公开(公告)号：US12299134B1

公开(公告)日：2025-05-13

申请号：US17936993

申请日：2022-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Peixuan Li ,  Yingjun Lyu ,  Qiang Zhou ,  Lee Pike ,  Michael McDougall ,  Thodoris Sotiropoulos

IPC: G06F21/57 ,  G06N5/022

Abstract: Security vulnerability analysis may be performed using policy inference. Application code may have operations that are labeled according to the respective functions that they perform. Some operations may be labeled according to a knowledge database of known operations while others may be inferred through similarity to known operations. The knowledge database may be associated with libraries of programmatic interfaces. Once components of the application code are labeled, a vulnerability database may be that identifies potential vulnerabilities based on data sources, data sinks and threat mitigation operations. Using the labeled operations, one or more potential vulnerabilities may be identified based on labeled data sources and data sinks. The application may then be evaluated for potential security threats based on the identified potential vulnerabilities.

公开(公告)号：US12079106B1

公开(公告)日：2024-09-03

申请号：US17545770

申请日：2021-12-08

Applicant: Amazon Technologies, Inc.

Inventor： Yaojie Hu ,  Xingjian Shi ,  Qiang Zhou ,  Lee Pike

IPC: G06F11/36 ,  G06N5/04

CPC classification number: G06F11/3636 ,  G06N5/04

Abstract: Techniques for determining buggy code are described. An encoder/decoder-based (e.g., transformer-based) model approach is described. In some embodiments, a service receives request to perform transformer-based bug fixing on code, performs bug fixing inference to the code by applying a trained encoder/decoder-based model, and reports out a result of the inference, wherein the output includes an indication of a location of a potential edit to be made in the code and the potential edit in the code.

公开(公告)号：US12008364B1

公开(公告)日：2024-06-11

申请号：US17357616

申请日：2021-06-24

Applicant: Amazon Technologies, Inc.

Inventor： Hangqi Zhao ,  Qiang Zhou ,  Sengamedu Hanumantha Rao Srinivasan

IPC: G06F8/75 ,  G06F8/10 ,  G06F40/30

CPC classification number: G06F8/75 ,  G06F8/10 ,  G06F40/30

Abstract: A system identifies a pattern in source code. The pattern is identified based, at least in part, on correlation between units of code, or on the derivation of a rule from a recurring sequence in the source code. The system identifies a portion of the source code that at least partially matches the pattern, and determines that this portion includes at least one deviation from the pattern. The system then generates an error message to describe the deviation.

公开(公告)号：US11630919B1

公开(公告)日：2023-04-18

申请号：US16587361

申请日：2019-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Omer Tripp ,  Srinivasan Sengamedu Hanumantha Rao ,  Qiang Zhou

IPC: G06F21/62 ,  G06F21/57 ,  G06K9/62 ,  G06F8/60 ,  G06F11/30

Abstract: Techniques for management of sensitive data using static code analysis are described. A method of management of sensitive data using static code analysis includes obtaining a representation at least a portion of code, statically analyzing at least the portion of code to generate one or more candidate vectors based at least on one or more patterns, sending the one or more candidate vectors to a sensitive data model, and receiving an inference response indicating, for each of the one or more candidate vectors, whether at least a portion of the candidate vector includes sensitive data and a corresponding confidence score.

公开(公告)号：US12050968B1

公开(公告)日：2024-07-30

申请号：US16694925

申请日：2019-11-25

Applicant: Amazon Technologies, Inc.

Inventor： Omer Tripp ,  Qiang Zhou

IPC: G06N20/00 ,  G06N7/01

CPC classification number: G06N20/00 ,  G06N7/01

Abstract: Techniques for analyzing code are described. In some instances, a code analysis service is implemented by one or more electronic devices, the code analysis service including instructions that upon execution cause the code analysis service to: perform a program analysis to mine a code segment of the stored code to generate a descriptor of each input in the code segment that appears to be have insufficient input validation; assess that an input has insufficient validation and determining a classification of input validation to use by determining a category of input validation to apply to the input; acquire suggestion for the determined category; and provide the acquired suggestion for the determined category.

公开(公告)号：US10997054B1

公开(公告)日：2021-05-04

申请号：US16694907

申请日：2019-11-25

Applicant: Amazon Technologies, Inc.

Inventor： Omer Tripp ,  Qiang Zhou

IPC: G06F9/44 ,  G06F11/36 ,  G06F16/9035 ,  G06F16/907 ,  G06N20/00

Abstract: Techniques for analyzing code are described. In some instances, a code analysis service is to perform a series of comparisons, one or more per path segment of an index structure of non-defective code samples, using a token derived from a defective code segment of the stored code, to determine one or more paths in the index, wherein each path is to point to code that is similar to the defective code segment; and provide, in response to the series of comparisons, at least one of: a location of the code determined to be similar to the defective code segment and the code determined to be similar.