├── .gitignore ├── CryptoFuzzy ├── compareCrypto.py ├── compareFuzzyHash.py ├── process-function │ └── parseFunction.mjs ├── refactor │ ├── refactor-tree.mjs │ ├── refactor.mjs │ ├── renameVar.mjs │ └── utils.mjs ├── represent.mjs └── tokenize&Cryptohash.mjs ├── README.md ├── crawl real-world functions ├── ext │ ├── crawlZips.mjs │ ├── extractFunctions.mjs │ ├── extractZips.mjs │ ├── refactor │ │ ├── Open Notebook.onetoc2 │ │ ├── refactor.mjs │ │ ├── renameVar.mjs │ │ └── utils.mjs │ └── scriptForChromeInspectConsole.txt └── npm │ ├── getFunctions.js │ ├── getModules.js │ └── utils.js ├── minimist PoC.zip ├── misc ├── finalizeReports.js └── processReports.js ├── sailsJS_PoC ├── README └── sailsJS PoC.zip ├── semgrep ├── detectRedos&protoSemgrep.mjs ├── findEvilRe.js ├── findRegex.mjs ├── newNewProto.yaml ├── package-lock.json ├── package.json ├── redosRules.yaml ├── temp └── utils.mjs ├── taintAnalysis ├── automated-clean.js ├── depGraph.js ├── generateReport.js ├── index.js ├── renameVar.js ├── taintGraph.js └── utils.js ├── tool for manual verification ├── README.md ├── framework.zip ├── package-lock.json ├── package.json ├── public │ ├── index.html │ ├── manifest.json │ └── robots.txt ├── src │ ├── App.css │ ├── App.js │ ├── App.test.js │ ├── FileView.js │ ├── FuncView.js │ ├── Open Notebook.onetoc2 │ ├── VulnStats.js │ ├── VulnView.js │ ├── index.css │ ├── index.js │ ├── logo.svg │ ├── reportWebVitals.js │ ├── setupTests.js │ ├── storage.js │ └── utils.js └── yarn.lock └── vulnerable dataset ├── filterVulnDS.mjs ├── googleDB ├── commits │ ├── fetchCommitFuncs.mjs │ └── processCommit.mjs ├── crawlLinks.mjs ├── processLinks.mjs ├── processRestLinks.mjs └── refactor │ ├── refactor.mjs │ ├── renameVar.mjs │ └── utils.mjs ├── results.zip └── snyk ├── commits ├── fetchCommitFuncs.mjs └── processCommit.mjs ├── refactor ├── refactor.mjs ├── renameVar.mjs └── utils.mjs ├── snykPages.mjs ├── sortLinks.mjs └── vulnerable code └── fetchVulnCodeFuncs.mjs /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/.gitignore -------------------------------------------------------------------------------- /CryptoFuzzy/compareCrypto.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/CryptoFuzzy/compareCrypto.py -------------------------------------------------------------------------------- /CryptoFuzzy/compareFuzzyHash.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/CryptoFuzzy/compareFuzzyHash.py -------------------------------------------------------------------------------- /CryptoFuzzy/process-function/parseFunction.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/CryptoFuzzy/process-function/parseFunction.mjs -------------------------------------------------------------------------------- /CryptoFuzzy/refactor/refactor-tree.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/CryptoFuzzy/refactor/refactor-tree.mjs -------------------------------------------------------------------------------- /CryptoFuzzy/refactor/refactor.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/CryptoFuzzy/refactor/refactor.mjs -------------------------------------------------------------------------------- /CryptoFuzzy/refactor/renameVar.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/CryptoFuzzy/refactor/renameVar.mjs -------------------------------------------------------------------------------- /CryptoFuzzy/refactor/utils.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/CryptoFuzzy/refactor/utils.mjs -------------------------------------------------------------------------------- /CryptoFuzzy/represent.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/CryptoFuzzy/represent.mjs -------------------------------------------------------------------------------- /CryptoFuzzy/tokenize&Cryptohash.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/CryptoFuzzy/tokenize&Cryptohash.mjs -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/README.md -------------------------------------------------------------------------------- /crawl real-world functions/ext/crawlZips.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/crawl real-world functions/ext/crawlZips.mjs -------------------------------------------------------------------------------- /crawl real-world functions/ext/extractFunctions.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/crawl real-world functions/ext/extractFunctions.mjs -------------------------------------------------------------------------------- /crawl real-world functions/ext/extractZips.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/crawl real-world functions/ext/extractZips.mjs -------------------------------------------------------------------------------- /crawl real-world functions/ext/refactor/Open Notebook.onetoc2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/crawl real-world functions/ext/refactor/Open Notebook.onetoc2 -------------------------------------------------------------------------------- /crawl real-world functions/ext/refactor/refactor.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/crawl real-world functions/ext/refactor/refactor.mjs -------------------------------------------------------------------------------- /crawl real-world functions/ext/refactor/renameVar.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/crawl real-world functions/ext/refactor/renameVar.mjs -------------------------------------------------------------------------------- /crawl real-world functions/ext/refactor/utils.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/crawl real-world functions/ext/refactor/utils.mjs -------------------------------------------------------------------------------- /crawl real-world functions/ext/scriptForChromeInspectConsole.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/crawl real-world functions/ext/scriptForChromeInspectConsole.txt -------------------------------------------------------------------------------- /crawl real-world functions/npm/getFunctions.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/crawl real-world functions/npm/getFunctions.js -------------------------------------------------------------------------------- /crawl real-world functions/npm/getModules.