Question about the cross-files invocation

Question

Question about the cross-files invocation

YichaoXu opened this issue 2 years ago · comments

Dear developers of JSTAP,

I notice that jstap accepts multiple JS files as inputs, so I was wondering whether the jstap is able to construct the control flow and dataflow following some functions like module.exports and requires("...") in the NodeJS.

Many thanks

Aurore Fass · Answer 1 · Sat Aug 27 2022 07:33:55 GMT+0800 (China Standard Time)

Hi Yichao,

So sorry for the late reply. No, JStap does not handle multiple files so far.
When you give several files as input, they are handled separately. This is equivalent to calling JStap on each file individually.

Note: if you are interested specifically in control and data flow analysis (and not the malicious JS part), you can find a refined version of our static analysis here. This was evaluated on browser extensions :)

Yichao Xu · Answer 2 · Sun Aug 28 2022 03:10:52 GMT+0800 (China Standard Time)

Hi Yichao,

So sorry for the late reply. No, JStap does not handle multiple files so far. When you give several files as input, they are handled separately. This is equivalent to calling JStap on each file individually.

Note: if you are interested specifically in control and data flow analysis (and not the malicious JS part), you can find a refined version of our static analysis here. This was evaluated on browser extensions :)

Hi Aurore54F,

Thank you a lot for your answer. That is helpful.

Many thanks