sola-da / synode Goto Github PK
View Code? Open in Web Editor NEWAutomatically Preventing Code Injection Attacks on Node.js
Automatically Preventing Code Injection Attacks on Node.js
Hi, I'm trying to run the Synode benchmarks but I'm running into an error.
I set up a Docker container to run Synode using this Dockefile:
FROM ubuntu:18.04
# Replace shell with bash so we can source files
RUN rm /bin/sh && ln -s /bin/bash /bin/sh
# Set debconf to run non-interactively
RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
# System dependencies
RUN apt-get update -y
RUN apt-get install -y sudo bash curl software-properties-common git vim default-jre
# Install nvm with node and npm
ENV NVM_DIR /usr/local/nvm RUN mkdir -p /usr/local/nvm
RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash
ENV NODE_VERSION v14.15.1
RUN /bin/bash -c "source $NVM_DIR/nvm.sh && nvm install $NODE_VERSION && nvm use --delete-prefix $NODE_VERSION"
ENV NODE_PATH $NVM_DIR/versions/node/$NODE_VERSION/lib/node_modules
ENV PATH $NVM_DIR/versions/node/$NODE_VERSION/bin:$PATH
# Set up sudoers
ADD /sudoers.txt /etc/sudoers RUN chmod 440 /etc/sudoers
# Create user
RUN useradd -ms /bin/bash dev
USER dev
WORKDIR /home/dev
# Install Synode
RUN sudo chmod -R 777 /usr/local/nvm
RUN git clone https://github.com/sola-da/Synode.git
RUN cd Synode/dynamic && npm install -g
# Entrypoint
ENTRYPOINT ["/bin/bash"]
I then installed the fish
package in the benchmarks directory and attempted to run Synode.
$ synode ./node_modules/fish
Looking for sinks in 3 files
Analyzing /home/dev/Synode/benchmarks/node_modules/fish/dev/test.js
Analyzing /home/dev/Synode/benchmarks/node_modules/fish/index.js
Analyzing /home/dev/Synode/benchmarks/node_modules/fish/src/fish.js
Spawn exited with code 1
It does not seem to have worked. In particular running static-analysis.jar
seems to have failed. I tried running that jar manually and I got this output:
$ java -jar dynamic/depd/static-analysis.jar benchmarks/node_modules/fish/src/fish.js benchmarks/resources/out.txt
Exception in thread "main" java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:58)
Caused by: java.lang.NoClassDefFoundError: com/google/javascript/jscomp/SourceFile
at de.tudarmstadt.sola.command.injections.Main.main(Main.java:48)
... 5 more
Caused by: java.lang.ClassNotFoundException: com.google.javascript.jscomp.SourceFile
at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:471)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:589)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
... 6 more
Do you know what I might have missed / done wrong? Please let me know if you need any more information.
Thank you for your help!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.