{"id":"https://openalex.org/W2967904600","doi":"https://doi.org/10.1145/3338906.3338933","title":"Nodest: feedback-driven static analysis of Node.js applications","display_name":"Nodest: feedback-driven static analysis of Node.js applications","publication_year":2019,"publication_date":"2019-08-09","ids":{"openalex":"https://openalex.org/W2967904600","doi":"https://doi.org/10.1145/3338906.3338933","mag":"2967904600"},"language":"en","primary_location":{"id":"doi:10.1145/3338906.3338933","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3338906.3338933","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5031295802","display_name":"Benjamin Barslev Nielsen","orcid":null},"institutions":[{"id":"https://openalex.org/I204337017","display_name":"Aarhus University","ror":"https://ror.org/01aj84f44","country_code":"DK","type":"education","lineage":["https://openalex.org/I204337017"]}],"countries":["DK"],"is_corresponding":true,"raw_author_name":"Benjamin Barslev Nielsen","raw_affiliation_strings":["Oracle Labs, Australia / Aarhus University, Denmark"],"affiliations":[{"raw_affiliation_string":"Oracle Labs, Australia / Aarhus University, Denmark","institution_ids":["https://openalex.org/I204337017"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085376501","display_name":"Behnaz Hassanshahi","orcid":"https://orcid.org/0009-0006-6639-3056"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Behnaz Hassanshahi","raw_affiliation_strings":["Oracle Labs, Australia"],"affiliations":[{"raw_affiliation_string":"Oracle Labs, Australia","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5107243299","display_name":"Fran\u00e7ois Gauthier","orcid":"https://orcid.org/0000-0002-9470-5081"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Fran\u00e7ois Gauthier","raw_affiliation_strings":["Oracle Labs, Australia"],"affiliations":[{"raw_affiliation_string":"Oracle Labs, Australia","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5031295802"],"corresponding_institution_ids":["https://openalex.org/I204337017"],"apc_list":null,"apc_paid":null,"fwci":1.6802,"has_fulltext":false,"cited_by_count":31,"citation_normalized_percentile":{"value":0.88369041,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"455","last_page":"465"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8583524227142334},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.79584801197052},{"id":"https://openalex.org/keywords/node","display_name":"Node (physics)","score":0.6810714602470398},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.6318827271461487},{"id":"https://openalex.org/keywords/dataflow","display_name":"Dataflow","score":0.49958348274230957},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4844484329223633},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.470841646194458},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.43645361065864563},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.43324416875839233},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.42805594205856323},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.4235062301158905},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.32486844062805176},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.1867040991783142},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1313563883304596}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8583524227142334},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.79584801197052},{"id":"https://openalex.org/C62611344","wikidata":"https://www.wikidata.org/wiki/Q1062658","display_name":"Node (physics)","level":2,"score":0.6810714602470398},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.6318827271461487},{"id":"https://openalex.org/C96324660","wikidata":"https://www.wikidata.org/wiki/Q205446","display_name":"Dataflow","level":2,"score":0.49958348274230957},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4844484329223633},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.470841646194458},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.43645361065864563},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.43324416875839233},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.42805594205856323},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4235062301158905},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.32486844062805176},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.1867040991783142},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1313563883304596},{"id":"https://openalex.org/C66938386","wikidata":"https://www.wikidata.org/wiki/Q633538","display_name":"Structural