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/crawl real-world functions/npm/getModules.js -------------------------------------------------------------------------------- /crawl real-world functions/npm/utils.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/crawl real-world functions/npm/utils.js -------------------------------------------------------------------------------- /minimist PoC.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/minimist PoC.zip -------------------------------------------------------------------------------- /misc/finalizeReports.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/misc/finalizeReports.js -------------------------------------------------------------------------------- /misc/processReports.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/misc/processReports.js -------------------------------------------------------------------------------- /sailsJS_PoC/README: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/sailsJS_PoC/README -------------------------------------------------------------------------------- /sailsJS_PoC/sailsJS PoC.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/sailsJS_PoC/sailsJS PoC.zip -------------------------------------------------------------------------------- /semgrep/detectRedos&protoSemgrep.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/semgrep/detectRedos&protoSemgrep.mjs -------------------------------------------------------------------------------- /semgrep/findEvilRe.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/semgrep/findEvilRe.js -------------------------------------------------------------------------------- /semgrep/findRegex.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/semgrep/findRegex.mjs -------------------------------------------------------------------------------- /semgrep/newNewProto.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/semgrep/newNewProto.yaml -------------------------------------------------------------------------------- /semgrep/package-lock.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/semgrep/package-lock.json -------------------------------------------------------------------------------- /semgrep/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/semgrep/package.json -------------------------------------------------------------------------------- /semgrep/redosRules.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/semgrep/redosRules.yaml -------------------------------------------------------------------------------- /semgrep/temp: -------------------------------------------------------------------------------- 1 | d 2 | -------------------------------------------------------------------------------- /semgrep/utils.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/semgrep/utils.mjs -------------------------------------------------------------------------------- /taintAnalysis/automated-clean.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/taintAnalysis/automated-clean.js -------------------------------------------------------------------------------- /taintAnalysis/depGraph.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/taintAnalysis/depGraph.js -------------------------------------------------------------------------------- /taintAnalysis/generateReport.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/taintAnalysis/generateReport.js -------------------------------------------------------------------------------- /taintAnalysis/index.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/taintAnalysis/index.js -------------------------------------------------------------------------------- /taintAnalysis/renameVar.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/taintAnalysis/renameVar.js -------------------------------------------------------------------------------- /taintAnalysis/taintGraph.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/taintAnalysis/taintGraph.js -------------------------------------------------------------------------------- /taintAnalysis/utils.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/taintAnalysis/utils.js -------------------------------------------------------------------------------- /tool for manual verification/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/README.md -------------------------------------------------------------------------------- /tool for manual verification/framework.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/framework.zip -------------------------------------------------------------------------------- /tool for manual verification/package-lock.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/package-lock.json -------------------------------------------------------------------------------- /tool for manual verification/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/package.json -------------------------------------------------------------------------------- /tool for manual verification/public/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/public/index.html -------------------------------------------------------------------------------- /tool for manual verification/public/manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/public/manifest.json -------------------------------------------------------------------------------- /tool for manual verification/public/robots.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/public/robots.txt -------------------------------------------------------------------------------- /tool for manual verification/src/App.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/src/App.css -------------------------------------------------------------------------------- /tool for manual verification/src/App.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/src/App.js -------------------------------------------------------------------------------- /tool for manual verification/src/App.test.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/src/App.test.js -------------------------------------------------------------------------------- /tool for manual verification/src/FileView.