Abstract: In a system for determining components of a software application from binary code thereof, one or more binary files are read without loading any component/object in the files in an execution environment that can execute the software application. A component in one of the files, designated as a primary component, is visited to identify a path specifying origin of a secondary component that is associated with the primary component, and the identified path is stored. Analysis of the path can indicate whether the secondary component is provided by the developer of the software application or by a different entity.

Abstract: In a system for determining components of a software application from binary code thereof, one or more binary files are read without loading any component/object in the files in an execution environment that can execute the software application. A component in one of the files, designated as a primary component, is visited to identify a path specifying origin of a secondary component that is associated with the primary component, and the identified path is stored. Analysis of the path can indicate whether the secondary component is provided by the developer of the software application or by a different entity.

Abstract: In system for enabling static vulnerability analysis of a software/web application that includes an indirectly modeled language portion and a directly modeled language portion, an indirectly modeled language information extractor select nodes of certain types from a syntax tree corresponding to the indirectly modeled language source code. Generally, the types of nodes that are selected are relevant to taint propagation. For one or more of the selected nodes, one or more statements corresponding to one or more of a type of the node, an input to the node, and an object associated with the node are generated. A static analyzer configured for a directly modeled language may perform vulnerability analysis of the software/web application using the generated statements.

Abstract: In a system for determining components of a software application from binary code thereof, one or more binary files are read without loading any component/object in the files in an execution environment that can execute the software application. A component in one of the files, designated as a primary component, is visited to identify a path specifying origin of a secondary component that is associated with the primary component, and the identified path is stored. Analysis of the path can indicate whether the secondary component is provided by the developer of the software application or by a different entity.

Abstract: In a system for determining components of a software application from binary code thereof, one or more binary files are read without loading any component/object in the files in an execution environment that can execute the software application. A component in one of the files, designated as a primary component, is visited to identify a path specifying origin of a secondary component that is associated with the primary component, and the identified path is stored. Analysis of the path can indicate whether the secondary component is provided by the developer of the software application or by a different entity.

Abstract: In system for enabling static vulnerability analysis of a software/web application that includes an indirectly modeled language portion and a directly modeled language portion, an indirectly modeled language information extractor select nodes of certain types from a syntax tree corresponding to the indirectly modeled language source code. Generally, the types of nodes that are selected are relevant to taint propagation. For one or more of the selected nodes, one or more statements corresponding to one or more of a type of the node, an input to the node, and an object associated with the node are generated. A static analyzer configured for a directly modeled language may perform vulnerability analysis of the software/web application using the generated statements.