Hugging Face's logo

ayshajavd
/
graphcodebert-vuln-classifier

Text Classification
Transformers
Safetensors
English
code
roberta
security
vulnerability-detection
code-analysis
multi-label-classification
graphcodebert
owasp
cwe
static-analysis
Eval Results (legacy)
text-embeddings-inference
Model card Files
xet
 Community
graphcodebert-vuln-classifier / label_config.json
ayshajavd's picture
ayshajavd
v2: GraphCodeBERT + ASL + two-phase + per-class thresholds + calibration
b329c79 verified
raw
history blame contribute delete
12.6 kB
{
 "target_cwes": [
 "safe",
 "CWE-20",
 "CWE-22",
 "CWE-78",
 "CWE-79",
 "CWE-89",
 "CWE-94",
 "CWE-119",
 "CWE-125",
 "CWE-190",
 "CWE-200",
 "CWE-264",
 "CWE-269",
 "CWE-276",
 "CWE-284",
 "CWE-287",
 "CWE-310",
 "CWE-327",
 "CWE-330",
 "CWE-352",
 "CWE-362",
 "CWE-399",
 "CWE-401",
 "CWE-416",
 "CWE-434",
 "CWE-476",
 "CWE-502",
 "CWE-601",
 "CWE-787",
 "CWE-798",
 "CWE-918"
 ],
 "cwe_names": {
 "safe": "Safe Code",
 "CWE-20": "Improper Input Validation",
 "CWE-22": "Path Traversal",
 "CWE-78": "OS Command Injection",
 "CWE-79": "XSS",
 "CWE-89": "SQL Injection",
 "CWE-94": "Code Injection",
 "CWE-119": "Buffer Overflow",
 "CWE-125": "Out-of-bounds Read",
 "CWE-190": "Integer Overflow",
 "CWE-200": "Information Exposure",
 "CWE-264": "Permissions",
 "CWE-269": "Privilege Management",
 "CWE-276": "Incorrect Permissions",
 "CWE-284": "Access Control",
 "CWE-287": "Authentication",
 "CWE-310": "Crypto Issues",
 "CWE-327": "Broken Crypto",
 "CWE-330": "Insufficient Randomness",
 "CWE-352": "CSRF",
 "CWE-362": "Race Condition",
 "CWE-399": "Resource Management",
 "CWE-401": "Memory Leak",
 "CWE-416": "Use After Free",
 "CWE-434": "File Upload",
 "CWE-476": "NULL Pointer Deref",
 "CWE-502": "Insecure Deserialization",
 "CWE-601": "Open Redirect",
 "CWE-787": "Out-of-bounds Write",
 "CWE-798": "Hardcoded Credentials",
 "CWE-918": "SSRF"
 },
 "num_labels": 31,
 "cwe_to_owasp": {
 "CWE-22": "A01",
 "CWE-200": "A01",
 "CWE-264": "A01",
 "CWE-276": "A01",
 "CWE-284": "A01",
 "CWE-352": "A01",
 "CWE-601": "A01",
 "CWE-269": "A01",
 "CWE-310": "A02",
 "CWE-327": "A02",
 "CWE-330": "A02",
 "CWE-20": "A03",
 "CWE-78": "A03",
 "CWE-79": "A03",
 "CWE-89": "A03",
 "CWE-94": "A03",
 "CWE-119": "A03",
 "CWE-125": "A03",
 "CWE-190": "A03",
 "CWE-416": "A03",
 "CWE-476": "A03",
 "CWE-401": "A03",
 "CWE-787": "A03",
 "CWE-434": "A04",
 "CWE-362": "A04",
 "CWE-399": "A04",
 "CWE-287": "A07",
 "CWE-798": "A07",
 "CWE-502": "A08",
 "CWE-918": "A10"
 },
 "optimized_thresholds": {
 "safe": 0.5750000000000002,
 "CWE-20": 0.8750000000000003,
 "CWE-22": 0.7750000000000002,
 "CWE-78": 0.7500000000000002,
 "CWE-79": 0.5750000000000002,
 "CWE-89": 0.5250000000000001,
 "CWE-94": 0.7750000000000002,
