Pycg: Practical call graph generation in python

V Salis, T Sotiropoulos, P Louridas… - 2021 IEEE/ACM …, 2021 - ieeexplore.ieee.org
Call graphs play an important role in different contexts, such as profiling and vulnerability
propagation analysis. Generating call graphs in an efficient manner can be a challenging …

Silent spring: Prototype pollution leads to remote code execution in Node. js

M Shcherbakov, M Balliu, CA Staicu - 32nd USENIX Security Symposium …, 2023 - usenix.org
Prototype pollution is a dangerous vulnerability affecting prototype-based languages like
JavaScript and the Node. js platform. It refers to the ability of an attacker to inject properties …

Analysis of JavaScript programs: Challenges and research trends

K Sun, S Ryu - ACM Computing Surveys (CSUR), 2017 - dl.acm.org
JavaScript has been a de facto standard language for client-side web programs, and now it
is expanding its territory to general purpose programs. In this article, we classify the client …

Modular call graph construction for security scanning of node. js applications

BB Nielsen, MT Torp, A Møller - Proceedings of the 30th ACM SIGSOFT …, 2021 - dl.acm.org
Most of the code in typical Node. js applications comes from third-party libraries that consist
of a large number of interdependent modules. Because of the dynamic features of …

Taintmini: Detecting flow of sensitive data in mini-programs with static taint analysis

C Wang, R Ko, Y Zhang, Y Yang… - 2023 IEEE/ACM 45th …, 2023 - ieeexplore.ieee.org
Mini-programs, which are programs running inside mobile super apps such as WeChat,
often have access to privacy-sensitive information, such as location data and phone …

Freezing the Web: a study of {ReDoS} vulnerabilities in {JavaScript-based} web servers

CA Staicu, M Pradel - … USENIX security symposium (USENIX Security 18 …, 2018 - usenix.org
Regular expression denial of service (ReDoS) is a class of algorithmic complexity attacks
where matching a regular expression against an attacker-provided input takes unexpectedly …

Detecting node. js prototype pollution vulnerabilities via object lookup analysis

S Li, M Kang, J Hou, Y Cao - Proceedings of the 29th ACM Joint Meeting …, 2021 - dl.acm.org
Prototype pollution is a type of vulnerability specific to prototype-based languages, such as
JavaScript, which allows an adversary to pollute a base object's property, leading to a further …

Mining node. js vulnerabilities via object dependence graph and query

S Li, M Kang, J Hou, Y Cao - 31st USENIX Security Symposium …, 2022 - usenix.org
Node. js is a popular non-browser JavaScript platform that provides useful but sometimes
also vulnerable packages. On one hand, prior works have proposed many program analysis …

[PDF][PDF] Understanding and automatically preventing injection attacks on Node. js

CA Staicu, M Pradel, B Livshits - Network and Distributed System …, 2018 - software-lab.org
The NODE. JS ecosystem has lead to the creation of many modern applications, such as
server-side web applications and desktop applications. Unlike client-side JavaScript code …

Mininode: Reducing the attack surface of node. js applications

I Koishybayev, A Kapravelos - … on Research in Attacks, Intrusions and …, 2020 - usenix.org
JavaScript has gained traction as a programming language that qualifies for both the client-
side and the server-side logic of applications. A new ecosystem of server-side code written …