Research And Implementation Of JavaScript Application Vulnerability Detection Tool Based On Stain Analysis

The Internet technology is developing rapidly,which has been through several generations of changes,from the earliest desktop era,to the current mobile phone era.Although the users' devices are constantly changing,they have always been accessing information by web pages.The variability of the web also allows viruses to have an opportunity.Web programming language is JavaScript.In recent years,with the rise of Web Application,web has been depending more on JavaScript.Meanwhile,with the development of Node.js,and its asynchronous programming philosophy,JavaScript has become more available in backend programming.However,the relevant safety tools for the JavaScript have not been developed accordingly.To solve this problem,this paper is focused on a JavaScript application vulnerability detection tool based on stain analysis.This paper analyzed the static testing tools used in various programming languages in the current international community,also studied the theoretical fundamentals of static testing tools.Finally,by studying deeply into JavaScript standards,this paper designed a complete stain analysis algorithm,created a JavaScript vulnerability detection tools,the specific content are as follows:1.By analyzing the current status of the web applications,this section mainly describes the research background and research value of JavaScript vulnerability detection tools based on the stain analysis.It also elaborates the research and present situation of the predecessors in the field of stain analysis and static inspection.2.This paper describes the key technologies which are needed in the tool research and implementation,including the lexical analysis,syntax analysis and abstract syntax tree that are used in the research,as well as the TypeScript,Node.js and test-driven Development and other technologies that are used in the implementation.3.I also completed the design of the tool architecture and algorithm.According to the needs of the tool architecture,the tool has been designed in modular architecture,including lexical analyzer,syntax analyzer and the core algorithm of stain analysis,eventually the attack path map was generated.The core algorithms used in the tool are described in detail,which are the abstract syntax tree pretreatment algorithm based on depth-first traversal and the stain analysis core algorithm.4.According to the design of the tool architecture and algorithm,I have completed the lexical analyzer,grammar analysis and core stain analysis algorithm of the tool,and generated the attack path map.At the same time,I implemented the algorithm,and the experiment shows that the algorithm is effective.5.The platform and algorithm are tested,including every module,to ensure the stability,compatibility and security of the system.Based on the paper,I analyzed the problems of the algorithm that have been showed up,and put forward the prospect of the future development of JavaScript vulnerability detection.