Identifying software components in a software codebase

摘要

Systems, methods, and computer program embodiments are disclosed for detecting third party software components in a software codebase. In an embodiment, a source file containing source code may be received at a server, and a code signature may be generated for the source file based on a determined structure of the source code. The generated code signature may then be compared to signatures stored in a reference database to identify matching third party software files. In an embodiment, the reference database may store a plurality of code signatures corresponding to third party software files. A list of the identified third party software files may be created and presented to a user.

主权项

1. A method for detecting third party software components in a source file, comprising:
receiving a source file containing source code at a server; generating a code signature for the source file, the generating comprising:
determining a language of the source file;identifying a list of language reserved keywords and key phrases associated with the programing language;removing from the source file text that does not match a language reserved keyword or key phrase of the identified list;removing from the source file language-specific control characters and control character sequences;replacing each language reserved keyword and key phrase of the source file with a corresponding compact byte representation to produce an encoded sequence; andhashing the encoded sequence to produce the code signature; comparing the generated code signature to signatures stored in a reference database to identify matching third Party software files, the reference database storing a plurality of code signatures corresponding to the third party software files; creating a list of the identified third party software files; and presenting the list of identified third party to a user.