FORM 2
THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See Section 10 and Rule 13)
TITLE OF INVENTION:
"SYSTEM AND METHOD FOR CONFIGURABLE ENTRY POINTS GENERATION AND AIDING VALIDATION IN A SOFTWARE
APPLICATION"
Applicant
TATA Consultancy Services Limited A company Incorporated in India under The Companies Act, 1956
Having address:
Nirmal Building, 9th Floor,
Nariman Point, Mumbai 400021.
Maharashtra. India
The following specification particularly describes the invention and the manner in which it is to be performed.

FIELD OF THE INVENTION
This invention generally relates to a field of software application code analysis. More particularly, the invention relates to an identification and aiding verification of configurable entry points associated with a software application in absence of application knowledge or documentation.
BACKGROUND OF THE INVENTION
Any software application can be written by using several languages. Every programmer while writing application program has his own way to write and implement the program objects. Each one of these languages is open to the several API's and directives. Many a times there are requirements for maintenance or up gradation of bulky source code. Before deploying any code on the production system or before starting to work on the source code, it is imperative to assess the code and understand the entry points for the application source code. Also it is important to review the code from security point of view.
Entry points are the interfacing or entry function which helps to execute the functionality of the said software application. There can be several entry points to the application. These entry points can be called either in sequence or concurrently. Entry points are required for the analysis of certain functionalities of the application and to validate the application exposure. Identification of entry points helps in providing the uniform entry and exit criteria for application.
During security assessment of the software application, entry point identification is essential. Entry points provide information to the application and they hit the database, server, process engine and other components of the application. If these values are not secured then they may open possible vulnerabilities to the application.
To identify the application entry points, it is essential to have application knowledge. In lack of skilled knowledgeable person or the documentation, it is very hard and time consuming process to find out these entry points. Moreover, the entry point's

identification by manual inspection is a time consuming process and it may also result in getting invalid result. In addition, if entry points are identified by finding uncalled functions, then it might result in huge list of functions which needs to be validated again. Validation of uncalled functions is very time consuming and tedious process where it is almost mandatory to study each functionally and extract the required entry point. Also no such technique available which could help in verifying that the entry points which are identified are complete or not.
Large number of solutions has been proposed to address the above listed problems. One of such solution provides a method for statically analyzing the software application based on call graphs and intermediate representations so as to generate analysis results for the software application. In this invention entry points needs to be provided by the user of the invention. However, this invention does not provide any method for identification or verification of entry points.
Another invention discloses computer implemented process for call graph generation. This method receives the source code, identifies the entry point provided by the user and analyzes dependencies in the source code and identifies exclusions in the source code using the analyzed dependencies. However, in this method entry points are provided by the user. Furthermore this invention does not provide any method for identification or verification of entry points.
Therefore in view of what has been proposed in the prior art, no method or system is available to identify the entry points for software application in absence of application knowledge and documentation. Moreover, the verification of obtained entry points is still a challenge.
Therefore, there is need of a system and method which will help the user to identify the entry points for a software application with minimal knowledge of application or in absence of documentation. Also it should provide the result in small time and as per the user requirement. The system and method should also be capable of aiding the validation of entry point functions.

OBJECTIVES OF THE INVENTION
The principle object of the present invention is to provide an integrated and automated means for identification and verification of comprehensive list of entry points.
Another significant object of the invention is to identify and verify comprehensive list of entry points with configurable call length as an initial filter.
Another significant object of the invention is to identify and verify comprehensive list of entry points in absence of or short of application knowledge and/or documentation.
Yet another object of the present invention is visualization of call hierarchy / graph of the entry points.
Yet another object of the present invention is to help the user to validate the entry points.
SUMMARY OF THE INVENTION
The present invention discloses a method for providing identification and verification of one or more configurable entry points associated with a software application. The method comprises steps of accepting an input data with respect to the software application and processing the input in order to obtain a comprehensive list of entry points. The processing of input data further comprises of the steps of generating one or more intermediate representations from the input data in order to construct one or more call graphs for the software application and identifying one or more root parameters for the call graph in order to prepare an informative set of entry points. The processing further comprises of filtering the informative set by using a pre-decided value provided by a user with respect to call graph to construct a desired and comprehensive set of entry points. The method further comprises of displaying the filtered informative set of entry points along with the respective call graph with respect to the software application which will help to validate the set of entry points.

