{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,24]],"date-time":"2026-01-24T08:47:35Z","timestamp":1769244455744,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":29,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,8,12]],"date-time":"2019-08-12T00:00:00Z","timestamp":1565568000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,8,12]]},"DOI":"10.1145\/3338906.3338933","type":"proceedings-article","created":{"date-parts":[[2019,8,9]],"date-time":"2019-08-09T12:21:03Z","timestamp":1565353263000},"page":"455-465","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":26,"title":["Nodest: feedback-driven static analysis of Node.js applications"],"prefix":"10.1145","author":[{"given":"Benjamin Barslev","family":"Nielsen","sequence":"first","affiliation":[{"name":"Oracle Labs, Australia \/ Aarhus University, Denmark"}]},{"given":"Behnaz","family":"Hassanshahi","sequence":"additional","affiliation":[{"name":"Oracle Labs, Australia"}]},{"given":"Fran\u00e7ois","family":"Gauthier","sequence":"additional","affiliation":[{"name":"Oracle Labs, Australia"}]}],"member":"320","published-online":{"date-parts":[[2019,8,12]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"https:\/\/babeljs.io\/","year":"2019","unstructured":"2019. Babel. https:\/\/babeljs.io\/ . 2019 . ES6 Features. http:\/\/es6-features.org. 2019. Express web framework. https:\/\/www.npmjs.com\/package\/express. 2019. Module Loader in Node .js. https:\/\/github.com\/nodejs\/node\/blob\/master\/ lib\/module.js. 2019. MongoDB database. https:\/\/www.mongodb.com\/. 2019. OWASP vulnerable Node.js application. https:\/\/github.com\/OWASP\/ NodeGoat. 2019. T.J. Watson Libraries for Analysis. http:\/\/wala.sourceforge.net\/wiki\/index. php. 2019. Babel. https:\/\/babeljs.io\/. 2019. ES6 Features. http:\/\/es6-features.org. 2019. Express web framework. https:\/\/www.npmjs.com\/package\/express. 2019. Module Loader in Node.js. https:\/\/github.com\/nodejs\/node\/blob\/master\/ lib\/module.js. 2019. MongoDB database. https:\/\/www.mongodb.com\/. 2019. OWASP vulnerable Node.js application. https:\/\/github.com\/OWASP\/ NodeGoat. 2019. T.J. Watson Libraries for Analysis. http:\/\/wala.sourceforge.net\/wiki\/index. php."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660193.2660214"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3088515.3088521"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2016.91"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2010.21"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/512950.512973"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236454.3236502"},{"key":"e_1_3_2_1_8_1","volume-title":"USENIX Security Symposium","volume":"10","author":"Guarnieri Salvatore","year":"2009","unstructured":"Salvatore Guarnieri and V Benjamin Livshits . 2009 . GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code .. In USENIX Security Symposium , Vol. 10 . 78\u201385. Salvatore Guarnieri and V Benjamin Livshits. 2009. GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code.. In USENIX Security Symposium, Vol. 10. 78\u201385."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2001420.2001442"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3088515.3088519"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2554850.2554909"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2012.19"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03237-0_17"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF00290339"},{"key":"e_1_3_2_1_15_1","volume-title":"Platform-Independent Dynamic Taint Analysis for JavaScript","author":"Karim Rezwana","year":"2018","unstructured":"Rezwana Karim , Frank Tip , Alena Sochurkova , and Koushik Sen . 2018. Platform-Independent Dynamic Taint Analysis for JavaScript . IEEE Transactions on Software Engineering ( 2018 ). Rezwana Karim, Frank Tip, Alena Sochurkova, and Koushik Sen. 2018. Platform-Independent Dynamic Taint Analysis for JavaScript. IEEE Transactions on Software Engineering (2018)."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635904"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-71237-6_8"},{"key":"e_1_3_2_1_18_1","volume-title":"In Proceedings of the International Workshop on Foundations of Object Oriented Languages (FOOL).","author":"Lee H.","unstructured":"H. Lee , S. Won , J. Jin , J. Cho , and S. Ryu . 2012. Safe: Formal specification and implementation of a scalable analysis framework for ecmascript . In In Proceedings of the International Workshop on Foundations of Object Oriented Languages (FOOL). H. Lee, S. Won, J. Jin, J. Cho, and S. Ryu. 2012. Safe: Formal specification and implementation of a scalable analysis framework for ecmascript. In In Proceedings of the International Workshop on Foundations of Object Oriented Languages (FOOL)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2491411.2491417"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2889160.2889227"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3088515.3088516"},{"key":"e_1_3_2_1_22_1","volume-title":"IFIP International Information Security Conference. Springer, 278\u2013292","author":"Santos Jos\u00e9 Fragoso","year":"2014","unstructured":"Jos\u00e9 Fragoso Santos and Tamara Rezk . 2014 . An information flow monitorinlining compiler for securing a core of javascript . In IFIP International Information Security Conference. Springer, 278\u2013292 . Jos\u00e9 Fragoso Santos and Tamara Rezk. 2014. An information flow monitorinlining compiler for securing a core of javascript. In IFIP International Information Security Conference. Springer, 278\u2013292."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2491411.2491447"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594320"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31057-7_20"},{"key":"e_1_3_2_1_26_1","volume-title":"25th Annual Network and Distributed System Security Symposium (NDSS).","author":"Staicu C-A.","unstructured":"C-A. Staicu , M. Pradel , and B. Livshits . 2018. SYNODE: Understanding and Automatically Preventing Injection Attacks on Node.js . In 25th Annual Network and Distributed System Security Symposium (NDSS). C-A. Staicu, M. Pradel, and B. Livshits. 2018. SYNODE: Understanding and Automatically Preventing Injection Attacks on Node.js. In 25th Annual Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2610385"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2483760.2483788"},{"key":"e_1_3_2_1_29_1","volume-title":"LIPIcs-Leibniz International Proceedings in Informatics","volume":"37","author":"Wei Shiyi","year":"2015","unstructured":"Shiyi Wei and Barbara G Ryder . 2015 . Adaptive context-sensitive analysis for JavaScript . In LIPIcs-Leibniz International Proceedings in Informatics , Vol. 37 . Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik. Shiyi Wei and Barbara G Ryder. 2015. Adaptive context-sensitive analysis for JavaScript. In LIPIcs-Leibniz International Proceedings in Informatics, Vol. 37. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik."}],"event":{"name":"ESEC\/FSE '19: 27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","location":"Tallinn Estonia","acronym":"ESEC\/FSE '19","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3338906.3338933","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3338906.3338933","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T00:26:21Z","timestamp":1750206381000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3338906.3338933"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,8,12]]},"references-count":29,"alternative-id":["10.1145\/3338906.3338933","10.1145\/3338906"],"URL":"https:\/\/doi.org\/10.1145\/3338906.3338933","relation":{},"subject":[],"published":{"date-parts":[[2019,8,12]]},"assertion":[{"value":"2019-08-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}