SYSTEM AND METHOD FOR ANALYZING MALICIOUS CODE USING A STATIC ANALYZER
First Claim
1. A system for analyzing computer code comprising:
- a client device generating a data request for retrieving data from a non-trusted entity via a network; and
a gateway communicatively coupled to the client device and to the network, the gateway configured to receive computer code from the non-trusted entity via the network, build a tree representing the computer code, a node of the tree having a statement from the computer code, analyze the statement to identify symbol data describing a variable, the symbol data describing a name of the variable and a value of the variable, and store the symbol data in a symbol table.
7 Assignments
0 Petitions
Accused Products
Abstract
Analyzing computer code using a tree is described. For example, a client device generates a data request for retrieving data from a non-trusted entity via a network. A gateway is communicatively coupled to the client device and to the network. The gateway is configured to receive computer code from the non-trusted entity via the network. The gateway builds a tree representing the computer code. The tree has one or more nodes. A node of the tree represents a statement from the computer code. The gateway analyzes the statement to identify symbol data. The symbol data describes a name of the variable and the value of the variable. The gateway stores the symbol data in a symbol table.
-
Citations
24 Claims
-
1. A system for analyzing computer code comprising:
-
a client device generating a data request for retrieving data from a non-trusted entity via a network; and a gateway communicatively coupled to the client device and to the network, the gateway configured to receive computer code from the non-trusted entity via the network, build a tree representing the computer code, a node of the tree having a statement from the computer code, analyze the statement to identify symbol data describing a variable, the symbol data describing a name of the variable and a value of the variable, and store the symbol data in a symbol table. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method for analyzing computer code comprising:
-
receiving computer code from a non-trusted entity via a network; building a tree representing the computer code, a node of the tree having a statement from the computer code; walking to the node of the tree and analyzing the statement to identify symbol data describing a variable, the symbol data describing a name of the variable and a value of the variable; and storing the symbol data in a symbol table. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product comprising a computer usable storage medium including a computer readable program, the computer readable program when executed by a processor causes the processor to:
-
build a tree representing computer code, a node of the tree having a statement from the computer code; walk to the node of the tree and analyze the statement to identify symbol data describing a variable, the symbol data describing a name of the variable and a value of the variable; and store the symbol data in a symbol table. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification