Thesis Details

Detekce kódu v jazyce JavaScript se známými bezpečnostními chybami

Master's Thesis Student: Randýsek Vojtěch Academic Year: 2021/2022 Supervisor: Polčák Libor, Ing., Ph.D.
English title
Detecting JavaScript Code with Known Vulnerabilites
Language
Czech
Abstract

This thesis deals with the detection of vulnerable JavaScript libraries and NPM packages. Based on existing studies, it summarizes the technological core of the Node.js platform and further focuses on selected vulnerabilities of the NPM system and existing means of protection. A Chrome browser extension able to detect and fix JavaScript code with known vulnerabilities on the web browser had been introduced. The tool was tested in a crawl of 50 000 websites. 8 129 vulnerable scripts were detected. The extension has been published to the Chrome Web Store as JS Vulnerability Detector.

Keywords

JavaScript, Node.js, NPM, vulnerability detection, client-side JavaScript, abstract syntax tree, browser extension, pushdown automata, National Vulnerability Database, Snyk, Chome, Manifest V3, crawl, hash, JSON

Department
Degree Programme
Files
Status
defended, grade A
Date
22 June 2022
Reviewer
Committee
Burget Radek, doc. Ing., Ph.D. (DIFS FIT BUT), předseda
Bartík Vladimír, Ing., Ph.D. (DIFS FIT BUT), člen
Grégr Matěj, Ing., Ph.D. (DIFS FIT BUT), člen
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS FIT BUT), člen
Meduna Alexander, prof. RNDr., CSc. (DIFS FIT BUT), člen
Polčák Libor, Ing., Ph.D. (DIFS FIT BUT), člen
Citation
RANDÝSEK, Vojtěch. Detekce kódu v jazyce JavaScript se známými bezpečnostními chybami. Brno, 2022. Master's Thesis. Brno University of Technology, Faculty of Information Technology. 2022-06-22. Supervised by Polčák Libor. Available from: https://www.fit.vut.cz/study/thesis/23311/
BibTeX
@mastersthesis{FITMT23311,
    author = "Vojt\v{e}ch Rand\'{y}sek",
    type = "Master's thesis",
    title = "Detekce k\'{o}du v jazyce JavaScript se zn\'{a}m\'{y}mi bezpe\v{c}nostn\'{i}mi chybami",
    school = "Brno University of Technology, Faculty of Information Technology",
    year = 2022,
    location = "Brno, CZ",
    language = "czech",
    url = "https://www.fit.vut.cz/study/thesis/23311/"
}
Back to top