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/src/FileView.js -------------------------------------------------------------------------------- /tool for manual verification/src/FuncView.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/src/FuncView.js -------------------------------------------------------------------------------- /tool for manual verification/src/Open Notebook.onetoc2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/src/Open Notebook.onetoc2 -------------------------------------------------------------------------------- /tool for manual verification/src/VulnStats.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/src/VulnStats.js -------------------------------------------------------------------------------- /tool for manual verification/src/VulnView.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/src/VulnView.js -------------------------------------------------------------------------------- /tool for manual verification/src/index.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/src/index.css -------------------------------------------------------------------------------- /tool for manual verification/src/index.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/src/index.js -------------------------------------------------------------------------------- /tool for manual verification/src/logo.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/src/logo.svg -------------------------------------------------------------------------------- /tool for manual verification/src/reportWebVitals.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/src/reportWebVitals.js -------------------------------------------------------------------------------- /tool for manual verification/src/setupTests.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/src/setupTests.js -------------------------------------------------------------------------------- /tool for manual verification/src/storage.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/src/storage.js -------------------------------------------------------------------------------- /tool for manual verification/src/utils.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/src/utils.js -------------------------------------------------------------------------------- /tool for manual verification/yarn.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/tool for manual verification/yarn.lock -------------------------------------------------------------------------------- /vulnerable dataset/filterVulnDS.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/filterVulnDS.mjs -------------------------------------------------------------------------------- /vulnerable dataset/googleDB/commits/fetchCommitFuncs.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/googleDB/commits/fetchCommitFuncs.mjs -------------------------------------------------------------------------------- /vulnerable dataset/googleDB/commits/processCommit.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/googleDB/commits/processCommit.mjs -------------------------------------------------------------------------------- /vulnerable dataset/googleDB/crawlLinks.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/googleDB/crawlLinks.mjs -------------------------------------------------------------------------------- /vulnerable dataset/googleDB/processLinks.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/googleDB/processLinks.mjs -------------------------------------------------------------------------------- /vulnerable dataset/googleDB/processRestLinks.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/googleDB/processRestLinks.mjs -------------------------------------------------------------------------------- /vulnerable dataset/googleDB/refactor/refactor.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/googleDB/refactor/refactor.mjs -------------------------------------------------------------------------------- /vulnerable dataset/googleDB/refactor/renameVar.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/googleDB/refactor/renameVar.mjs -------------------------------------------------------------------------------- /vulnerable dataset/googleDB/refactor/utils.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/googleDB/refactor/utils.mjs -------------------------------------------------------------------------------- /vulnerable dataset/results.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/results.zip -------------------------------------------------------------------------------- /vulnerable dataset/snyk/commits/fetchCommitFuncs.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/snyk/commits/fetchCommitFuncs.mjs -------------------------------------------------------------------------------- /vulnerable dataset/snyk/commits/processCommit.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/snyk/commits/processCommit.mjs -------------------------------------------------------------------------------- /vulnerable dataset/snyk/refactor/refactor.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/snyk/refactor/refactor.mjs -------------------------------------------------------------------------------- /vulnerable dataset/snyk/refactor/renameVar.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/snyk/refactor/renameVar.mjs -------------------------------------------------------------------------------- /vulnerable dataset/snyk/refactor/utils.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/snyk/refactor/utils.mjs -------------------------------------------------------------------------------- /vulnerable dataset/snyk/snykPages.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/snyk/snykPages.mjs -------------------------------------------------------------------------------- /vulnerable dataset/snyk/sortLinks.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/snyk/sortLinks.mjs -------------------------------------------------------------------------------- /vulnerable dataset/snyk/vulnerable code/fetchVulnCodeFuncs.mjs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Marynk/JavaScript-vulnerability-detection/HEAD/vulnerable dataset/snyk/vulnerable code/fetchVulnCodeFuncs.mjs --------------------------------------------------------------------------------