3

I am developing a Firefox OS application analysis tool that classifies given application to malicious or non malicious based on code analysis. My initial work is to perform static taint analysis of JavaScript files. Is it possible to do it using WALA. If yes, then how?

Shahanas
  • 71
  • 7
  • By WALA you mean **JS_WALA**? – meskobalazs May 20 '16 at 14:25
  • No. I asked about Watson Libraries for Analysis (WALA) for java and javascript analysis. JS_WALA is wala tools implemented in javascript – Shahanas May 20 '16 at 15:45
  • @meskobalazs I wonder, though JavaScript is one of the powerful languages ruling the web , I couldn't find any static taint analysis tool for JavaScript based web applications :( – Shahanas May 24 '16 at 14:25
  • 1
    Well, doing static analysis for a dynamic, interpreted language is hard. I found this whitepaper, it could be interesting: http://prolangs.cs.vt.edu/refs/docs/weiryder-issta13.pdf – meskobalazs May 24 '16 at 19:59
  • I think I am working on something very similar in my thesis, please contact me at: brian@de.ibm.com – Brian Pfretzschner Jun 01 '16 at 11:36

1 Answers1

0

WALA does not include a production-quality taint analysis for JavaScript. There is some sample code here that could help you get started:

https://github.com/wala/Examples/tree/master/TaintExamples/source/tutorial/examples

msridhar
  • 2,846
  • 4
  • 22
  • 23