├── .bookignore ├── .gitignore ├── .well-known └── security.txt ├── CONTRIBUTING.md ├── CONTRIBUTORS.md ├── LICENSE ├── Makefile ├── README.md ├── SUMMARY.md ├── app.yaml ├── appendix ├── .gitignore ├── bad-pattern-grep │ └── experiment.py ├── dyn-load │ └── experiment.py ├── experiments.md ├── jsconf │ ├── conformance_proto.textproto │ └── experiment.py ├── lazy-load │ └── experiment.py ├── py_common │ ├── __init__.py │ └── npm.py ├── test-code │ └── experiment.py ├── top100.txt └── uses-scripts │ └── experiment.py ├── book.json.withcomments ├── chapter-1 ├── recap.md ├── threat-0DY.md ├── threat-BOF.md ├── threat-CRY.md ├── threat-DEX.md ├── threat-DOS.md ├── threat-EXF.md ├── threat-LQC.md ├── threat-MTP.md ├── threat-QUI.md ├── threat-RCE.md ├── threat-SHP.md ├── threat-UIR.md └── threats.md ├── chapter-2 ├── bounded-eval.md ├── bundling.md ├── dynamism.md ├── example │ ├── .gitignore │ ├── graphs │ │ ├── filtered.dot │ │ ├── filtered.svg │ │ ├── full.dot │ │ └── full.svg │ ├── index.js │ ├── lib │ │ ├── dynamic.js │ │ ├── lazy.js │ │ ├── opt2.js │ │ └── static.js │ ├── make_dep_graph.sh │ ├── package.json │ └── test │ │ └── test.js ├── experiments │ └── webpack-compat │ │ ├── .gitignore │ │ ├── goodbye.js │ │ ├── hello.js │ │ ├── index.js │ │ ├── package.json │ │ ├── test-utils.js │ │ ├── test.sh │ │ ├── test │ │ └── test.js │ │ └── webpack.config.js ├── source-contents.md ├── synthetic-modules.md └── what-about-eval.md ├── chapter-3 └── knowing_dependencies.md ├── chapter-4 └── close_dependencies.md ├── chapter-5 └── oversight.md ├── chapter-6 └── failing.md ├── chapter-7 ├── child-processes.md ├── examples │ ├── sh │ │ ├── index.js │ │ ├── package.json │ │ └── test │ │ │ └── test.js │ └── sql │ │ ├── index.js │ │ ├── package.json │ │ └── test │ │ └── test.js ├── libraries.md ├── query-langs.md └── structured-strings.md ├── cover.md ├── images ├── FileExternal.svg ├── GitHub-Mark-32px.png ├── ic_print_24dp.svg └── npmjs-node.png ├── license.md ├── package.json ├── styles └── website.css └── third_party ├── __init__.py └── jslex ├── __init__.py └── jslex.py /.bookignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/.bookignore -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/.gitignore -------------------------------------------------------------------------------- /.well-known/security.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/.well-known/security.txt -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /CONTRIBUTORS.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/CONTRIBUTORS.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/README.md -------------------------------------------------------------------------------- /SUMMARY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/SUMMARY.md -------------------------------------------------------------------------------- /app.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/app.yaml -------------------------------------------------------------------------------- /appendix/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/appendix/.gitignore -------------------------------------------------------------------------------- /appendix/bad-pattern-grep/experiment.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/appendix/bad-pattern-grep/experiment.py -------------------------------------------------------------------------------- /appendix/dyn-load/experiment.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/appendix/dyn-load/experiment.py -------------------------------------------------------------------------------- /appendix/experiments.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/appendix/experiments.md -------------------------------------------------------------------------------- /appendix/jsconf/conformance_proto.textproto: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/appendix/jsconf/conformance_proto.textproto -------------------------------------------------------------------------------- /appendix/jsconf/experiment.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/appendix/jsconf/experiment.py -------------------------------------------------------------------------------- /appendix/lazy-load/experiment.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/appendix/lazy-load/experiment.py -------------------------------------------------------------------------------- /appendix/py_common/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/appendix/py_common/__init__.py -------------------------------------------------------------------------------- /appendix/py_common/npm.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/appendix/py_common/npm.py -------------------------------------------------------------------------------- /appendix/test-code/experiment.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/appendix/test-code/experiment.py -------------------------------------------------------------------------------- /appendix/top100.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/appendix/top100.txt -------------------------------------------------------------------------------- /appendix/uses-scripts/experiment.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/appendix/uses-scripts/experiment.py -------------------------------------------------------------------------------- /book.json.withcomments: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/book.json.withcomments -------------------------------------------------------------------------------- /chapter-1/recap.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-1/recap.md -------------------------------------------------------------------------------- /chapter-1/threat-0DY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-1/threat-0DY.md -------------------------------------------------------------------------------- /chapter-1/threat-BOF.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-1/threat-BOF.md -------------------------------------------------------------------------------- /chapter-1/threat-CRY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-1/threat-CRY.md -------------------------------------------------------------------------------- /chapter-1/threat-DEX.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-1/threat-DEX.md -------------------------------------------------------------------------------- /chapter-1/threat-DOS.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-1/threat-DOS.md -------------------------------------------------------------------------------- /chapter-1/threat-EXF.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-1/threat-EXF.md -------------------------------------------------------------------------------- /chapter-1/threat-LQC.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-1/threat-LQC.md -------------------------------------------------------------------------------- /chapter-1/threat-MTP.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-1/threat-MTP.md -------------------------------------------------------------------------------- /chapter-1/threat-QUI.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-1/threat-QUI.md -------------------------------------------------------------------------------- /chapter-1/threat-RCE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-1/threat-RCE.md -------------------------------------------------------------------------------- /chapter-1/threat-SHP.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-1/threat-SHP.md -------------------------------------------------------------------------------- /chapter-1/threat-UIR.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-1/threat-UIR.md -------------------------------------------------------------------------------- /chapter-1/threats.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-1/threats.md -------------------------------------------------------------------------------- /chapter-2/bounded-eval.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/bounded-eval.md -------------------------------------------------------------------------------- /chapter-2/bundling.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/bundling.md -------------------------------------------------------------------------------- /chapter-2/dynamism.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/dynamism.md -------------------------------------------------------------------------------- /chapter-2/example/.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | -------------------------------------------------------------------------------- /chapter-2/example/graphs/filtered.dot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/example/graphs/filtered.dot -------------------------------------------------------------------------------- /chapter-2/example/graphs/filtered.