Document details

JavaScript is nowadays one of the most popular programming languages in the world. Due to its increasing use in different contexts, many problems have arisen that have been addressed recently. JavaScript code analysis has been regarded for some time as a challenge in several areas due to the language's dynamic nature, and being an interpreted language, applications using JavaScript may be exposed to all kinds of security problems. To tackle some of these problems, solutions have been developed using techniques such as runtime analysis or static analysis. Coming up with a solution that can not only identify the libraries, but also the contexts of an application by analysing the source code alone may have several uses in areas such as marketing, sales, building a set of data to support automatic learning machines as well as the configuration or previous selection of applications that fit the context or that play well with certain libraries. Therefore, in this dissertation, a modular application was developed that is capable of detecting or inferring the usage of libraries and the context of a certain application, from the static analysis of its source code. The solution was divided into three modules, each of them responsible for different tasks but all necessary for the final goal. The main tasks were retrieving JavaScript open-source libraries hosted in public repositories such as GitHub, collection of indicators to detect the context and the exported API. This data will be used on the detection and inference of libraries used, as well as the context of files or JavaScript applications submitted for evaluation. The solution was validated by analysing its precision and sensitivity through the submission of previously classified projects, and when possible, by comparing the identified libraries through the metadata and imports with the ones that were inferred by external API calls.