python3 ./auto_gen_final_parse.py