Asund: Solução de classificação estática em Node.js para aplicações JavaScript
Autor(a) principal: | |
---|---|
Data de Publicação: | 2017 |
Tipo de documento: | Dissertação |
Idioma: | por |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | https://hdl.handle.net/10216/106076 |
Resumo: | JavaScript is nowadays one of the most popular programming languages in the world. Due to its increasing use in different contexts, many problems have arisen that have been addressed recently. JavaScript code analysis has been regarded for some time as a challenge in several areas due to the language's dynamic nature, and being an interpreted language, applications using JavaScript may be exposed to all kinds of security problems. To tackle some of these problems, solutions have been developed using techniques such as runtime analysis or static analysis. Coming up with a solution that can not only identify the libraries, but also the contexts of an application by analysing the source code alone may have several uses in areas such as marketing, sales, building a set of data to support automatic learning machines as well as the configuration or previous selection of applications that fit the context or that play well with certain libraries. Therefore, in this dissertation, a modular application was developed that is capable of detecting or inferring the usage of libraries and the context of a certain application, from the static analysis of its source code. The solution was divided into three modules, each of them responsible for different tasks but all necessary for the final goal. The main tasks were retrieving JavaScript open-source libraries hosted in public repositories such as GitHub, collection of indicators to detect the context and the exported API. This data will be used on the detection and inference of libraries used, as well as the context of files or JavaScript applications submitted for evaluation. The solution was validated by analysing its precision and sensitivity through the submission of previously classified projects, and when possible, by comparing the identified libraries through the metadata and imports with the ones that were inferred by external API calls. |
id |
RCAP_9ac570a6b80f6d74b7bcf97d73db90e7 |
---|---|
oai_identifier_str |
oai:repositorio-aberto.up.pt:10216/106076 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Asund: Solução de classificação estática em Node.js para aplicações JavaScriptEngenharia electrotécnica, electrónica e informáticaElectrical engineering, Electronic engineering, Information engineeringJavaScript is nowadays one of the most popular programming languages in the world. Due to its increasing use in different contexts, many problems have arisen that have been addressed recently. JavaScript code analysis has been regarded for some time as a challenge in several areas due to the language's dynamic nature, and being an interpreted language, applications using JavaScript may be exposed to all kinds of security problems. To tackle some of these problems, solutions have been developed using techniques such as runtime analysis or static analysis. Coming up with a solution that can not only identify the libraries, but also the contexts of an application by analysing the source code alone may have several uses in areas such as marketing, sales, building a set of data to support automatic learning machines as well as the configuration or previous selection of applications that fit the context or that play well with certain libraries. Therefore, in this dissertation, a modular application was developed that is capable of detecting or inferring the usage of libraries and the context of a certain application, from the static analysis of its source code. The solution was divided into three modules, each of them responsible for different tasks but all necessary for the final goal. The main tasks were retrieving JavaScript open-source libraries hosted in public repositories such as GitHub, collection of indicators to detect the context and the exported API. This data will be used on the detection and inference of libraries used, as well as the context of files or JavaScript applications submitted for evaluation. The solution was validated by analysing its precision and sensitivity through the submission of previously classified projects, and when possible, by comparing the identified libraries through the metadata and imports with the ones that were inferred by external API calls.2017-07-112017-07-11T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttps://hdl.handle.net/10216/106076porAntónio Cardoso Soaresinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-29T14:03:56Zoai:repositorio-aberto.up.pt:10216/106076Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T23:53:50.256429Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Asund: Solução de classificação estática em Node.js para aplicações JavaScript |
title |
Asund: Solução de classificação estática em Node.js para aplicações JavaScript |
spellingShingle |
Asund: Solução de classificação estática em Node.js para aplicações JavaScript António Cardoso Soares Engenharia electrotécnica, electrónica e informática Electrical engineering, Electronic engineering, Information engineering |
title_short |
Asund: Solução de classificação estática em Node.js para aplicações JavaScript |
title_full |
Asund: Solução de classificação estática em Node.js para aplicações JavaScript |
title_fullStr |
Asund: Solução de classificação estática em Node.js para aplicações JavaScript |
title_full_unstemmed |
Asund: Solução de classificação estática em Node.js para aplicações JavaScript |
title_sort |
Asund: Solução de classificação estática em Node.js para aplicações JavaScript |
author |
António Cardoso Soares |
author_facet |
António Cardoso Soares |
author_role |
author |
dc.contributor.author.fl_str_mv |
António Cardoso Soares |
dc.subject.por.fl_str_mv |
Engenharia electrotécnica, electrónica e informática Electrical engineering, Electronic engineering, Information engineering |
topic |
Engenharia electrotécnica, electrónica e informática Electrical engineering, Electronic engineering, Information engineering |
description |
JavaScript is nowadays one of the most popular programming languages in the world. Due to its increasing use in different contexts, many problems have arisen that have been addressed recently. JavaScript code analysis has been regarded for some time as a challenge in several areas due to the language's dynamic nature, and being an interpreted language, applications using JavaScript may be exposed to all kinds of security problems. To tackle some of these problems, solutions have been developed using techniques such as runtime analysis or static analysis. Coming up with a solution that can not only identify the libraries, but also the contexts of an application by analysing the source code alone may have several uses in areas such as marketing, sales, building a set of data to support automatic learning machines as well as the configuration or previous selection of applications that fit the context or that play well with certain libraries. Therefore, in this dissertation, a modular application was developed that is capable of detecting or inferring the usage of libraries and the context of a certain application, from the static analysis of its source code. The solution was divided into three modules, each of them responsible for different tasks but all necessary for the final goal. The main tasks were retrieving JavaScript open-source libraries hosted in public repositories such as GitHub, collection of indicators to detect the context and the exported API. This data will be used on the detection and inference of libraries used, as well as the context of files or JavaScript applications submitted for evaluation. The solution was validated by analysing its precision and sensitivity through the submission of previously classified projects, and when possible, by comparing the identified libraries through the metadata and imports with the ones that were inferred by external API calls. |
publishDate |
2017 |
dc.date.none.fl_str_mv |
2017-07-11 2017-07-11T00:00:00Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
https://hdl.handle.net/10216/106076 |
url |
https://hdl.handle.net/10216/106076 |
dc.language.iso.fl_str_mv |
por |
language |
por |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799135858392039425 |