System and method for improving coverage for web code
First Claim
1. A computer-implemented method, the method comprising:
- locating conditional statements in the web code received in web content;
identifying an if-then-else construct in a first conditional statement of the conditional statements;
rewriting the first conditional statement into a corresponding first unconditional statement by rewriting a then-block of the if-then-else construct into a first context-recovery block and rewriting an else-block of the if-then-else construct into a second context-recovery block to generate a modified version of the web code; and
performing dynamic analysis on the modified version of the web code by executing the first unconditional statement to analyze a corresponding branch of the first conditional statement to detect malicious code in the web code.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method for improving code coverage for web code that is analyzed for security purposes by dynamic code execution are described. A controller receives information, routes the information to the appropriate engine, analyzer or module and provides the functionality for improving code coverage for code analyzed for security purposes. A code rewrite engine rewrites code in such a way that all branches and stray functions will be executed. A dynamic analyzer performs dynamic analysis on web content to detect malicious code. Additionally, a static analyzer performs static analysis on web content. The static analyzer scans web content and detects a style of coding, a style of obfuscation of the code or patterns in the code.
-
Citations
19 Claims
-
1. A computer-implemented method, the method comprising:
-
locating conditional statements in the web code received in web content; identifying an if-then-else construct in a first conditional statement of the conditional statements; rewriting the first conditional statement into a corresponding first unconditional statement by rewriting a then-block of the if-then-else construct into a first context-recovery block and rewriting an else-block of the if-then-else construct into a second context-recovery block to generate a modified version of the web code; and performing dynamic analysis on the modified version of the web code by executing the first unconditional statement to analyze a corresponding branch of the first conditional statement to detect malicious code in the web code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 17)
-
-
10. A system comprising:
-
a scan engine to locate conditional statements in web code received in web content and to identify a first conditional statement in the conditional statements in the web code by identifying a corresponding if-then-else construct in the web code; a code rewrite engine to generate a modified version of the web code by rewriting the first conditional statement into a corresponding first unconditional statement by rewriting a then-block of the if-then-else construct into a first context-recovery block and rewriting an else-block of the if-then else construct into a second context-recovery block; and a dynamic analyzer to perform dynamic analysis on the modified vesion of the web code by executing the first unconditional statement to analyze a respective branch of the first conditional statement to detect malicious code in the web code. - View Dependent Claims (11, 12, 13, 18)
-
-
14. A tangible computer readable storage disc or storage device comprising instructions that, when executed, cause a machine to at least:
-
locate a conditional statements in the web code received in web content; identify an if-then-else construct in a first conditional statement of the conditional statement; rewrite (1) a then-block of the if-then-else construct into a first context-recovery block and (2) an else-block of the if-then else construct into a second context-recovery block to generate a modified version of the web code; and perform dynamic analysis on the modified version of the web code by executing the first unconditional statement to analyze a corresponding branch of the first conditional statement to detect malicious code in the web code. - View Dependent Claims (15, 16, 19)
-
Specification