{"id":"https://openalex.org/W3214543233","doi":"https://doi.org/10.1109/icse-seip55303.2022.9794015","title":"InspectJS: Leveraging Code Similarity and User-Feedback for Effective Taint Specification Inference for JavaScript","display_name":"InspectJS: Leveraging Code Similarity and User-Feedback for Effective Taint Specification Inference for JavaScript","publication_year":2022,"publication_date":"2022-05-01","ids":{"openalex":"https://openalex.org/W3214543233","doi":"https://doi.org/10.1109/icse-seip55303.2022.9794015","mag":"3214543233"},"language":"en","primary_location":{"id":"doi:10.1109/icse-seip55303.2022.9794015","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icse-seip55303.2022.9794015","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE/ACM 44th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://sedici.unlp.edu.ar/handle/10915/151643","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5063258857","display_name":"Saikat Dutta","orcid":"https://orcid.org/0000-0001-6021-5407"},"institutions":[{"id":"https://openalex.org/I183874917","display_name":"Urbana University","ror":"https://ror.org/04kp3hw27","country_code":"US","type":"education","lineage":["https://openalex.org/I183874917"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Saikat Dutta","raw_affiliation_strings":["UIUC,Urbana,USA","UIUC, Urbana, USA"],"affiliations":[{"raw_affiliation_string":"UIUC,Urbana,USA","institution_ids":["https://openalex.org/I183874917"]},{"raw_affiliation_string":"UIUC, Urbana, USA","institution_ids":["https://openalex.org/I183874917"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047743678","display_name":"Diego Garbervetsky","orcid":"https://orcid.org/0000-0003-4180-7196"},"institutions":[{"id":"https://openalex.org/I4210144290","display_name":"Institute of Astronomy and Space Physics","ror":"https://ror.org/03rq94151","country_code":"AR","type":"facility","lineage":["https://openalex.org/I151201029","https://openalex.org/I24354313","https://openalex.org/I4210123736","https://openalex.org/I4210144290","https://openalex.org/I4387155568"]},{"id":"https://openalex.org/I151201029","display_name":"Consejo Nacional de Investigaciones Cient\u00edficas y T\u00e9cnicas","ror":"https://ror.org/03cqe8w59","country_code":"AR","type":"funder","lineage":["https://openalex.org/I151201029","https://openalex.org/I4210123736","https://openalex.org/I4387155568"]}],"countries":["AR"],"is_corresponding":false,"raw_author_name":"Diego Garbervetsky","raw_affiliation_strings":["DC/UBA. ICC/CONICET,Buenos Aires,Argentina","DC/UBA. ICC/CONICET, Buenos Aires, Argentina"],"affiliations":[{"raw_affiliation_string":"DC/UBA. ICC/CONICET,Buenos Aires,Argentina","institution_ids":["https://openalex.org/I4210144290","https://openalex.org/I151201029"]},{"raw_affiliation_string":"DC/UBA. ICC/CONICET, Buenos Aires, Argentina","institution_ids":["https://openalex.org/I151201029"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041084431","display_name":"Shuvendu K. Lahiri","orcid":"https://orcid.org/0000-0002-4446-4777"},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]},{"id":"https://openalex.org/I58610484","display_name":"Seattle University","ror":"https://ror.org/02jqc0m91","country_code":"US","type":"education","lineage":["https://openalex.org/I58610484"]},{"id":"https://openalex.org/I4210164937","display_name":"Microsoft Research (United Kingdom)","ror":"https://ror.org/05k87vq12","country_code":"GB","type":"company","lineage":["https://openalex.org/I1290206253","https://openalex.org/I4210164937"]}],"countries":["GB","US"],"is_corresponding":false,"raw_author_name":"Shuvendu K. Lahiri","raw_affiliation_strings":["Microsoft Research,Seattle,USA","Microsoft Research, Seattle, USA"],"affiliations":[{"raw_affiliation_string":"Microsoft Research,Seattle,USA","institution_ids":["https://openalex.org/I1290206253","https://openalex.org/I4210164937"]},{"raw_affiliation_string":"Microsoft Research, Seattle, USA","institution_ids":["https://openalex.org/I1290206253","https://openalex.org/I58610484"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5108554298","display_name":"Max Sch\u00e4fer","orcid":null},"institutions":[{"id":"https://openalex.org/I4210108572","display_name":"Voith (United Kingdom)","ror":"https://ror.org/016qz7879","country_code":"GB","type":"company","lineage":["https://openalex.org/I4210108572","https://openalex.org/I4210132346"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Max