US 12,067,122 B2
Detecting added functionality in open source package
Jason R. Shaver, Redmond, WA (US); Gabriel Pedro De Castro, Kenmore, WA (US); Kesavan Shanmugam, Redmond, WA (US); and Yuval Mazor, Redmond, WA (US)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Dec. 22, 2020, as Appl. No. 17/131,446.
Prior Publication US 2022/0198003 A1, Jun. 23, 2022
Int. Cl. G06F 21/57 (2013.01); G06F 8/41 (2018.01); G06F 8/51 (2018.01); G06F 8/70 (2018.01); G06F 8/75 (2018.01); G06F 9/455 (2018.01)
CPC G06F 21/577 (2013.01) [G06F 8/44 (2013.01); G06F 8/51 (2013.01); G06F 8/70 (2013.01); G06F 8/751 (2013.01); G06F 9/45508 (2013.01); G06F 2221/033 (2013.01)] 15 Claims
OG exemplary drawing
 
1. A computing system for detecting whether or not an open source software package has functionality which is not described by source code used to build the open source software package, the computing system comprising:
one or more processors; and
one or more computer-readable media having thereon computer-executable instructions that are structured such that, if executed by the one or more processors, the computing system is configured to:
access the source code used to build the open source software package;
rebuild the open source software package from the source code, the rebuild of the open source software package being configured to rewrite the source code as interpretable code, to access a directory of the open source software package to identify runtime parameters used to originally build the open source software package from the source code, create a new build environment with the identified parameters, and execute the rebuild using the new build environment;
compute whether or not the rebuilt package accomplishes the same functions as the open source software package; and
alert if the rebuilt package does not accomplish the same functions as the open source software package.