Abstract: Methods, apparatus, and systems for traversing a representation of an application source code, such as an abstract syntax tree (AST), are disclosed. Steps for traversing the AST include specifying a plurality of runtime binding rules which are associated with one or more locations within the AST, beginning to traverse the AST, monitoring a history of the traverse, continuing to traverse the AST based on the history of the traverse, and updating the history of the traverse. Continuing to traverse the AST may include identifying a plurality of concrete implementations of a method invocation and traversing less than all of the concrete implementations based at least in part on the runtime binding rules, the concrete implementations being traversed being selected based on the history of the traverse.

Abstract: Methods, apparatus, and systems for traversing a representation of an application source code are disclosed. Steps for traversing the representation include beginning to traverse the representation, monitoring a history of the traverse, and continuing to traverse the representation based on the history of the traverse. Continuing to traverse the representation may include identifying a plurality of concrete implementations of a method invocation and traversing less than all of the concrete implementations, the concrete implementations being traversed being selected based on the history of the traverse.

Abstract: Techniques for performing auto-remediation on computer system vulnerabilities in source code utilizing local repositories are disclosed herein. An application source code representation is scanned to determine any security vulnerabilities and from those vulnerabilities, a set of security patch rules are generated that may be used to automatically remediate the vulnerabilities. One or more of the security patch rules is selected for verification and, once verified may be used to generate a security patch. The security patch may then be automatically applied to the source code representation to produce a patched representation of the application source code with the vulnerability at least partly remediated.