Schafer","raw_affiliation_strings":["GitHub,Oxford,UK","GitHub, Oxford, UK"],"affiliations":[{"raw_affiliation_string":"GitHub,Oxford,UK","institution_ids":["https://openalex.org/I4210108572"]},{"raw_affiliation_string":"GitHub, Oxford, UK","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5063258857"],"corresponding_institution_ids":["https://openalex.org/I183874917"],"apc_list":null,"apc_paid":null,"fwci":0.4469,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.55253502,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"165","last_page":"174"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.9325705170631409},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8859716653823853},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.6254425644874573},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.5705199241638184},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.5204087495803833},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.4761252999305725},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.4738072454929352},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.460561603307724},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.4481543302536011},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4197067320346832},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3323935866355896},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.33183425664901733},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.31440073251724243},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2684823274612427},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.20622819662094116},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.1955636441707611},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.18887943029403687},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.1211560070514679}],"concepts":[{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.9325705170631409},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8859716653823853},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.6254425644874573},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.5705199241638184},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.5204087495803833},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.4761252999305725},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.4738072454929352},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.460561603307724},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.4481543302536011},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4197067320346832},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3323935866355896},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.33183425664901733},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.31440073251724243},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2684823274612427},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.20622819662094116},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.1955636441707611},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.18887943029403687},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.1211560070514679},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/icse-seip55303.2022.9794015","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icse-seip55303.2022.9794015","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE/ACM 44th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP)","raw_type":"proceedings-article"},{"id":"pmh:oai:sedici.unlp.edu.ar:10915/151643","is_oa":true,"landing_page_url":"http://sedici.unlp.edu.ar/handle/10915/151643","pdf_url":null,"source":{"id":"https://openalex.org/S4306400803","display_name":"El Servicio de Difusi\u00f3n de la Creaci\u00f3n Intelectual (National University of La Plata)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I874386039","host_organization_name":"Universidad Nacional de La Plata","host_organization_lineage":["https://openalex.org/I874386039"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Resumen"}],"best_oa_location":{"id":"pmh:oai:sedici.unlp.edu.ar:10915/151643","is_oa":true,"landing_page_url":"http://sedici.unlp.edu.ar/handle/10915/151643","pdf_url":null,"source":{"id":"https://openalex.org/S4306400803","display_name":"El Servicio de Difusi\u00f3n de la Creaci\u00f3n Intelectual (National University of La