English
Related papers

Related papers: Code-based Vulnerability Detection in Node.js Appl…

200 papers

Open-source libraries are widely used by software developers to speed up the development of products, however, they can introduce security vulnerabilities, leading to incidents like Log4Shell. With the expanding usage of open-source…

Code search is a core software engineering task. Effective code search tools can help developers substantially improve their software development efficiency and effectiveness. In recent years, many code search studies have leveraged…

Software Engineering · Computer Science 2021-10-12 Chao Liu , Xin Xia , David Lo , Cuiyun Gao , Xiaohu Yang , John Grundy

Node.js provides Node.js applications with system interaction capabilities using system calls. However, such convenience comes with a price, i.e., the attack surface of JavaScript arbitrary code execution (ACE) vulnerabilities is expanded…

Cryptography and Security · Computer Science 2023-06-27 Wenya Wang , Xingwei Lin , Jingyi Wang , Wang Gao , Dawu Gu , Wei Lv , Jiashui Wang

The Open Source Software movement has been growing exponentially for a number of years with no signs of slowing. Driving this growth is the widespread availability of libraries and frameworks that provide many functionalities. Developers…

Software Engineering · Computer Science 2022-06-22 Stan Zajdel , Diego Elias Costa , Hafedh Mili

Software reuse may result in software bloat when significant portions of application dependencies are effectively unused. Several tools exist to remove unused (byte)code from an application or its dependencies, thus producing smaller…

Software Engineering · Computer Science 2021-08-12 Serena Elisa Ponta , Wolfram Fischer , Henrik Plate , Antonino Sabetta

Currently, Application Programming Interfaces (APIs) are becoming increasingly popular to facilitate data transfer in a variety of mobile applications. These APIs often process sensitive user information through their endpoints, which are…

Cryptography and Security · Computer Science 2023-10-24 Nate Haris , Kendree Chen , Ann Song , Benjamin Pou

Following code style conventions in software projects is essential for maintaining overall code quality. Adhering to these conventions improves maintainability, understandability, and extensibility. Additionally, following best practices…

Software Engineering · Computer Science 2026-01-16 Alvari Kupari , Nasser Giacaman , Valerio Terragni

Dynamic code, i.e., code that is created or modified at runtime, is ubiquitous in today's world. The behavior of dynamic code can depend on the logic of the dynamic code generator in subtle and non-obvious ways, with significant security…

Cryptography and Security · Computer Science 2019-10-31 Jesse Bartels , Jon Stephens , Saumya Debray

Security vulnerabilities present in a code that has been written in diverse programming languages are among the most critical yet complicated aspects of source code to detect. Static analysis tools based on rule-based patterns usually do…

Cryptography and Security · Computer Science 2025-08-19 Hael Abdulhakim Ali Humran , Ferdi Sonmez

Java programming language has been long used to develop native Android mobile applications. In the last few years many companies and freelancers have switched into using Kotlin partially or entirely. As such, many projects are released as…

Cryptography and Security · Computer Science 2021-05-21 Fadi Mohsen , Loran Oosterhaven , Fatih Turkmen

JavaScript is an increasingly popular language for server-side development, thanks in part to the Node.js runtime environment and its vast ecosystem of modules. With the Node.js package manager npm, users are able to easily include external…

Software Engineering · Computer Science 2021-10-28 Alexi Turcotte , Ellen Arteca , Ashish Mishra , Saba Alimadadi , Frank Tip

The immense amounts of source code provide ample challenges and opportunities during software development. To handle the size of code bases, developers commonly search for code, e.g., when trying to find where a particular feature is…

Software Engineering · Computer Science 2022-10-06 Luca Di Grazia , Michael Pradel

With the continuous growth of the internet market, games are becoming more and more popular worldwide. However, increased market competition for game demands developers to write more efficient games in terms of performance, security, and…

Software Engineering · Computer Science 2020-02-17 Vartika Agrahari , Sridhar Chimalakonda

The increasing development speed via Agile may introduce overlooked security steps in the process, with an example being the Iowa Caucus application. Verifying the protection of confidential information such as social security numbers…

Cryptography and Security · Computer Science 2022-01-20 Miles Frantz

Software vulnerabilities, caused by unintentional flaws in source code, are a primary root cause of cyberattacks. Static analysis of source code has been widely used to detect these unintentional defects introduced by software developers.…

Software Engineering · Computer Science 2024-08-08 Andrew A Mahyari

Static security analysis is a widely used technique for detecting software vulnerabilities across a wide range of weaknesses, application domains, and programming languages. While prior work surveyed static analyzes for specific weaknesses…

Cryptography and Security · Computer Science 2026-02-23 Kevin Hermann , Sven Peldszus , Thorsten Berger

Developing automated and smart software vulnerability detection models has been receiving great attention from both research and development communities. One of the biggest challenges in this area is the lack of code samples for all…

Software Engineering · Computer Science 2023-03-14 Khadija Hanifi , Ramin F Fouladi , Basak Gencer Unsalver , Goksu Karadag

The popularity and wide adoption of JavaScript both at the client and server side makes its code analysis more important than ever before. Most of the algorithms for vulnerability analysis, coding issue detection, or type inference rely on…

Software Engineering · Computer Science 2024-05-14 Gábor Antal , Péter Hegedűs , Zoltán Tóth , Rudolf Ferenc , Tibor Gyimóthy

HTML5-based mobile apps become more and more popular, mostly because they are much easier to be ported across different mobile platforms than native apps. HTML5-based apps are implemented using the standard web technologies, including…

Cryptography and Security · Computer Science 2014-10-29 Xing Jin , Tongbo Luo , Derek G. Tsui , Wenliang Du

As our lives, our businesses, and indeed our world economy become increasingly reliant on the secure operation of many interconnected software systems, the software engineering research community is faced with unprecedented research…

Software Engineering · Computer Science 2024-09-27 Marcel Böhme , Eric Bodden , Tevfik Bultan , Cristian Cadar , Yang Liu , Giuseppe Scanniello