View All Documents & Correspondence
Systems And Methods For Evaluating A Source Code Scanner
Abstract: Systems and methods for evaluating a source code scanner are described. In one implementation, the method comprises obtaining a source code. Further, the method comprises inserting one or more good code snippets and one or more bad code snippets into the source code to obtain a modified source code. Further, the method comprises obtaining an issue list, generated by the source code scanner upon scanning the modified source code. The issue list comprises code segments having security defects identified by the source code scanner, reasons for the security defects, and locations of the security defects in the modified source code. Further, the method comprises comparing the code segments, present in the issue list, with the one or more good code snippets and the one or more bad code snippets. Further, the method comprises generating a plurality of metrics, indicating quality of the source code scanner, based on the comparison. Figure 2
Notices, Deadlines & Correspondence
Patent Information
Applicants
WIPRO LIMITED
Inventors
1. SOURAV SAM BHATTACHARYA
Specification
CLIAMS:We claim:
1. A method for evaluating a source code scanner, the method comprising:
obtaining, by a processor, a source code;
Inserting, by the processor, one or more good code snippets and one or more bad code snippets into the source code to obtain a modified source code;
obtaining, by the processor, an issue list, generated by the source code scanner upon scanning the modified source code, wherein the issue list comprises code segments having security defects identified by the source code scanner, reasons for the security defects, and locations of the security defects in the modified source code;
comparing, by the processor, the code segments, present in the issue list, with the one or more good code snippets and the one or more bad code snippets; and
generating, by the processor, a plurality of metrics, indicating quality of the source code scanner, based on the comparison.
2. The method of claim 1, wherein the one or more good code snippets are free from security defects and the one or more bad code snippets include one or more security defects.
3. The method of claim 1 further comprising determining at least one of control flow and data flow of the source code.
4. The method of claim 3 further comprises inserting the one or more good code snippets and the one or more bad code snippets into the source code based on the at least one of control flow and data flow of the source code.
5. The method of claim 1, wherein the one or more good code snippets and the one or more bad code snippets are inserted randomly in the source code.
6. The method of claim 1, wherein the plurality of metrics comprises a false positive rate and a false negative rate of the source code scanner.
7. An evaluation system for evaluating a source code scanner comprising:
one or more hardware processors; and
a computer-readable medium storing instructions that, when executed by the one or more hardware processors, cause the one or more hardware processors to perform operations comprising:
obtaining a source code;
inserting one or more good code snippets and one or more bad code snippets into the source code to obtain a modified source code;
obtaining an issue list, generated by the source code scanner upon scanning the modified source code, wherein the issue list comprises code segments having security defects identified by the source code scanner, reasons for the security defects, and locations of the security defects in the modified source code;
comparing the code segments, present in the issue list, with the one or more good code snippets and the one or more bad code snippets; and
generating a plurality of metrics, indicating quality of the source code scanner, based on the comparison.
8. The system according to claim 7, wherein the one or more good code snippets are free from security defects and the one or more bad code snippets include one or more security defects.
9. The system according to claim 7, wherein the operations further comprise determining at least one of control flow and data flow of the source code.
10. The system according to claim 9, wherein the operations further comprise inserting the one or more good code snippets and the one or more bad code snippets into the source code based on the at least one of control flow and data flow of the source code.
11. The system according to claim 7, wherein the one or more good code snippets and the one or more bad code snippets are inserted randomly in the source code.
12. The system according to claim 7, wherein the plurality of metrics comprises a false positive rate and a false negative rate of the source code scanner.
13. A non-transitory computer-readable medium storing instructions for evaluating a source code scanner, wherein upon execution of the instructions by one or more hardware processors, the hardware processors perform operations comprising:
obtaining a source code;
inserting one or more good code snippets and one or more bad code snippets into the source code to obtain a modified source code;
obtaining an issue list, generated by the source code scanner upon scanning the modified source code, wherein the issue list comprises code segments having security defects identified by the source code scanner, reasons for the security defects, and locations of the security defects in the modified source code;
comparing the code segments, present in the issue list, with the one or more good code snippets and the one or more bad code snippets; and
generating a plurality of metrics, indicating quality of the source code scanner, based on the comparison.
Dated this 21st day of November, 2014
Swetha S.N
Of K&S Partners
Agent for the Applicant
,TagSPECI:TECHNICAL FIELD
The present subject matter is related, in general to a source code scanner and, in particular, but not exclusively to methods and systems for evaluating a source code scanner.