The present invention discloses a system for providing identification and verification of one or more configurable entry points associated with a software application. The system comprises of an input receiving module which accepts input data with respect to software application and a processing unit which obtains a comprehensive list of entry points. The processing unit further comprises of a generator configured to generate one or more intermediate representations from the input data in order to construct one or more call graphs for software application and an identification module configured to identify one or more root parameters for the call graph in order to prepare an informative set of entry points. The processing unit further comprises of a filtration unit configured to filter the informative set of entry points by using a pre-decided value provided by a user with respect to the call graph to construct a desired and comprehensive set of entry points. The system further comprises of a display module configured to display the filtered informative set of entry points along with the respective call graph with respect to software application which will help the user to validate the entry points.
BRIEF DESCRIPTION OF DRAWINGS
Figure 1 illustrates the system architecture in accordance with an embodiment of the invention.
Figure 2 illustrates the flow chart showing the steps involved in generating application entry points in accordance with an embodiment of the invention.
DETAILED DESCRIPTION
Some embodiments of this invention, illustrating its features, will now be discussed:
The words "comprising'1, "having", "containing", and "including", and other forms thereof, are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items.

It must also be noted that as used herein and in the appended claims, the singular forms "a", "an", and "the" include plural references unless the context clearly dictates otherwise. Although any systems, methods, apparatuses, and devices similar or equivalent to those described herein can be used in the practice or testing of embodiments of the present invention, the preferred, systems and parts are now described. In the following description for the purpose of explanation and understanding reference has been made to numerous embodiments for which the intent is not to limit the scope of the invention.
One or more components of the invention are described as module for the understanding of the specification. For example, a module may include self-contained component in a hardware circuit comprising of logical gate, semiconductor device, integrated circuits or any other discrete component. The module may also be a part of any software program executed by any hardware entity for example processor. The implementation of module as a software program may include a set of logical instructions to be executed by the processor or any other hardware entity. Further a module may be incorporated with the set of instructions or a program by means of an interface.
The disclosed embodiments are merely exemplary of the invention, which may be embodied in various forms.
The present invention relates to a method and system for identification and verification of one or more configurable entry points associated with a software application. The method and system further displays the said set of entry points along with the respective call graph.
In accordance with an embodiment, referring to figure 1, the system (100) comprises an input receiving module (102) configured to accept an input data and a processing unit (104) configured to obtain a comprehensive list of entry points. The processing unit further comprises of a generator (106), an identification module (108) and a

filtration unit (110). The system (100) further comprises of a display module (112) configured to display the filtered set of entry points.
The input receiving module (102) is configured to receive input data with respect to said software application. The input data further comprises of but is not limited to a source code and a call length value. The call length value may include but is not limited to a call depth value.
Referring to figure 1, the system (100) further comprises of a processing unit (104) configured to obtain a comprehensive list of entry points with respect to said software application. The processing unit further comprises of a generator (106) which is configured to generate one or more intermediate representations from the provided application source code (step 202). Further by using the said one or more intermediate representations one or more call graphs are constructed (step 204). The call graphs may be displayed in the form of call hierarchy.
In accordance with an embodiment, referring to figure 1, the processing unit further comprises an identification module (108) configured to identify one or more root parameters for said call graph in order to prepare an informative set of entry points. The root parameters further comprises of one or more uncalled functions associated with said call graph (step 206). Uncalled functions are identified using the call graph which acts as the super-set of the entry points. Considering the call graph as a graph with incoming and outgoing edges, where incoming edges represents a function is called and outgoing edges show the functions called from this function. All the uncalled functions are collected from the call graphs which are the root parameters and consist of only outgoing edges.
The processing unit (104) further comprises of the filtration unit (110) configured to filter the informative set of entry points by using a pre-decided value provided by the user with respect to said call graph to construct a desired and comprehensive set of entry points. The pre-decided value provided by the user may include call length and the call length value may be may refer to a value of call depth (step 208 and 210).

