Spreadsheets, word processors, and other document editing applications enable users to write scripts or macros that automate a sequence of actions, e.g., keystrokes, mouse-clicks, etc. through code. Although macros can improve user efficiency by automating repetitive actions, executable code within a document can also potentially include malware. Macro-based malware is known to intentionally use broken syntax to bypass detection. This disclosure describes a parser that is resilient to syntax errors in code, and which can, by applying local corrections, continue to parse the rest of the code after encountering a parse error. Once corrected, the code can be subject to malware detection prior to or after translation into the target language.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Garg, Abhay; Ginet, Alexandre; De, Arijit; BA, Paneendra; and Zhou, Yu, "Improving Malware Detection By Parsing Broken Code", Technical Disclosure Commons, (November 24, 2020)