Exploiting software compiler outputs for release-independent remote code vulnerability analysis
First Claim
Patent Images
1. A computer-implemented method, comprising:
- coupling a central check system (CCS) to a remote software system (RSS);
fetching data from the RSS, the data being software code derivatives generated from a software program by a software compiler on the RSS with a version different than a version of the same software compiler associated with the CCS, wherein the software compiler on the RSS is used to ensure the syntactic correctness of the software program on the RSS and to generate the software code derivatives on the RSS prior to transmission to the CCS;
performing static software testing of the software program on the CCS using the fetched data and a data flow graph constructed from the fetched data and including an application programming interface used to traverse the data flow graph; and
providing test results based on the static software testing in a required format.
1 Assignment
0 Petitions
Accused Products
Abstract
A central check system (CCS) is coupled to a remote software system (RSS). Data is fetched from the RSS, the data being software code derivatives generated by a software compiler on the RSS with a version different than a version of the software program associated with the CCS. Static software testing is performed of the software program on the CCS using the fetched data and test results provided in a required format.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
coupling a central check system (CCS) to a remote software system (RSS); fetching data from the RSS, the data being software code derivatives generated from a software program by a software compiler on the RSS with a version different than a version of the same software compiler associated with the CCS, wherein the software compiler on the RSS is used to ensure the syntactic correctness of the software program on the RSS and to generate the software code derivatives on the RSS prior to transmission to the CCS; performing static software testing of the software program on the CCS using the fetched data and a data flow graph constructed from the fetched data and including an application programming interface used to traverse the data flow graph; and providing test results based on the static software testing in a required format. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory, computer-readable medium storing computer-readable instructions, the instructions executable by a computer and configured to:
-
couple a central check system (CCS) to a remote software system (RSS); fetch data from the RSS, the data being software code derivatives generated from a software program by a software compiler on the RSS with a version different than a version of the same software compiler associated with the CCS, wherein the software compiler on the RSS is used to ensure the syntactic correctness of the software program on the RSS and to generate the software code derivatives on the RSS prior to transmission to the CCS; perform static software testing of the software program on the CCS using the fetched data and a data flow graph constructed from the fetched data and including an application programming interface used to traverse the data flow graph; and provide test results based on the static software testing in a required format. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system, comprising:
-
a memory; at least one hardware processor interoperably coupled with the memory and configured to; couple a central check system (CCS) to a remote software system (RSS); fetch data from the RSS, the data being software code derivatives generated from a software program by a software compiler on the RSS with a version different than a version of the same software compiler associated with the CCS, wherein the software compiler on the RSS is used to ensure the syntactic correctness of the software program on the RSS and to generate the software code derivatives on the RSS prior to transmission to the CCS; perform static software testing of the software program on the CCS using the fetched data and a data flow graph constructed from the fetched data and including an application programming interface used to traverse the data flow graph; and provide test results based on the static software testing in a required format. - View Dependent Claims (18, 19, 20)
-
Specification