 "CWE-119": 0.6000000000000002,
 "CWE-125": 0.7000000000000003,
 "CWE-190": 0.8750000000000003,
 "CWE-200": 0.7500000000000002,
 "CWE-264": 0.8250000000000003,
 "CWE-269": 0.5500000000000003,
 "CWE-276": 0.5,
 "CWE-284": 0.6000000000000002,
 "CWE-287": 0.4250000000000001,
 "CWE-310": 0.8000000000000003,
 "CWE-327": 0.5,
 "CWE-330": 0.7250000000000003,
 "CWE-352": 0.5,
 "CWE-362": 0.6250000000000002,
 "CWE-399": 0.9250000000000004,
 "CWE-401": 0.4250000000000001,
 "CWE-416": 0.6000000000000002,
 "CWE-434": 0.3000000000000001,
 "CWE-476": 0.8000000000000003,
 "CWE-502": 0.8750000000000003,
 "CWE-601": 0.47500000000000014,
 "CWE-787": 0.6000000000000002,
 "CWE-798": 0.25000000000000006,
 "CWE-918": 0.5
 },
 "temperature": 0.6163493394851685,
 "eval_metrics": {
 "eval_macro_f1": 0.47583485129569136,
 "eval_micro_f1": 0.9426379247351114,
 "eval_weighted_f1": 0.945370829629837,
 "eval_macro_precision": 0.4824943179864961,
 "eval_macro_recall": 0.5278332334756789,
 "eval_f1_safe": 0.9820306051177853,
 "eval_f1_CWE-20": 0.5721153846153846,
 "eval_f1_CWE-22": 0.5,
 "eval_f1_CWE-78": 0.0,
 "eval_f1_CWE-79": 0.5932203389830508,
 "eval_f1_CWE-89": 0.7916666666666666,
 "eval_f1_CWE-94": 0.7068273092369478,
 "eval_f1_CWE-119": 0.7054610564010743,
 "eval_f1_CWE-125": 0.5844748858447488,
 "eval_f1_CWE-190": 0.7704918032786885,
 "eval_f1_CWE-200": 0.7046632124352331,
 "eval_f1_CWE-264": 0.697986577181208,
 "eval_f1_CWE-269": 0.0,
 "eval_f1_CWE-276": 0.0,
 "eval_f1_CWE-284": 0.5128205128205128,
 "eval_f1_CWE-287": 0.25,
 "eval_f1_CWE-310": 0.5,
 "eval_f1_CWE-327": 0.0,
 "eval_f1_CWE-330": 0.5,
 "eval_f1_CWE-352": 0.0,
 "eval_f1_CWE-362": 0.7010309278350515,
 "eval_f1_CWE-399": 0.6783625730994152,
 "eval_f1_CWE-401": 0.5909090909090909,
 "eval_f1_CWE-416": 0.48484848484848486,
 "eval_f1_CWE-434": 0.0,
 "eval_f1_CWE-476": 0.5483870967741935,
 "eval_f1_CWE-502": 0.9,
 "eval_f1_CWE-601": 0.8571428571428571,
 "eval_f1_CWE-787": 0.47558386411889597,
 "eval_f1_CWE-798": 0.14285714285714285,
 "eval_f1_CWE-918": 0.0
 },
 "per_class_metrics": {
 "safe": {
 "f1": 0.9820306051177853,
 "precision": 0.976204001767342,
 "recall": 0.9879271798147556,
 "threshold": 0.5750000000000002,
 "support": 15655
 },
 "CWE-20": {
 "f1": 0.5721153846153846,
 "precision": 0.7,
 "recall": 0.483739837398374,
 "threshold": 0.8750000000000003,
 "support": 246
 },
 "CWE-22": {
 "f1": 0.5,
 "precision": 1.0,
 "recall": 0.3333333333333333,
 "threshold": 0.7750000000000002,
 "support": 6
 },
 "CWE-78": {
 "f1": 0.0,
 "precision": 0.0,
 "recall": 0.0,
 "threshold": 0.7500000000000002,
 "support": 7
 },
 "CWE-79": {
 "f1": 0.5932203389830508,
 "precision": 0.4861111111111111,
 "recall": 0.7608695652173914,