This unit provides the facility to filter the huge list of uncalled functions and makes it easy to obtain the required entry points. Thus time consuming process of manually reviewing or sorting the list of uncalled function is minimized.
In accordance with an exemplary embodiment, the filtration unit (110) is further configured to iterate through the super-set of uncalled functions considering one function at a time, it traverses the call hierarchy (graph) generated earlier for the function using but not limited to depth first search and simultaneously incrementing the counter, which would be used to check with the required call depth. The value of the call length/depth is checked by using a counting mechanism. The counter is configured to compare the call length/depth value with the value provided by the user. When the specified call length/depth value is achieved then that method is added into the set of required entry points. Further, if call length/depth value achieved is greater than the value provided by the user, then also the method is added into the required entry points. This set of entry points needs to be validated with functional knowledge (with the help of step 216).
Above process is repeated for all the identified uncalled functions.
The system (100) further comprises of a display module (112) configured to display the filtered informative set of entry points along with the respective call graph relating to the software application. Thus in order to validate the said set of entry points, visual help is provided along with call hierarchy. The display module displays the respective call hierarchy for each entry point (step 216). Thus the system (100) provides an integrated automated way to get comprehensive list of entry points and show the call hierarchy. The visualization help presented by the system (100) provides a good knowledge of the entry point and its coverage.
BEST MODE/EXAMPLE FOR WORKING OF THE INVENTION
The system and method illustrated for identification and verification of one or more configurable entry points associated with a software application is interpreted further

for a specific purpose may be illustrated by working examples stated in the following paragraph; the process is not restricted to the said examples only:
Let us consider a software application having following functions as source code. We need to get the entry point with the length of call chain = 2
void foo()
{
barl(); bar2();
} void barl()
!
bar3();
}
void bar2()
{
bar3();
}
void func()
{
bar2();
}
void bar3()
{}
void func2()
{ bar3():
}
void bar4()
{

}
In the above given sample of code, the call hierarchy is generated which virtually looks like:

Here, the super-set of the entry points
i.e. the set of uncalled functions = { foo(), func(), fiinc2(), bar4() }
call chain length of foo()=2
call chain length of func()=2
call chain length of func2()=1
call chain length of bar4()=0
The required call length is equal to 2.
Hence, set of entry points = { foo(), func() }
This set of entry points will be displayed along with the respective call hierarchy in
order to validate them.
From this list one can select his required entry points.
ADVANTAGES OF THE INVENTION
1. The entry points for a software application can be identified and verified as per user requirement such as user required minimum call length of functions.
2. The entry points for a software application can be identified and verified in short of application knowledge or application documentation.
3. The identified entry points are displayed with respective call hierarchy, so usefulness of entry points can be validated.

4. Time required to review and sort the huge list of uncalled function is considerably reduced.

WE CLAIM:
1. A method providing identification and verification of one or more
configurable entry points associated with a software application, the method
comprising steps of:
accepting an input data with respect to said software application;
processing the input in order to obtain a comprehensive list of entry points,
the processing further comprising;
generating one or more intermediate representations from said input
data in order to construct one or more call graph for said software
application;
identifying one or more root parameters for said call graph in order to
prepare an informative set of entry points;
filtering the informative set by using a pre-decided value provided by
a user with respect to said call graph to construct a desired and
comprehensive set of entry points; displaying said filtered informative set of entry points along with the respective call graph with respect to said software application for aiding verification.
2. The method as claimed in claim 1, wherein the input data further comprises of a source code and a call length value, such that the call length may include but is not limited a call depth value.
3. The method as claimed in claim 1. wherein the root parameters further comprises of one or more uncalled function associated with said call graph.
4. The method as claimed in claim 1, wherein the call graph is further displayed in a form of call hierarchy.

5. The method as claimed in claim 1, wherein the pre-decided value provided by the user comprises of a value of the call length with respect to the call graph.
6. The method as claimed in claim 1, filtering the informative set of entry points comprises wherein the value of the call length is checked by using a counting mechanism.
7. A system providing identification and verification of one or more configurable entry points associated with a software application, the system comprising:
an input receiving module configured to accept input data with respect to said software application;
a processing unit configured to obtain a comprehensive list of entry points, the processing unit further comprising:
a generator configured to generate one or more intermediate representations from said input data in order to construct one or more call graph for said software application;
an identification module configured to identify one or more root parameters for said call graph in order to prepare an informative set of entry points;
a filtration unit configured to filter the informative set of entry points by using a pre-decided value provided by a user with respect to said call graph to construct a desired and comprehensive set of entry points; and
a display module configured to display said filtered informative set of entry points along with the respective call graph with respect to said software application for aiding verification.

8. The system as claimed in claim 7, wherein the input data further comprises of a source code and a call length value, such that the call length may include but is not limited a call depth value.
9. The system as claimed in claim 7, wherein the root parameters further comprises of one or more uncalled function associated with said call graph.
10. The system as claimed in claim 7, wherein the display module is further configured to display the call graph in a form of a call hierarchy.
11. The system as claimed in claim 7, wherein the processing unit further comprises of a counter configured to compare the call length value with the pre-decided value provided by the user.