engineering","level":1,"score":0.0},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3338906.3338933","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3338906.3338933","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:pure.atira.dk:publications/a5708250-30ca-4421-8493-c91f28e57748","is_oa":false,"landing_page_url":"http://www.scopus.com/inward/record.url?scp=85071945300&partnerID=8YFLogxK","pdf_url":null,"source":{"id":"https://openalex.org/S4306400063","display_name":"Scopus (Elsevier)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Nielsen, B B, Hassanshahi, B & Gauthier, F 2019, Nodest : Feedback-driven static analysis of Node.js applications. in S Apel, M Dumas, A Russo & D Pfahl (eds), ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering. Association for Computing Machinery, pp. 455-465, 27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2019, Tallinn, Estonia, 26/08/2019. https://doi.org/10.1145/3338906.3338933","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W148369031","https://openalex.org/W202191487","https://openalex.org/W1966862293","https://openalex.org/W1971859150","https://openalex.org/W1987647365","https://openalex.org/W2024818492","https://openalex.org/W2043100293","https://openalex.org/W2053152889","https://openalex.org/W2061640969","https://openalex.org/W2069307783","https://openalex.org/W2074935412","https://openalex.org/W2085939020","https://openalex.org/W2142194171","https://openalex.org/W2146717998","https://openalex.org/W2155735696","https://openalex.org/W2350778671","https://openalex.org/W2401235936","https://openalex.org/W2405195981","https://openalex.org/W2621822648","https://openalex.org/W2621980927","https://openalex.org/W2622514874","https://openalex.org/W2768734329","https://openalex.org/W2898614297","https://openalex.org/W2910728092"],"related_works":["https://openalex.org/W1566603754","https://openalex.org/W2290206096","https://openalex.org/W2527850347","https://openalex.org/W2949337025","https://openalex.org/W2148261527","https://openalex.org/W3027385388","https://openalex.org/W2621181330","https://openalex.org/W2584011092","https://openalex.org/W2766362161","https://openalex.org/W2795601048"],"abstract_inverted_index":{"Node.js":[0,21,55,66,74,98,130,181],"provides":[1],"the":[2,9,26,134,178],"ability":[3],"to":[4,25,65,68,93,114,117,137,176],"write":[5],"JavaScript":[6],"programs":[7],"for":[8,17],"server-side":[10],"and":[11,32,47,140,184],"has":[12],"become":[13],"a":[14,85,159,165],"popular":[15,180],"language":[16],"developing":[18],"web":[19,75,182],"applications.":[20,99],"allows":[22],"direct":[23],"access":[24],"underlying":[27],"filesystem,":[28],"operating":[29],"system":[30],"resources,":[31],"databases,":[33],"but":[34],"does":[35],"not":[36,63,109],"provide":[37],"any":[38],"security":[39],"mechanism":[40],"such":[41],"as":[42,144,146],"sandboxing":[43],"of":[44,123,161],"untrusted":[45],"code,":[46],"injection":[48,70,95,120,187],"vulnerabilities":[49,71,96],"are":[50],"now":[51],"commonly":[52],"reported":[53],"in":[54,97,158],"modules.":[56,82],"Existing":[57],"static":[58,88,167],"dataflow":[59],"analysis":[60,89,168,174],"techniques":[61],"do":[62],"scale":[64],"applications":[67,76,131,139],"find":[69],"because":[72],"small":[73],"typically":[77],"depend":[78],"on":[79,128],"many":[80],"third-party":[81,111],"We":[83],"present":[84],"new":[86,105,147],"feedback-driven":[87],"that":[90,108,133],"scales":[91,136,175],"well":[92,145],"detect":[94,118],"The":[100],"key":[101],"idea":[102],"behind":[103],"our":[104,125,162,173],"technique":[106,135],"is":[107],"all":[110],"modules":[112],"need":[113],"be":[115],"analyzed":[116],"an":[119],"vulnerability.":[121],"Results":[122],"running":[124],"analysis,":[126],"Nodest,":[127],"real-world":[129],"show":[132],"large":[138],"finds":[141,152],"previously":[142],"known":[143],"vulnerabilities.":[148,188],"In":[149],"particular,":[150],"Nodest":[151],"63":[153],"true":[154],"positive":[155],"taint":[156],"flows":[157],"set":[160],"benchmarks,":[163],"whereas":[164],"state-of-the-art":[166],"reports":[169,185],"3":[170],"only.":[171],"Moreover,":[172],"Express,":[177],"most":[179],"framework,":[183],"non-trivial":[186]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":7},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}