Static Analysis of JavaScript Web Applications in the Wild via Practical DOM Modeling (T)

We present SAFE Wapp , an open-source static analysis framework for JavaScript web applications. It provides a faithful (partial) model of web application execution environments of various browsers, based on empirical data from the main web pages of the 9,465 most popular websites. A main feature of...

Full description

Saved in:
Bibliographic Details
Published in:2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE) pp. 552 - 562
Main Authors: Changhee Park, Sooncheol Won, Joonho Jin, Sukyoung Ryu
Format: Conference Proceeding
Language:English
Published: IEEE 01.11.2015
Subjects:
Analytical models
Browsers
Encyclopedias
HTML
Internet
Web pages
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:We present SAFE Wapp , an open-source static analysis framework for JavaScript web applications. It provides a faithful (partial) model of web application execution environments of various browsers, based on empirical data from the main web pages of the 9,465 most popular websites. A main feature of SAFE Wapp is the configurability of DOM tree abstraction levels to allow users to adjust a trade-off between analysis performance and precision depending on their applications. We evaluate SAFEWapp on the 5 most popular JavaScript libraries and the main web pages of the 10 most popular websites in terms of analysis performance, precision, and modeling coverage. Additionally, as an application of SAFE Wapp , we build a bug detector for JavaScript web applications that uses static analysis results from SAFE Wapp . Our bug detector found previously undiscovered bugs including ones from wikipedia.org and amazon.com.
DOI:10.1109/ASE.2015.27