Program defects tend to surface late in the development of programs, and they are hard to detect.
Security vulnerabilities are particularly important defects to detect.
They may cause sensitive information to be leaked or the system on which the program is executed to be compromised.

Existing approaches that use static analysis to detect security vulnerabilities in source code are often limited to a predetermined set of encoded security vulnerabilities.
Although these approaches support a decent number of vulnerabilities by default,
they cannot be configured for detecting vulnerabilities that are specific to the application domain of the analyzed program.

In this paper we present JS-QL, a framework for detecting user-specified security vulnerabilities in JavaScript applications statically.
The framework makes use of an internal domain-specific query language hosted by JavaScript.
JS-QL queries are based on regular path expressions, enabling users to express queries over a flow graph in a declarative way.
The flow graph represents the run-time behavior of a program and is computed by a static analysis.

We evaluate JS-QL by expressing 9 security vulnerabilities supported by existing work and comparing the resulting specifications.
We conclude that the combination of static analysis and regular path expressions lends itself well to the detection of user-specified security vulnerabilities.
Original languageEnglish
Title of host publicationProceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security
Subtitle of host publicationVienna, Austria — October 24 - 28, 2016
Place of PublicationNew York, NY, USA
PublisherACM
Pages3-13
ISBN (Print)978-1-4503-4574-3
StatePublished - Oct 2016
EventThe 2016 ACM Workshop on Programming Languages and Analysis for Security - Vienna, Austria

Workshop

WorkshopThe 2016 ACM Workshop on Programming Languages and Analysis for Security
Abbreviated titlePLAS2016
CountryAustria
CityVienna
Period24/10/1624/10/16
Internet address

    Research areas

  • security, static analysis, JavaScript

ID: 26770753