IDENTIFYING SOURCE CODE USED TO BUILD EXECUTABLE FILES

摘要

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for identifying source code used to build executable. One of the methods includes determining that a first newly created process is a compiler, the compiler being invoked to compile a source code file; after the compiler exits, generating a first hash value of an object file generated by the compiler; generating an object artifact that identifies the source code file and includes the first hash value of contents of the object file generated by the compiler; determining that the second newly created process is a linker, the linker being invoked to generate an executable file from one or more object files; generating a link artifact that includes respective hash values of each of the one or more object files used to generate the executable file; and providing the link artifact and object artifact to a static analysis system.

主权项

1. A computer-implemented method of associating an executable file with one or more source code files used to generate the executable file, the method comprising:
determining that a first newly created process is a compiler, the compiler being invoked to compile a source code file; after the compiler exits, generating a first hash value of an object file generated by the compiler; generating an object artifact that identifies the source code file and includes the first hash value of contents of the object file generated by the compiler; determining that the second newly created process is a linker, the linker being invoked to generate an executable file from one or more object files, including the object file; generating a link artifact that includes respective hash values of each of the one or more object files used to generate the executable file; and providing the link artifact and object artifact to a static analysis system, whereby the static analysis system associates the executable file with source code used to build the executable file including matching hash values in the link artifact with hash values of the one or more object files and identifying source code in source code files identified by object artifacts associated with the one or more object files.