Deep learning type inference
Dynamically typed languages such as JavaScript and Python are increasingly popular, yet
static typing has not been totally eclipsed: Python now supports type annotations and …
static typing has not been totally eclipsed: Python now supports type annotations and …
Pycg: Practical call graph generation in python
V Salis, T Sotiropoulos, P Louridas… - 2021 IEEE/ACM …, 2021 - ieeexplore.ieee.org
Call graphs play an important role in different contexts, such as profiling and vulnerability
propagation analysis. Generating call graphs in an efficient manner can be a challenging …
propagation analysis. Generating call graphs in an efficient manner can be a challenging …
Analysis of JavaScript programs: Challenges and research trends
K Sun, S Ryu - ACM Computing Surveys (CSUR), 2017 - dl.acm.org
JavaScript has been a de facto standard language for client-side web programs, and now it
is expanding its territory to general purpose programs. In this article, we classify the client …
is expanding its territory to general purpose programs. In this article, we classify the client …
KJS: A complete formal semantics of JavaScript
D Park, A Stefănescu, G Roşu - Proceedings of the 36th ACM SIGPLAN …, 2015 - dl.acm.org
This paper presents KJS, the most complete and throughly tested formal semantics of
JavaScript to date. Being executable, KJS has been tested against the ECMAScript 5.1 …
JavaScript to date. Being executable, KJS has been tested against the ECMAScript 5.1 …
Detecting node. js prototype pollution vulnerabilities via object lookup analysis
Prototype pollution is a type of vulnerability specific to prototype-based languages, such as
JavaScript, which allows an adversary to pollute a base object's property, leading to a further …
JavaScript, which allows an adversary to pollute a base object's property, leading to a further …
Mining node. js vulnerabilities via object dependence graph and query
Node. js is a popular non-browser JavaScript platform that provides useful but sometimes
also vulnerable packages. On one hand, prior works have proposed many program analysis …
also vulnerable packages. On one hand, prior works have proposed many program analysis …
Containing malicious package updates in npm with a lightweight permission system
G Ferreira, L Jia, J Sunshine… - 2021 IEEE/ACM 43rd …, 2021 - ieeexplore.ieee.org
The large amount of third-party packages available in fast-moving software ecosystems,
such as Node. js/npm, enables attackers to compromise applications by pushing malicious …
such as Node. js/npm, enables attackers to compromise applications by pushing malicious …
Static analysis of event-driven Node. js JavaScript applications
Many JavaScript programs are written in an event-driven style. In particular, in server-side
Node. js applications, operations involving sockets, streams, and files are typically …
Node. js applications, operations involving sockets, streams, and files are typically …
Discovering bug patterns in JavaScript
JavaScript has become the most popular language used by developers for client and server
side programming. The language, however, still lacks proper support in the form of warnings …
side programming. The language, however, still lacks proper support in the form of warnings …
Scaling javascript abstract interpretation to detect and exploit node. js taint-style vulnerability
Taint-style vulnerabilities, such as OS command injection and path traversal, are common
and severe software weaknesses. There exists an inherent trade-off between analysis …
and severe software weaknesses. There exists an inherent trade-off between analysis …