Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

7-2023

Abstract

Packages in the Node.js ecosystem often suffer from serious vulnerabilities such as arbitrary command injection and code execution. Existing taint analysis tools fall short in providing an end-to-end infrastructure for automatically detecting and triaging these vulnerabilities.We develop NodeMedic, an end-to-end analysis infrastructure that automates test driver creation, performs precise yet scalable dynamic taint propagation via algorithmically tuned propagation policies, and exposes taint provenance information as a provenance graph. Using provenance graphs we develop two post-detection analyses: automated constraint-based exploit synthesis to confirm vulnerabilities; Attack-defense-tree-based rating of flow exploitability.We demonstrate the effectiveness of NodeMedic through a large-scale evaluation of 10,000 Node.js packages. Our evaluation uncovers 155 vulnerabilities, of which 152 are previously undisclosed, and 108 were confirmed with automatically synthesized exploits. We have open-sourced NodeMedic and a suite of 589 taint precision unit tests.

Keywords

Analysis tools, Code execution, Command injections, Constraint-based, Tree-based

Discipline

Software Engineering

Publication

2023 8th IEEE European Symposium on Security and Privacy, Euro S and P: Delft, July 3-7: Proceedings

First Page

1101

Last Page

1127

ISBN

9781665465120

Identifier

10.1109/EuroSP57164.2023.00068

Publisher

IEEE

City or Country

Piscataway, NJ

Share

COinS