 "threshold": 0.5750000000000002,
 "support": 46
 },
 "CWE-89": {
 "f1": 0.7916666666666666,
 "precision": 0.6846846846846847,
 "recall": 0.9382716049382716,
 "threshold": 0.5250000000000001,
 "support": 81
 },
 "CWE-94": {
 "f1": 0.7068273092369478,
 "precision": 0.676923076923077,
 "recall": 0.7394957983193278,
 "threshold": 0.7750000000000002,
 "support": 119
 },
 "CWE-119": {
 "f1": 0.7054610564010743,
 "precision": 0.6127527216174183,
 "recall": 0.8312236286919831,
 "threshold": 0.6000000000000002,
 "support": 474
 },
 "CWE-125": {
 "f1": 0.5844748858447488,
 "precision": 0.5245901639344263,
 "recall": 0.6597938144329897,
 "threshold": 0.7000000000000003,
 "support": 97
 },
 "CWE-190": {
 "f1": 0.7704918032786885,
 "precision": 0.9038461538461539,
 "recall": 0.6714285714285714,
 "threshold": 0.8750000000000003,
 "support": 70
 },
 "CWE-200": {
 "f1": 0.7046632124352331,
 "precision": 0.6938775510204082,
 "recall": 0.7157894736842105,
 "threshold": 0.7500000000000002,
 "support": 95
 },
 "CWE-264": {
 "f1": 0.697986577181208,
 "precision": 0.7027027027027027,
 "recall": 0.6933333333333334,
 "threshold": 0.8250000000000003,
 "support": 75
 },
 "CWE-269": {
 "f1": 0.0,
 "precision": 0.0,
 "recall": 0.0,
 "threshold": 0.5500000000000003,
 "support": 2
 },
 "CWE-276": {
 "f1": 0.0,
 "precision": 0.0,
 "recall": 0.0,
 "threshold": 0.5,
 "support": 0
 },
 "CWE-284": {
 "f1": 0.5128205128205128,
 "precision": 0.43478260869565216,
 "recall": 0.625,
 "threshold": 0.6000000000000002,
 "support": 16
 },
 "CWE-287": {
 "f1": 0.25,
 "precision": 0.25,
 "recall": 0.25,
 "threshold": 0.4250000000000001,
 "support": 4
 },
 "CWE-310": {
 "f1": 0.5,
 "precision": 0.7142857142857143,
 "recall": 0.38461538461538464,
 "threshold": 0.8000000000000003,
 "support": 13
 },
 "CWE-327": {
 "f1": 0.0,
 "precision": 0.0,
 "recall": 0.0,
 "threshold": 0.5,
 "support": 2
 },
 "CWE-330": {
 "f1": 0.5,
 "precision": 0.6,
 "recall": 0.42857142857142855,
 "threshold": 0.7250000000000003,
 "support": 7
 },
 "CWE-352": {
 "f1": 0.0,
 "precision": 0.0,
 "recall": 0.0,
 "threshold": 0.5,
 "support": 1
 },
 "CWE-362": {
 "f1": 0.7010309278350515,
 "precision": 0.6538461538461539,
 "recall": 0.7555555555555555,
 "threshold": 0.6250000000000002,
 "support": 45
 },
 "CWE-399": {
 "f1": 0.6783625730994152,
 "precision": 0.7837837837837838,
 "recall": 0.5979381443298969,
 "threshold": 0.9250000000000004,
 "support": 97
 },
 "CWE-401": {
 "f1": 0.5909090909090909,
 "precision": 0.4482758620689655,
 "recall": 0.8666666666666667,
 "threshold": 0.4250000000000001,
 "support": 15
 },
 "CWE-416": {
 "f1": 0.48484848484848486,
 "precision": 0.4266666666666667,
 "recall": 0.5614035087719298,
 "threshold": 0.6000000000000002,
 "support": 57
 },
