Modular call graph construction for security scanning of Node.js applications
Benjamin Barslev Nielsen, Martin Toldam Torp, Anders Møller
Abstract
Most of the code in typical Node.js applications comes from third-party libraries that consist of a large number of interdependent modules. Because of the dynamic features of JavaScript, it is difficult to obtain detailed information about the module dependencies, which is vital for reasoning about the potential consequences of security vulnerabilities in libraries, and for many other software development tasks. The underlying challenge is how to construct precise call graphs that capture the connectivity between functions in the modules.
Topics & Concepts
Computer scienceModular designNode (physics)GraphProgramming languageTheoretical computer scienceEngineeringStructural engineeringAdvanced Malware Detection TechniquesWeb Application Security VulnerabilitiesNetwork Security and Intrusion Detection