Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update README.md #27

Merged
merged 2 commits into from
Nov 14, 2023
Merged

Update README.md #27

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
307826e
Update README.md
mwaldrich Nov 7, 2023
4d9b182
Update README.md
mwaldrich Nov 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ This file tells Augur the *sources* and *sinks* of the flows you want to
track. The spec above tells Augur to alert you if any value returned from
`readFileSync` flows into the function `exec`. It also tells Augur how to run
your project: by executing the file `test.js`.
[Here](./tests-unit/README.md) are all the options for `spec.json`.
[Here](./tests-unit/README.md#specjson) are all the options for `spec.json`.

Let's say we analyze the following program, `test.js`:
```javascript
Expand Down Expand Up @@ -135,6 +135,15 @@ You've now analyzed your first application using Augur!
to full dependency information between variables
5. Support for tracking taint through native code (see below)

## Tracking Type
Augur supports *three* methods for tracking taint across your application:

1. `Boolean`: the simplest (and fastest) tracker you can use. During your application's runtime, it simply determines whether a value came from *any* source. It doesn't keep track of which source it came from, or where the flow was introduced. This is not very useful in practice, because you will likely want to use...
2. `SourcedBoolean`: a more practical tracker. For each value in your program, Augur determines if it came from a *source*, and if so, which source and on what line the taint was introduced.
3. `Expression`: the most general tracker. In this mode, Augur will save all the information it finds during your application's runtime. For any given expression, its full set of dependent expressions is recorded. In other words, regardless your specified sources and sinks, Augur will save *every* flow between *every* expression. Expect slowdowns and large output files (on the order of MBs).

The method you choose should be placed in your [`spec.json`](./tests-unit/README.md#specjson).

## Native function models
Modern JavaScript relies on a wide variety of native functions to improve
its usability and performance. Common operations on data structures and
Expand Down
5 changes: 5 additions & 0 deletions tests-unit/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,11 @@ and `TaintType` is of the form:
| "functionReturn" | "literal" | "declaration";
```

and `TrackingType` is of the form:
```typescript
"Boolean" | "SourcedBoolean" | "Expression"
```

## `output-expected`

For each unit test in `tests-unit/input` named `test`, there should be a
Expand Down
Loading