 "CWE-434": {
 "f1": 0.0,
 "precision": 0.0,
 "recall": 0.0,
 "threshold": 0.3000000000000001,
 "support": 0
 },
 "CWE-476": {
 "f1": 0.5483870967741935,
 "precision": 0.5862068965517241,
 "recall": 0.5151515151515151,
 "threshold": 0.8000000000000003,
 "support": 99
 },
 "CWE-502": {
 "f1": 0.9,
 "precision": 0.9,
 "recall": 0.9,
 "threshold": 0.8750000000000003,
 "support": 40
 },
 "CWE-601": {
 "f1": 0.8571428571428571,
 "precision": 0.75,
 "recall": 1.0,
 "threshold": 0.47500000000000014,
 "support": 3
 },
 "CWE-787": {
 "f1": 0.47558386411889597,
 "precision": 0.3708609271523179,
 "recall": 0.6627218934911243,
 "threshold": 0.6000000000000002,
 "support": 169
 },
 "CWE-798": {
 "f1": 0.14285714285714285,
 "precision": 0.07692307692307693,
 "recall": 1.0,
 "threshold": 0.25000000000000006,
 "support": 1
 },
 "CWE-918": {
 "f1": 0.0,
 "precision": 0.0,
 "recall": 0.0,
 "threshold": 0.5,
 "support": 0
 }
 },
 "classification_report": " precision recall f1-score support\n\n safe 0.9762 0.9879 0.9820 15655\n CWE-20 0.7000 0.4837 0.5721 246\n CWE-22 1.0000 0.3333 0.5000 6\n CWE-78 0.0000 0.0000 0.0000 7\n CWE-79 0.4861 0.7609 0.5932 46\n CWE-89 0.6847 0.9383 0.7917 81\n CWE-94 0.6769 0.7395 0.7068 119\n CWE-119 0.6128 0.8312 0.7055 474\n CWE-125 0.5246 0.6598 0.5845 97\n CWE-190 0.9038 0.6714 0.7705 70\n CWE-200 0.6939 0.7158 0.7047 95\n CWE-264 0.7027 0.6933 0.6980 75\n CWE-269 0.0000 0.0000 0.0000 2\n CWE-276 0.0000 0.0000 0.0000 0\n CWE-284 0.4348 0.6250 0.5128 16\n CWE-287 0.2500 0.2500 0.2500 4\n CWE-310 0.7143 0.3846 0.5000 13\n CWE-327 0.0000 0.0000 0.0000 2\n CWE-330 0.6000 0.4286 0.5000 7\n CWE-352 0.0000 0.0000 0.0000 1\n CWE-362 0.6538 0.7556 0.7010 45\n CWE-399 0.7838 0.5979 0.6784 97\n CWE-401 0.4483 0.8667 0.5909 15\n CWE-416 0.4267 0.5614 0.4848 57\n CWE-434 0.0000 0.0000 0.0000 0\n CWE-476 0.5862 0.5152 0.5484 99\n CWE-502 0.9000 0.9000 0.9000 40\n CWE-601 0.7500 1.0000 0.8571 3\n CWE-787 0.3709 0.6627 0.4756 169\n CWE-798 0.0769 1.0000 0.1429 1\n CWE-918 0.0000 0.0000 0.0000 0\n\n micro avg 0.9297 0.9560 0.9426 17542\n macro avg 0.4825 0.5278 0.4758 17542\nweighted avg 0.9383 0.9560 0.9454 17542\n samples avg 0.9437 0.9560 0.9477 17542\n",
 "improvements": [
 "GraphCodeBERT-base (125M, 12 layers) vs CodeBERTa-small (83M, 6 layers)",
 "Asymmetric Loss (ASL) gamma_neg=4, gamma_pos=0, clip=0.05",
 "Two-phase training: 4 epochs frozen + up to 9 epochs full fine-tune",
 "Per-class threshold optimization on validation set",
 "Temperature scaling calibration (T=0.6163)",
 "Classification head bias initialization for imbalanced classes"
 ],
 "baseline_comparison": {
 "baseline_macro_f1": 0.1157,
 "new_macro_f1": 0.47583485129569136,
 "improvement_pct": 311.2660771786442
 }
}