Exploiting software compiler outputs for release-independent remote code vulnerability analysis

US 9,569,335 B1
Filed: 10/07/2015
Issued: 02/14/2017
Est. Priority Date: 10/07/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

coupling a central check system (CCS) to a remote software system (RSS);

fetching data from the RSS, the data being software code derivatives generated from a software program by a software compiler on the RSS with a version different than a version of the same software compiler associated with the CCS, wherein the software compiler on the RSS is used to ensure the syntactic correctness of the software program on the RSS and to generate the software code derivatives on the RSS prior to transmission to the CCS;

performing static software testing of the software program on the CCS using the fetched data and a data flow graph constructed from the fetched data and including an application programming interface used to traverse the data flow graph; and

providing test results based on the static software testing in a required format.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A central check system (CCS) is coupled to a remote software system (RSS). Data is fetched from the RSS, the data being software code derivatives generated by a software compiler on the RSS with a version different than a version of the software program associated with the CCS. Static software testing is performed of the software program on the CCS using the fetched data and test results provided in a required format.

Citations

20 Claims

1. A computer-implemented method, comprising:
- coupling a central check system (CCS) to a remote software system (RSS);
  
  fetching data from the RSS, the data being software code derivatives generated from a software program by a software compiler on the RSS with a version different than a version of the same software compiler associated with the CCS, wherein the software compiler on the RSS is used to ensure the syntactic correctness of the software program on the RSS and to generate the software code derivatives on the RSS prior to transmission to the CCS;
  
  performing static software testing of the software program on the CCS using the fetched data and a data flow graph constructed from the fetched data and including an application programming interface used to traverse the data flow graph; and
  
  providing test results based on the static software testing in a required format.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the software compiler version on the RSS is earlier than the software compiler version associated with the CCS.
  - 3. The method of claim 1, wherein the software code derivatives represent an abstract description of the software program.
  - 4. The method of claim 3, wherein the software code derivatives include one or more of a list of statements occurring in the software program, a list of symbols occurring in the software program, a list of tokens, a list of enhancements, and data descripting the structure of the software program.
  - 5. The method of claim 3, wherein the software code derivatives are generated based on the software language used to construct the software program and metadata of development objects used in the software program.
  - 6. The method of claim 1, wherein the RSS interfaces with the CCS using a server add-on.
  - 7. The method of claim 1, wherein software code derivatives are used for testing of the software program on the CCS to avoid incompatibilities between compiled software program byte code associated with the version of the software program on the RSS and the software compiler version of the CCS.
  - 8. The method of claim 1, comprising, while fetching the software code derivatives, requesting, on-demand, additional metadata related to the fetched software code derivatives.

9. A non-transitory, computer-readable medium storing computer-readable instructions, the instructions executable by a computer and configured to:
- couple a central check system (CCS) to a remote software system (RSS);
  
  fetch data from the RSS, the data being software code derivatives generated from a software program by a software compiler on the RSS with a version different than a version of the same software compiler associated with the CCS, wherein the software compiler on the RSS is used to ensure the syntactic correctness of the software program on the RSS and to generate the software code derivatives on the RSS prior to transmission to the CCS;
  
  perform static software testing of the software program on the CCS using the fetched data and a data flow graph constructed from the fetched data and including an application programming interface used to traverse the data flow graph; and
  
  provide test results based on the static software testing in a required format.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The non-transitory, computer-readable medium of claim 9, wherein the software compiler version on the RSS is earlier than the software compiler version associated with the CCS.
  - 11. The non-transitory, computer-readable medium of claim 9, wherein the software code derivatives represent an abstract description of the software program.
  - 12. The non-transitory, computer-readable medium of claim 11, wherein the software code derivatives include one or more of a list of statements occurring in the software program, a list of symbols occurring in the software program, a list of tokens, a list of enhancements, and data descripting the structure of the software program.
  - 13. The non-transitory, computer-readable medium of claim 11, wherein the software code derivatives are generated based on the software language used to construct the software program and metadata of development objects used in the software program.
  - 14. The non-transitory, computer-readable medium of claim 9, wherein the RSS interfaces with the CCS using a server add-on.
  - 15. The non-transitory, computer-readable medium of claim 9, wherein software code derivatives are used for testing of the software program on the CCS to avoid incompatibilities between compiled software program byte code associated with the version of the software program on the RSS and the software compiler version of the CCS.
  - 16. The non-transitory, computer-readable medium of claim 9, comprising instructions to, while fetching the software code derivatives, request, on-demand, additional metadata related to the fetched software code derivatives.

17. A system, comprising:
- a memory;
  
  at least one hardware processor interoperably coupled with the memory and configured to;
  
  couple a central check system (CCS) to a remote software system (RSS);
  
  fetch data from the RSS, the data being software code derivatives generated from a software program by a software compiler on the RSS with a version different than a version of the same software compiler associated with the CCS, wherein the software compiler on the RSS is used to ensure the syntactic correctness of the software program on the RSS and to generate the software code derivatives on the RSS prior to transmission to the CCS;
  
  perform static software testing of the software program on the CCS using the fetched data and a data flow graph constructed from the fetched data and including an application programming interface used to traverse the data flow graph; and
  
  provide test results based on the static software testing in a required format.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the software code derivatives represent an abstract description of the software program, wherein the software code derivatives include one or more of a list of statements occurring in the software program, a list of symbols occurring in the software program, a list of tokens, a list of enhancements, and data descripting the structure of the software program, wherein the software code derivatives are generated based on the software language used to construct the software program and metadata of development objects used in the software program, and wherein the software code derivatives are used for testing of the software program on the CCS to avoid incompatibilities between compiled software program byte code associated with the version of the software compiler on the RSS and the software compiler version of the CCS.
  - 19. The system of claim 17, wherein the RSS interfaces with the CCS using a server add-on, and wherein the software compiler version on the RSS is earlier than the software compiler version associated with the CCS.
  - 20. The system of claim 17, comprising instructions to, while fetching the software code derivatives, request, on-demand, additional metadata related to the fetched software code derivatives.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Boehm, Thilo, Lehmann, Juergen, Thuemmel, Wolf Hagen, Dunz, Thorsten Marcus
Primary Examiner(s)
Zhen, Wei
Assistant Examiner(s)
Duncan, Timothy

Application Number

US14/877,522
Time in Patent Office

496 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 11/3604   Software analysis for verif...

G06F 11/368   for test version control, e...

G06F 11/3692   for test results analysis

G06F 21/00   Security arrangements for p...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

Exploiting software compiler outputs for release-independent remote code vulnerability analysis

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Exploiting software compiler outputs for release-independent remote code vulnerability analysis

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links