Methods, systems, and apparatus, including computer programs encoded on computer storage media, for automatically classifying static analysis rules as being anomalous or not. One of the methods includes receiving alerts generated by a particular static analysis rule for a plurality of different software projects analyzed by a static analysis system. For each project, a respective alert proportion metric value is computed. Each of the plurality of different software projects is classified according to the alert proportion metric values as being one non-outlier projects or outlier projects. If more than a threshold number of projects were classified as being outlier projects for the particular static analysis rule, the particular static analysis rule is classified as an anomalous static analysis rule.

A method, a system, and a computer program product for training a model for automatically evaluating a generated vulnerability remediation in a source code of an application are provided. The method includes the following steps. Training input data is obtained, where the training input data includes input features, and each of the input features includes a training vulnerability and a training remediation of the training vulnerability. Training output data is obtained, where the training output data includes output predictions, and each of the output predictions includes a training validation associated with the training vulnerability and the training remediation of the corresponding input feature. The model is trained based on the training input data and the training output data.

A method, an apparatus, and a storage medium for detecting vulnerabilities in software to protect a computer system from security and compliance breaches are provided. The method includes providing a ruleset code declaring programming interfaces of a target framework and including rules that define an admissible execution context when invoking the programming interfaces, providing a source code to be scanned for vulnerabilities; compiling the source code into a first execution code having additional instructions inserted to facilitate tracking of an actual execution context of the source code, compiling the ruleset code into a second execution code that can be executed together with the first execution code, executing the first execution code within an virtual machine and passing calls of the programming interfaces to the second execution code, and detecting a software vulnerability when the actual execution context disagrees with the admissible execution context.

A program analysis unit of a browser emulator manager exhaustively searches a code by performing syntax analysis of a code included in web content to search a transfer code to another site or a content acquisition code, and specifies at least any of an object and a function and a property of the object used in the code found as a result of the search. Further, the program analysis unit extracts a code having a dependence relationship with the transfer code or the content acquisition code based on at least any of the object and the function and the property of the object thus specified.

An interface definition language compiler can be designed to generate different versions of stubs or library files from a same IDL source code. A developer can maintain a single IDL file with code for various versions by using version directives. As part of front end compiling, the IDL compiler will determine which sections of IDL code are compatible with a specified version and compile those determined sections of IDL code. When performing semantic analysis, the IDL compiler will determine whether changes across versions create semantic issues that can be resolved in the target program language by the backend of the compiler. For those changes that cannot be resolved in the target program language, the IDL compiler can generate error notifications.

The present invention relates to a source code analysis device, a computer program for the same, and a recording medium thereof. Disclosed is a source code analysis device including: a source code analysis module including: a syntax analysis unit for extracting and refining information required for analysis; a defect detection unit for detecting defect information; a correction example generation unit for generating correction example information or notice information or both; and an analysis result transmission unit for constructing synthesized analysis result information and transmitting the constructed information to an analysis result output module, and the analysis result output module including: a defect output unit for extracting and outputting the defect information from the synthesized analysis result information, and a correction example output unit for extracting and outputting the correction example information and or notice information or both from the synthesized analysis result information.

The present invention concerns a method for verifying traceability of first code instructions in a procedural programming language generated from second code instructions in a modelling language, characterised in that it comprises the implementation, by a piece of equipment (1), of steps of: (a) Syntactic analysis: o of the first instructions so as to generate an AST, and o of the second instructions so as to generate an MDT; (b) Semantic analysis: o Of the AST so as to identify patterns representative of basic functional blocks of the first instructions; o Of the MDT so as to identify characteristic properties of basic functional blocks of the second instructions; (c) Matching, pairwise, the identified basic functional blocks, and confirming the traceability of first code instructions only if: o for each block of the first instructions, there is a functionally equivalent block in the second instructions, and o for each block of the second instructions, there is a functionally equivalent block in the first instructions.

The described technology is generally directed towards secure collaborative processing of private inputs. A secure execution engine can process encrypted data contributed by multiple parties, without revealing the encrypted data to any of the parties. The encrypted data can be processed according to any program written in a high-level programming language, while the secure execution engine handles cryptographic processing.

The amount of speed-up that can be obtained by optimizing the program to run on a different architecture is determined by static measurements of the program. Multiple such static measurements are processed by a machine learning system after being discretized to alter their accuracy vs precision. Static analysis requires less analysis overhead and permits analysis of program portions to optimize allocation of porting resources on a large program.

One embodiment of the present invention provides a system that facilitates identifying objects rendered on a graphic user interface (GUI) in a non-markup-language-presented software application. During operation, the system receives a non-markup-language-presented application at a computer. The system first selects a set of attributes that uniquely distinguish a target GUI object. The system then identifies a set of target GUI objects in the application, wherein a respective GUI object is not represented in a markup language in the received application. Next, the system represents the target GUI objects in the application with a markup-language-based structure, wherein each target GUI object is associated with a corresponding markup-language node in the structure.