We observed behavior in which, for some inputs, the lexical search failing to retrieve relevant documents ( sometimes no documents at all) since the function name or package name is not exactly the same:
Sometimes the context contains a similar word, not the exact word of function or package
In other cases, the word from context is with a wildcard(*) suffix, as there several options for exploitability.
Another thing we encountered, is that it search for a package name together with a function ( e.g. package.function) , and it expects to find it as is, while in many times , you need to separate the function/method from the package, as it can be qualified by a class name/instance name/alias name or just alone .
Example CVE that we saw the issue in : CVE-2022-21698
the tool got promhttp.InstrumentHandler while we expected to find a function that its name starts with InstrumentHandler and it was under promhttp package
We observed behavior in which, for some inputs, the lexical search failing to retrieve relevant documents ( sometimes no documents at all) since the function name or package name is not exactly the same:
Sometimes the context contains a similar word, not the exact word of function or package
In other cases, the word from context is with a wildcard(*) suffix, as there several options for exploitability.
Another thing we encountered, is that it search for a package name together with a function ( e.g. package.function) , and it expects to find it as is, while in many times , you need to separate the function/method from the package, as it can be qualified by a class name/instance name/alias name or just alone .
Example CVE that we saw the issue in : CVE-2022-21698
the tool got
promhttp.InstrumentHandlerwhile we expected to find a function that its name starts withInstrumentHandlerand it was underpromhttppackage