|
|
JavaScript Code Normalization During Detection of Vulnerabilities
Havlíček, Lukáš ; Dolejška, Daniel (referee) ; Polčák, Libor (advisor)
This thesis deals with the minification, obfuscation of JavaScript and normalization of abstract syntactic trees for browser extensions implemented in Mr. Randýsek’s thesis. The tools and techniques of both JavaScript minification and obfuscation have been studied. This information was used in the design and implementation of abstract syntactic tree normalization. The trees are used in a Chrome browser extension that detects and corrects JavaScript code. I tested the normalizations with unit and integration tests. I also tested the vulnerability detection extension, where I detected 125 vulnerabilities on 1000 websites.
|
|
|
Translation Among Higher Programming Languages
Knapovský, Jan ; Kožár, Tomáš (referee) ; Meduna, Alexandr (advisor)
With the development of new technologies, programming languages and their devices the need arises for existing codebases to be updated and upgraded to use such devices and technologies, to preserve the maintainability and sustainability of such systems. This thesis proposes the use of automatised means to aid such efforts – a transpiler.
|
|
|
Program Instrumentation Enabling Coverage Measurement
Václavík, Jan ; Peringer, Petr (referee) ; Smrčka, Aleš (advisor)
This thesis deals with the design and the implementation of the Ginstrum tool for compile time instrumentation of C programs. The tool is implemented as a GCC Plugin and instruments places in program that access memory, write to memory or call functions. The tool also provides compile information that can be used for the code coverage measurement during testing and dynamic analysis.
|
|
|
Detecting JavaScript Code with Known Vulnerabilites
Randýsek, Vojtěch ; Jeřábek, Kamil (referee) ; Polčák, Libor (advisor)
This thesis deals with the detection of vulnerable JavaScript libraries and NPM packages. Based on existing studies, it summarizes the technological core of the Node.js platform and further focuses on selected vulnerabilities of the NPM system and existing means of protection. A Chrome browser extension able to detect and fix JavaScript code with known vulnerabilities on the web browser had been introduced. The tool was tested in a crawl of 50 000 websites. 8 129 vulnerable scripts were detected. The extension has been published to the Chrome Web Store as JS Vulnerability Detector .
|
|
|
Generating Code from Textual Description of Functionality
Kačur, Ján ; Ondřej, Karel (referee) ; Smrž, Pavel (advisor)
The aim of this thesis was to design and implement system for code generation from textual description of functionality. In total, 2 systems were implemented. One of them served its purpose as a control prototype, the second one was the main product of this thesis. I focused on using smaller non-pre-trained models. Both systems used Transformer type model as their cores. The second system, unlike the first, used syntactic decomposition of both code and textual descriptions. Data used in both systems originated from project CodeSearchNet. Targer programming language to generate was Python. The second system achieved better quantitative results than the first one, with accuracy of 85% versus 60%. The system managed to auto-complete correct code to finish the function definition, with bigger time delay. This thesis is almost exclusively dedicated to the second system.
|
|
|
IntelliSense Implementation of a Dynamic Language
Míšek, Jakub ; Zavoral, Filip (advisor)
In the context of computer programming, the importance of computer assistance is being understood by many developer communities. Developers are e.g. using the same well known expressions or searching method signatures in library documentations. Code sense or IntelliSense methods make most of these actions unnecessary because they serve the available useful information directly to the programmer in a completely automated way. Recently, with the increased focus of the industry on dynamic languages a problem emerges - the complete knowledge on the source code is postponed until the runtime, since there may be ambiguous semantics in the code fragment. As a part of the Phalanger project the methods for syntax and semantic analysis of the dynamic code were designed, especially targeted for the PHP programming language. These methods produce a list of valid possibilities which can be then used on a specified position in the source code; such as declarations, variables and function parameters. This collected information can be also used to a fine-grained syntax highlighting.
|
|
|
CodAL Language Editor in Eclipse Framework
Hynek, Jiří ; Dolíhal, Luděk (referee) ; Přikryl, Zdeněk (advisor)
The Master thesis is focused on creation of an editor of CodAL language for the development toolkit of the project Lissom which is based on Eclipse framework. The goal of this thesis is to analyze the problem of editor creation and the features in existing editors which add some value to their usability. The outline of parser creation and subsequent code analysis of the source codes written into the editor is described in the theoretical part. It also explains the syntax and semantic aspects of the CodAL language. In the practical part the new CodAL language editor is designed and developed. The new CodAL language editor integrated into the development toolkit of the project Lissom is the final outcome of this thesis.
|
|
|
IntelliSense Implementation of a Dynamic Language
Míšek, Jakub ; Zavoral, Filip (advisor)
In the context of computer programming, the importance of computer assistance is being understood by many developer communities. Developers are e.g. using the same well known expressions or searching method signatures in library documentations. Code sense or IntelliSense methods make most of these actions unnecessary because they serve the available useful information directly to the programmer in a completely automated way. Recently, with the increased focus of the industry on dynamic languages a problem emerges - the complete knowledge on the source code is postponed until the runtime, since there may be ambiguous semantics in the code fragment. As a part of the Phalanger project the methods for syntax and semantic analysis of the dynamic code were designed, especially targeted for the PHP programming language. These methods produce a list of valid possibilities which can be then used on a specified position in the source code; such as declarations, variables and function parameters. This collected information can be also used to a fine-grained syntax highlighting.
|
|
|
Static Analysis of CodAL Language Source Code
Fajčík, Martin ; Přikryl, Zdeněk (referee) ; Hynek, Jiří (advisor)
The goal of bachelor's thesis is to design and implement extensions devoted to source code static analysis and automatic corrections used in CodAL language editors. This form of analysis is convenient e.g. for the source code semantic checks. The thesis consists of theoretical and practical part. Role of the theoretical part is to overview with extension development related to Eclipse platform, especially with the CodAL language editor, CodAL language itself and to define problems of this language which are suitable to be solved on the static analysis level. Practical part includes specific implementation details of the particular static analysis elements and automatic corrections. These extended CodAL language editors are available in integrated development environment Codasip Studio based first and foremost on the Eclipse platform and project CDT. Codasip Studio has been developed by company Codasip Ltd. in collaboration with Lissom research team.
|
|
|
Application Backend Generation from a UML Model
Klikar, Václav ; Očenášek, Pavel (referee) ; Burget, Radek (advisor)
The aim of this bachelor's thesis is to design and implement a tool that allows bi-directional synchronization between a UML class diagram and an application backend whenever during application development. Working with the UML model is made possible by using a standardized XMI format. The application backend is created and managed through a web framework Django. To read and write Django program code, the tool uses abstract syntax tree parser.
|
guest ::
