Skip to content

Javascript auditing support #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chengpeng-wang merged 24 commits into from
Nov 24, 2025
Merged

Javascript auditing support #20

chengpeng-wang merged 24 commits into from
Nov 24, 2025

Conversation

@acezxn
Copy link

@acezxn acezxn commented Sep 5, 2025
edited
Loading

Added detection of Null Pointer Dereference (NPD) support for Javascript.

  • Basic detection of the deferencing of variables that are null/undefined
  • Deleted property usage detection
  • Inter scope data flow analysis for supporting nested functions / global variables

acezxn added 5 commits October 20, 2025 13:46
@acezxn
Implemented extraction of relevant non-local
3c96b96 
 variables and removed detection of potentially nullable builtin functions
@acezxn
Extended __process_src_value for non local variable analysis
029b254 
- Non local variable assignments are now considered as part of the propagation details.
- Non local variable assignments are now considered as a side effect and all caller functions that invoked the non-local-changing function would be added to the worklist for dataflow anaysis.
- Adjusted potential buggy path detection to include non local variable assignments.

These changes enables Repoaudit to detect NPD styled bugs in Javascript that involves non local variables (see benchmark/Javascript/toy/NPD/case06.js for example).
@acezxn
Fixed bugs in non local extraction
1173bb0
@acezxn
Added back original global variable analysis and removed language dep…
660f320 
…endent components in dfbscan agent
@acezxn
Specified nullish value extraction rule for Javascript
52743e7
@chengpeng-wang chengpeng-wang changed the base branch from main to js-audit November 14, 2025 04:48
@chengpeng-wang
Copy link
Contributor

chengpeng-wang commented Nov 14, 2025

@acezxn Thank you for your contribution. Please refactor the code and add your latest version before the merge.

@acezxn acezxn marked this pull request as ready for review November 15, 2025 01:16
chengpeng-wang
chengpeng-wang approved these changes Nov 20, 2025
View reviewed changes
Copy link
Contributor

@chengpeng-wang chengpeng-wang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could merge it to js-audit branch first and then continue to pollsh it.

@chengpeng-wang
Copy link
Contributor

chengpeng-wang commented Nov 20, 2025

@acezxn Please execute mypy src and black src to fix the check errors first.

@chengpeng-wang chengpeng-wang merged commit f9c7bf4 into PurCL:js-audit Nov 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chengpeng-wang chengpeng-wang chengpeng-wang approved these changes

@ZhangZhuoSJTU ZhangZhuoSJTU Awaiting requested review from ZhangZhuoSJTU

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@acezxn @chengpeng-wang