Thesis Details
Detekce kódu v jazyce JavaScript se známými bezpečnostními chybami
This thesis deals with the detection of vulnerable JavaScript libraries and NPM packages. Based on existing studies, it summarizes the technological core of the Node.js platform and further focuses on selected vulnerabilities of the NPM system and existing means of protection. A Chrome browser extension able to detect and fix JavaScript code with known vulnerabilities on the web browser had been introduced. The tool was tested in a crawl of 50 000 websites. 8 129 vulnerable scripts were detected. The extension has been published to the Chrome Web Store as JS Vulnerability Detector.
JavaScript, Node.js, NPM, vulnerability detection, client-side JavaScript, abstract syntax tree, browser extension, pushdown automata, National Vulnerability Database, Snyk, Chome, Manifest V3, crawl, hash, JSON
Bartík Vladimír, Ing., Ph.D. (DIFS FIT BUT), člen
Grégr Matěj, Ing., Ph.D. (DIFS FIT BUT), člen
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS FIT BUT), člen
Meduna Alexander, prof. RNDr., CSc. (DIFS FIT BUT), člen
Polčák Libor, Ing., Ph.D. (DIFS FIT BUT), člen
@mastersthesis{FITMT23311, author = "Vojt\v{e}ch Rand\'{y}sek", type = "Master's thesis", title = "Detekce k\'{o}du v jazyce JavaScript se zn\'{a}m\'{y}mi bezpe\v{c}nostn\'{i}mi chybami", school = "Brno University of Technology, Faculty of Information Technology", year = 2022, location = "Brno, CZ", language = "czech", url = "https://www.fit.vut.cz/study/thesis/23311/" }