Hugging Face Overview
LLMxCPG-Q Model Overview
LLMxCPG-Q is a 32.8 billion parameter specialized Large Language Model developed by QCRI, fine-tuned from the Qwen2.5-Coder-32B-Instruct architecture. Its primary purpose is to enhance vulnerability analysis by generating precise CPGQL queries for the Joern static analysis tool. This model represents the initial phase of the broader LLMxCPG framework, which integrates Code Property Graphs (CPG) with Large Language Models for robust security assessments.
Key Capabilities
- Vulnerability Query Generation: Takes a code snippet and outputs valid CPGQL queries.
- Targeted Code Slicing: Enables Joern to traverse Code Property Graphs and extract concise, vulnerability-focused code slices.
- Overcomes CPGQL Limitations: Addresses the low-resource nature of the CPGQL language by automating query generation.
- Execution Path Identification: Specifically trained to identify execution paths relevant to potential vulnerabilities in source code.
Good For
- Automated Vulnerability Detection: Ideal for security researchers and developers looking to automate parts of their vulnerability analysis workflow.
- Static Code Analysis: Enhances the capabilities of the Joern static analysis tool by providing intelligent query generation.
- Focused Program Analysis: Useful for pinpointing specific, vulnerability-relevant sections of large codebases efficiently.