Source code repair method for malicious code detection

US 7,640,587 B2
Filed: 03/29/2005
Issued: 12/29/2009
Est. Priority Date: 03/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method, in a data processing system, for repairing infected source code prior to performing a code build, the infected source code including a first component and other components containing dependencies to the first component, the method comprising:

detecting, by a processor, a virus pattern in the first component of the infected source code;

responsive to the detecting of the virus pattern, identifying the other components in the source code containing the dependencies to the first component;

only retracting the first component and the identified other components from a current code build;

replacing the first component and the identified other components with a prior version of the first component and prior versions of the identified other components from an archive of a previous code build; and

performing the current code build of the source code using the prior version of the first component and the prior versions of the identified other components, whereinthe identifying step is based on rules defined from relationships between the first component and the other components in the source code.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A repair mechanism within a code management library system for repairing build code that is infected with malicious code. When a virus pattern is detected in a component of a source code, other components in the source code containing dependencies upon the first component are identified. This identification may be based on rules defined from relationships between the infected component and the other components in the source code. The component and the other components that are identified as having dependencies upon the infected component are retracted from the software product build. The infected component and the other identified components are then replaced with a previous archive of the code build. The software product build of the source code may then be performed.

113 Citations

17 Claims

1. A method, in a data processing system, for repairing infected source code prior to performing a code build, the infected source code including a first component and other components containing dependencies to the first component, the method comprising:
- detecting, by a processor, a virus pattern in the first component of the infected source code;
  
  responsive to the detecting of the virus pattern, identifying the other components in the source code containing the dependencies to the first component;
  
  only retracting the first component and the identified other components from a current code build;
  
  replacing the first component and the identified other components with a prior version of the first component and prior versions of the identified other components from an archive of a previous code build; and
  
  performing the current code build of the source code using the prior version of the first component and the prior versions of the identified other components, whereinthe identifying step is based on rules defined from relationships between the first component and the other components in the source code.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the replacing step includes accessing a configuration management tool to obtain the archives of the previous code build.
  - 3. The method of claim 2, wherein the configuration management tool is Configuration Management Version Control.
  - 4. The method of claim 2, wherein the configuration management tool retains versions of individual files and software product releases.
  - 5. The method of claim 1, wherein the replacing step includes one of replacing only the first component and the identified other components with an archive of corresponding components in a previous code build and replacing the entire current code build with an archive of a previous code build.
  - 6. The method of claim 1, wherein the retracting step is performed regardless of where the first component and the identified other components are located.

7. A data processing computer system for repairing infected source code prior to performing a code build, the infected source code including a first component and other components containing dependencies to the first component comprising:
- code management library system including;
  
  a memory;
  
  a processor;
  
  a detection module for detecting a virus pattern in the first component of the source code;
  
  a identification module for identifying the other components in the source code containing the dependencies to the first component;
  
  a retraction module for only retracting the first component and the identified other components from a current code build;
  
  a replacement module for replacing the first component and the identified other components with a prior version of the first component and prior versions of the identified other components from an archive of a previous code build; and
  
  a build module for performing the current code build of the source code using the prior version of the first component and the prior versions of the identified other components, whereinthe identification module includes rules defined from relationships between the first component and the other components in the source code.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The code management library system of claim 7, wherein the replacement module accesses a configuration management tool to obtain the archives of the previous code build.
  - 9. The code management library system of claim 8, wherein the configuration management tool is Configuration Management Version Control.
  - 10. The code management library system of claim 8, wherein the configuration management tool retains versions of individual files and software product releases.
  - 11. The code management library system of claim 7, wherein the replacing step includes one of replacing only the component and the identified other components with an archive of corresponding components in a previous code build and replacing the entire current code build with an archive of a previous code build.
  - 12. The code management library system of claim 7, wherein retracting means for retracting the first component and the identified other component is performed regardless of where the first component and the identified other component are located.

13. A computer-readable tangible storage medium having stored thereon a computer program for repairing infected source code prior to performing a code build, the infected source code including a first component and other components containing dependencies to the first component, the computer program comprising a routine set of instructions for causing a data processing system to perform the steps of:
- detecting a virus pattern in the first component of the infected source code;
  
  responsive to the detecting of the virus pattern, identifying the other components in the source code containing the dependencies to the first component;
  
  only retracting the first component and the identified other components from a current code build;
  
  replacing the first component and the identified other components with a prior version of the first component and prior versions of the identified other components from an archive of a previous code build; and
  
  performing the current code build of the source code using the prior version of the first component and the prior versions of the identified other components, whereinthe identifying step is based on rules defined from relationships between the first component and the other components in the source code.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer-readable tangible storage medium of claim 13, wherein the replacing step includes accessing a configuration management tool to obtain the archives of the previous code build.
  - 15. The computer-readable tangible storage medium of claim 14, wherein the configuration management tool retains versions of individual files and software product releases.
  - 16. The computer-readable tangible storage medium of claim 13, wherein the replacing step includes one of replacing only the first component and the identified other components with an archive of corresponding components in a previous code build and replacing the entire current code build with an archive of a previous code build.
  - 17. The computer-readable tangible storage medium of claim 13, wherein the retracting step is performed regardless of where the first component and the identified other components are located.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Activision Publishing Incorporated (Microsoft Corporation)
Original Assignee
International Business Machines Corporation
Inventors
Fox, James Edward, Magee, Erich Shannon, Magee, Lisa Hayes
Primary Examiner(s)
Moazzami, Nasser G
Assistant Examiner(s)
Reza, Mohammad W

Application Number

US11/093,476
Publication Number

US 20060230449A1
Time in Patent Office

1,736 Days
Field of Search

726/22, 726/24
US Class Current

726/24
CPC Class Codes

G06F 21/564 by virus signature recognition

Source code repair method for malicious code detection

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

113 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Source code repair method for malicious code detection

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

113 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links