Documents
Orders
| Section | Controller | Decision Date |
|---|---|---|
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | 5838-CHE-2014 FORM-9 21-11-2014.pdf | 2014-11-21 |
| 1 | 5838-CHE-2014-IntimationOfGrant10-10-2023.pdf | 2023-10-10 |
| 2 | 5838-CHE-2014 FORM-18 21-11-2014.pdf | 2014-11-21 |
| 2 | 5838-CHE-2014-PatentCertificate10-10-2023.pdf | 2023-10-10 |
| 3 | IP29039-Spec.pdf | 2014-11-24 |
| 3 | 5838-CHE-2014-FORM-26 [24-02-2023(online)].pdf | 2023-02-24 |
| 4 | IP29039-fig.pdf | 2014-11-24 |
| 4 | 5838-CHE-2014-PETITION UNDER RULE 137 [24-02-2023(online)].pdf | 2023-02-24 |
| 5 | FORM 5-IP29039.pdf | 2014-11-24 |
| 5 | 5838-CHE-2014-Written submissions and relevant documents [24-02-2023(online)].pdf | 2023-02-24 |
| 6 | FORM 3-IP29039.pdf | 2014-11-24 |
| 6 | 5838-CHE-2014-Correspondence to notify the Controller [30-01-2023(online)].pdf | 2023-01-30 |
| 7 | abstract 5838-CHE-2014.jpg | 2014-12-09 |
| 7 | 5838-CHE-2014-US(14)-HearingNotice-(HearingDate-09-02-2023).pdf | 2023-01-19 |
| 8 | 5838-CHE-2014-AMENDED DOCUMENTS [06-01-2023(online)].pdf | 2023-01-06 |
| 8 | 5838-CHE-2014 CORRESPONDENCE OTHERS 20-01-2015.pdf | 2015-01-20 |
| 9 | 5838-CHE-2014 POWER OF ATTORNEY 11-05-2015.pdf | 2015-05-11 |
| 9 | 5838-CHE-2014-Correspondence to notify the Controller [06-01-2023(online)].pdf | 2023-01-06 |
| 10 | 5838-CHE-2014 FORM-1 11-05-2015.pdf | 2015-05-11 |
| 10 | 5838-CHE-2014-FORM 13 [06-01-2023(online)].pdf | 2023-01-06 |
| 11 | 5838-CHE-2014 CORRESPONDENCE OTHERS 11-05-2015.pdf | 2015-05-11 |
| 11 | 5838-CHE-2014-POA [06-01-2023(online)].pdf | 2023-01-06 |
| 12 | 5838-CHE-2014-FER.pdf | 2019-03-25 |
| 12 | 5838-CHE-2014-US(14)-HearingNotice-(HearingDate-10-01-2023).pdf | 2022-12-30 |
| 13 | 5838-CHE-2014-FER_SER_REPLY [25-09-2019(online)].pdf | 2019-09-25 |
| 13 | 5838-CHE-2014-FORM 3 [25-09-2019(online)].pdf | 2019-09-25 |
| 14 | 5838-CHE-2014-FER_SER_REPLY [25-09-2019(online)].pdf | 2019-09-25 |
| 14 | 5838-CHE-2014-FORM 3 [25-09-2019(online)].pdf | 2019-09-25 |
| 15 | 5838-CHE-2014-FER.pdf | 2019-03-25 |
| 15 | 5838-CHE-2014-US(14)-HearingNotice-(HearingDate-10-01-2023).pdf | 2022-12-30 |
| 16 | 5838-CHE-2014 CORRESPONDENCE OTHERS 11-05-2015.pdf | 2015-05-11 |
| 16 | 5838-CHE-2014-POA [06-01-2023(online)].pdf | 2023-01-06 |
| 17 | 5838-CHE-2014-FORM 13 [06-01-2023(online)].pdf | 2023-01-06 |
| 17 | 5838-CHE-2014 FORM-1 11-05-2015.pdf | 2015-05-11 |
| 18 | 5838-CHE-2014 POWER OF ATTORNEY 11-05-2015.pdf | 2015-05-11 |
| 18 | 5838-CHE-2014-Correspondence to notify the Controller [06-01-2023(online)].pdf | 2023-01-06 |
| 19 | 5838-CHE-2014 CORRESPONDENCE OTHERS 20-01-2015.pdf | 2015-01-20 |
| 19 | 5838-CHE-2014-AMENDED DOCUMENTS [06-01-2023(online)].pdf | 2023-01-06 |
| 20 | 5838-CHE-2014-US(14)-HearingNotice-(HearingDate-09-02-2023).pdf | 2023-01-19 |
| 20 | abstract 5838-CHE-2014.jpg | 2014-12-09 |
| 21 | 5838-CHE-2014-Correspondence to notify the Controller [30-01-2023(online)].pdf | 2023-01-30 |
| 21 | FORM 3-IP29039.pdf | 2014-11-24 |
| 22 | 5838-CHE-2014-Written submissions and relevant documents [24-02-2023(online)].pdf | 2023-02-24 |
| 22 | FORM 5-IP29039.pdf | 2014-11-24 |
| 23 | 5838-CHE-2014-PETITION UNDER RULE 137 [24-02-2023(online)].pdf | 2023-02-24 |
| 23 | IP29039-fig.pdf | 2014-11-24 |
| 24 | 5838-CHE-2014-FORM-26 [24-02-2023(online)].pdf | 2023-02-24 |
| 24 | IP29039-Spec.pdf | 2014-11-24 |
| 25 | 5838-CHE-2014-PatentCertificate10-10-2023.pdf | 2023-10-10 |
| 25 | 5838-CHE-2014 FORM-18 21-11-2014.pdf | 2014-11-21 |
| 26 | 5838-CHE-2014-IntimationOfGrant10-10-2023.pdf | 2023-10-10 |
| 26 | 5838-CHE-2014 FORM-9 21-11-2014.pdf | 2014-11-21 |
Search Strategy
| 1 | searchstrategy_25-03-2019.pdf |