US 12,217,050 B2
Method and system for identifying suspicious code contribution to a source code repository
Michael Hudson, Delray Beach, FL (US); Michael Florio, Lake Worth, FL (US); Sunil Dandamudi, Cary, NC (US); and Samuel Dwumfour, Newark, NJ (US)
Assigned to HCL America Inc.
Filed by HCL America, Inc, Sunnyvale, CA (US)
Filed on Oct. 18, 2021, as Appl. No. 17/503,803.
Prior Publication US 2023/0124113 A1, Apr. 20, 2023
Int. Cl. G06F 8/75 (2018.01); G06F 8/71 (2018.01); G06F 11/34 (2006.01); G06F 21/55 (2013.01); G06F 21/56 (2013.01)
CPC G06F 8/75 (2013.01) [G06F 8/71 (2013.01); G06F 11/3438 (2013.01); G06F 21/554 (2013.01); G06F 21/566 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A method for identifying suspicious code contribution of a user to a source code repository, the method comprising:
receiving, by a suspicious activity detection device, a plurality of updated code files of the source code repository through an event, wherein each of the plurality of updated code files is updated by a set of user actions, wherein the set of user actions comprises at least one of an addition, a deletion, and a modification made by the user, and wherein the event is triggered in real-time when at least one of the plurality of updated code files is pushed to the source code repository;
extracting, by the suspicious activity detection device, a plurality of user action parameters from the event corresponding to each of the plurality of updated code files, wherein the plurality of user action parameters comprises a file name, a user name, a timestamp of each of the set of user actions, a description of each of the set of user actions, and user comments;
storing, by the suspicious activity detection device, the plurality of updated code files and the plurality of user action parameters from the event corresponding to each of the plurality of updated code files in a database, wherein the database comprises a table with a column for each of the plurality of user action parameters; and
identifying, by the suspicious activity detection device, at least one user action from the set of user actions as a suspicious code contribution of the user for at least one of the plurality of updated code files of the source code repository based on the plurality of user action parameters, wherein identifying the at least one user action from the set of user actions as a suspicious code contribution comprises:
for each of the plurality of updated code files,
comparing the timestamp of each of the set of user actions with a timestamp of most recent of previous actions performed on an updated code file;
establishing a user action as a suspicious code contribution when a difference between the timestamp of the user action and the timestamp of the most recent of the previous actions is below a predefined threshold and the user action is performed by a new author; and
establishing a user action as a suspicious code contribution when a difference between the timestamp of the user action and the timestamp of the most recent of the previous actions is greater than a predefined threshold.