I am developing a tool for Firefox OS application analysis. The tool uses static code analysis for source and sink identification. Then dynamic analysis to taint data from source to sink.
I used Esprima to parse the JavaScript code and used the Estraverse module for traversing the Abstract Syntax Tree.
Now I am stuck at identifying the sources and sinks. How can I do that? Also is there any way to get the Firefox OS marketplace applications for analysis.