Plata)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I874386039","host_organization_name":"Universidad Nacional de La Plata","host_organization_lineage":["https://openalex.org/I874386039"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Resumen"},"sustainable_development_goals":[{"score":0.7599999904632568,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W2061640969","https://openalex.org/W2078197322","https://openalex.org/W2089745089","https://openalex.org/W2113709047","https://openalex.org/W2156981320","https://openalex.org/W2166743230","https://openalex.org/W2181712945","https://openalex.org/W2489773810","https://openalex.org/W2544992706","https://openalex.org/W2798352717","https://openalex.org/W2886465534","https://openalex.org/W2942293597","https://openalex.org/W2953940813","https://openalex.org/W3018033251","https://openalex.org/W3086007799","https://openalex.org/W3090362160","https://openalex.org/W3105735055","https://openalex.org/W3119507053","https://openalex.org/W6753894890"],"related_works":["https://openalex.org/W1566603754","https://openalex.org/W2290206096","https://openalex.org/W2949337025","https://openalex.org/W2527850347","https://openalex.org/W2148261527","https://openalex.org/W3027385388","https://openalex.org/W2584011092","https://openalex.org/W2621181330","https://openalex.org/W2292865721","https://openalex.org/W1486481742"],"abstract_inverted_index":{"Static":[0],"analysis":[1,15,211,241,260],"has":[2,66,145],"established":[3],"itself":[4],"as":[5,88,90],"a":[6,19,130,138],"weapon":[7],"of":[8,32,58,84,104,126,140,208,231,268],"choice":[9],"for":[10,109,150,154,198,247],"detecting":[11],"security":[12,26],"vulnerabilities.":[13,105],"Taint":[14],"in":[16,30,133,169,205],"particular":[17],"is":[18,61,123],"very":[20],"general":[21],"and":[22,72,86,132,254],"powerful":[23],"technique,":[24],"where":[25],"policies":[27],"are":[28,116,228,236],"expressed":[29],"terms":[31],"forbidden":[33],"flows,":[34],"either":[35,156,227],"from":[36,47,157,161],"untrusted":[37,51],"input":[38],"sources":[39,49,85],"to":[40,50,67,99,136,166,194,240,262,270],"sensitive":[41,48],"sinks":[42,52,225],"(in":[43,53],"integrity":[44],"policies)":[45],"or":[46,160,235],"confidentiality":[54],"policies).":[55],"The":[56],"appeal":[57],"this":[59,183],"approach":[60,193],"that":[62,93,215,226,257],"the":[63,162,173,206,216,232],"taint-tracking":[64],"mechanism":[65],"be":[68,75,167],"implemented":[69],"only":[70],"once,":[71],"can":[73,219],"then":[74],"parameterized":[76],"with":[77,201],"different":[78,102],"taint":[79,114,121,152,203,224],"specifications":[80,122,153,197],"(that":[81],"is,":[82],"sets":[83],"sinks,":[87],"well":[89,118],"any":[91],"sanitizers":[92],"render":[94],"otherwise":[95],"problematic":[96],"flows":[97],"innocuous)":[98],"detect":[100],"many":[101,222],"kinds":[103],"But":[106],"while":[107],"techniques":[108,149,246],"implementing":[110],"scalable":[111],"inter-procedural":[112],"static":[113],"tracking":[115],"fairly":[117],"established,":[119],"crafting":[120],"still":[124],"more":[125],"an":[127,190,259],"art":[128],"than":[129],"science,":[131],"practice":[134],"tends":[135],"involve":[137],"lot":[139],"manual":[141,202,233],"effort.":[142],"Past":[143],"work":[144,184],"focussed":[146],"on":[147],"automated":[148,252],"inferring":[151],"libraries":[155,200],"their":[158],"implementation":[159],"way":[163],"they":[164],"tend":[165],"used":[168],"client":[170],"code.":[171],"Among":[172],"latter,":[174],"machine":[175],"learning-based":[176],"approaches":[177],"have":[178],"shown":[179],"great":[180],"promise.":[181],"In":[182],"we":[185,244],"present":[186,245],"our":[187],"experience":[188],"combining":[189],"existing":[191],"machine-learning":[192,217],"mining":[195],"sink":[196,249],"JavaScript":[199],"modelling":[204,234],"context":[207],"GitHub's":[209],"CodeQL":[210],"framework.":[212],"We":[213],"show":[214],"component":[218],"successfully":[220],"infer":[221],"new":[223],"not":[229,237],"part":[230],"detected":[238],"due":[239],"incompleteness.":[242],"Moreover,":[243],"organizing":[248],"predictions":[250,269],"using":[251],"ranking":[253],"code-similarity":[255],"metrics":[256],"allow":[258],"engineer":[261],"efficiently":[263],"sift":[264],"through":[265],"large":[266],"numbers":[267],"identify":[271],"true":[272],"positives.":[273]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}