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/example/graphs/filtered.svg -------------------------------------------------------------------------------- /chapter-2/example/graphs/full.dot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/example/graphs/full.dot -------------------------------------------------------------------------------- /chapter-2/example/graphs/full.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/example/graphs/full.svg -------------------------------------------------------------------------------- /chapter-2/example/index.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/example/index.js -------------------------------------------------------------------------------- /chapter-2/example/lib/dynamic.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/example/lib/dynamic.js -------------------------------------------------------------------------------- /chapter-2/example/lib/lazy.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/example/lib/lazy.js -------------------------------------------------------------------------------- /chapter-2/example/lib/opt2.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/example/lib/opt2.js -------------------------------------------------------------------------------- /chapter-2/example/lib/static.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/example/lib/static.js -------------------------------------------------------------------------------- /chapter-2/example/make_dep_graph.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/example/make_dep_graph.sh -------------------------------------------------------------------------------- /chapter-2/example/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/example/package.json -------------------------------------------------------------------------------- /chapter-2/example/test/test.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/example/test/test.js -------------------------------------------------------------------------------- /chapter-2/experiments/webpack-compat/.gitignore: -------------------------------------------------------------------------------- 1 | dist 2 | node_modules -------------------------------------------------------------------------------- /chapter-2/experiments/webpack-compat/goodbye.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/experiments/webpack-compat/goodbye.js -------------------------------------------------------------------------------- /chapter-2/experiments/webpack-compat/hello.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/experiments/webpack-compat/hello.js -------------------------------------------------------------------------------- /chapter-2/experiments/webpack-compat/index.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/experiments/webpack-compat/index.js -------------------------------------------------------------------------------- /chapter-2/experiments/webpack-compat/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/experiments/webpack-compat/package.json -------------------------------------------------------------------------------- /chapter-2/experiments/webpack-compat/test-utils.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/experiments/webpack-compat/test-utils.js -------------------------------------------------------------------------------- /chapter-2/experiments/webpack-compat/test.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/experiments/webpack-compat/test.sh -------------------------------------------------------------------------------- /chapter-2/experiments/webpack-compat/test/test.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/experiments/webpack-compat/test/test.js -------------------------------------------------------------------------------- /chapter-2/experiments/webpack-compat/webpack.config.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/experiments/webpack-compat/webpack.config.js -------------------------------------------------------------------------------- /chapter-2/source-contents.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/source-contents.md -------------------------------------------------------------------------------- /chapter-2/synthetic-modules.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/synthetic-modules.md -------------------------------------------------------------------------------- /chapter-2/what-about-eval.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-2/what-about-eval.md -------------------------------------------------------------------------------- /chapter-3/knowing_dependencies.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-3/knowing_dependencies.md -------------------------------------------------------------------------------- /chapter-4/close_dependencies.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-4/close_dependencies.md -------------------------------------------------------------------------------- /chapter-5/oversight.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-5/oversight.md -------------------------------------------------------------------------------- /chapter-6/failing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-6/failing.md -------------------------------------------------------------------------------- /chapter-7/child-processes.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-7/child-processes.md -------------------------------------------------------------------------------- /chapter-7/examples/sh/index.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-7/examples/sh/index.js -------------------------------------------------------------------------------- /chapter-7/examples/sh/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-7/examples/sh/package.json -------------------------------------------------------------------------------- /chapter-7/examples/sh/test/test.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-7/examples/sh/test/test.js -------------------------------------------------------------------------------- /chapter-7/examples/sql/index.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-7/examples/sql/index.js -------------------------------------------------------------------------------- /chapter-7/examples/sql/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-7/examples/sql/package.json -------------------------------------------------------------------------------- /chapter-7/examples/sql/test/test.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-7/examples/sql/test/test.js -------------------------------------------------------------------------------- /chapter-7/libraries.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-7/libraries.md -------------------------------------------------------------------------------- /chapter-7/query-langs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-7/query-langs.md -------------------------------------------------------------------------------- /chapter-7/structured-strings.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/chapter-7/structured-strings.md -------------------------------------------------------------------------------- /cover.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/cover.md -------------------------------------------------------------------------------- /images/FileExternal.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/images/FileExternal.svg -------------------------------------------------------------------------------- /images/GitHub-Mark-32px.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/images/GitHub-Mark-32px.png -------------------------------------------------------------------------------- /images/ic_print_24dp.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/images/ic_print_24dp.svg -------------------------------------------------------------------------------- /images/npmjs-node.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/images/npmjs-node.png -------------------------------------------------------------------------------- /license.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/license.md -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/package.json -------------------------------------------------------------------------------- /styles/website.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/styles/website.css -------------------------------------------------------------------------------- /third_party/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/third_party/__init__.py -------------------------------------------------------------------------------- /third_party/jslex/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/third_party/jslex/__init__.py -------------------------------------------------------------------------------- /third_party/jslex/jslex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/node-sec-roadmap/HEAD/third_party/jslex/jslex.py --------------------------------------------------------------------------------