Detecting parameter validity in code including cross-service calls
First Claim
1. A system to analyze code executable on an on-demand code execution system to detect potentially invalid parameters passed to an invoked service, the system comprising:
- a physical data store storing executable code submitted to the on-demand code execution system by a user device, the executable code including an invocation of a first network-accessible service;
a computing device in communication with the physical data store and configured to;
obtain the executable code;
identify, independent of execution of the executable code, the invocation within the executable code of the first network-accessible service, wherein the invocation of the first service includes a parameter to be passed to the first network-accessible service;
determine an expected output of the first network-accessible service, the expected output including an invocation of one or more second network-accessible services not referenced within the executable code and an expected parameter to be passed to the one or more second network-accessible services;
obtain parameter evaluation criteria for the one or more second network-accessible services;
compare the expected parameter to the parameter evaluation criteria to determine that the expected parameter does not satisfy the parameter evaluation criteria; and
transmit an indication that the expected parameter does not satisfy the parameter evaluation criteria.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are described for conducting static analysis of code invoking network-based services to identify, without requiring execution of the code, errors that may be introduced due to the invocations of the network-based services. A system is provided that may analyze code to detect both direct invocations of services, as well as indirect invocations caused by the direct invocations. The system can model inputs and outputs of directly or indirectly invoked services to identify errors in parameters passed to those services, even when the errors are not apparent from an analysis of the code in isolation. In some instances, the system can traverse a “call graph” of all services invoked by code either directly or indirectly to trace parameter errors through multiple levels of indirection.
-
Citations
20 Claims
-
1. A system to analyze code executable on an on-demand code execution system to detect potentially invalid parameters passed to an invoked service, the system comprising:
-
a physical data store storing executable code submitted to the on-demand code execution system by a user device, the executable code including an invocation of a first network-accessible service; a computing device in communication with the physical data store and configured to; obtain the executable code; identify, independent of execution of the executable code, the invocation within the executable code of the first network-accessible service, wherein the invocation of the first service includes a parameter to be passed to the first network-accessible service; determine an expected output of the first network-accessible service, the expected output including an invocation of one or more second network-accessible services not referenced within the executable code and an expected parameter to be passed to the one or more second network-accessible services; obtain parameter evaluation criteria for the one or more second network-accessible services; compare the expected parameter to the parameter evaluation criteria to determine that the expected parameter does not satisfy the parameter evaluation criteria; and transmit an indication that the expected parameter does not satisfy the parameter evaluation criteria. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method comprising:
-
obtaining executable code from a user device; identifying, independent of execution of the executable code, an invocation within the executable code of a first network-accessible service and a parameter to be passed to the first network-accessible service; determining that an expected output of the first network-accessible service corresponds to an invocation of one or more second network-accessible services; determining an expected parameter to be passed to the one or more second network-accessible services; obtaining parameter evaluation criteria for the one or more second network-accessible services; comparing the expected parameter to the parameter evaluation criteria to determine that the expected parameter does not satisfy the parameter evaluation criteria; and transmitting an indication that the expected parameter does not satisfy the parameter evaluation criteria. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. Non-transitory computer-readable media comprising executable instructions that, when executed on a computing system, cause the computing system to:
-
obtain executable code from a user device; identify, independent of execution of the executable code, an invocation within the executable code of a first network-accessible service and a parameter to be passed to the first network-accessible service; determine an expected output of the first network-accessible service, the expected output including an invocation of one or more second network-accessible services and an expected parameter to be passed to the one or more second network-accessible services; obtain parameter evaluation criteria for the one or more second network-accessible services; compare the expected parameter to the parameter evaluation criteria to determine that the expected parameter does not satisfy the parameter evaluation criteria; and transmit an indication that the expected parameter does not satisfy the parameter evaluation criteria. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification