在 Node.js 函式庫中動態偵測原型鏈污染漏洞

Abstract

本論文提出了一套框架能夠自動地在 Node.js 的函式庫中偵測原型鏈污染漏洞，並自動產生相對應的漏洞利用以驗證漏洞的存在。此框架包含了可以分開獨立實作與優化的六個步驟，依序從尋找目標、分割程式碼、植入程式碼、模糊測試、產生漏洞利用到驗證漏洞利用，結合靜態分析與動態分析的優勢，並分析利 用原型鏈污染漏洞的特性，盡可能地找出所有原型鏈污染漏洞。最後，依照每一步驟的定義，本論文實作了一套概念性驗證的工具，來驗證並分析此架構的可行性與效能。

This thesis proposes a framework that automatically detects Prototype Pollution Vul- nerabilities in the Node.js library and automatically generates the corresponding exploits to verify the existence of vulnerabilities. The proposed framework comprises six phases that can be implemented and optimized independently. The six phases include: finding targets, segmenting code, injecting code, fuzzing, generating exploits, and verifying ex- ploits, which combines the advantages of static and dynamic analysis and makes analyzing the concept of Prototype Pollution to find all vulnerabilities as much as possible. By ade- quately defining each phase, we implemented proof-of-concept tools to verify and analyze the feasibility and effectiveness of the framework.