Skip to content

Commit

Permalink
Merge pull request #27 from nuprl/mwaldrich-patch-1
Browse files Browse the repository at this point in the history
Update README.md
  • Loading branch information
mwaldrich authored Nov 14, 2023
2 parents b8ab205 + 4d9b182 commit d589ea3
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
11 changes: 10 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ This file tells Augur the *sources* and *sinks* of the flows you want to
track. The spec above tells Augur to alert you if any value returned from
`readFileSync` flows into the function `exec`. It also tells Augur how to run
your project: by executing the file `test.js`.
[Here](./tests-unit/README.md) are all the options for `spec.json`.
[Here](./tests-unit/README.md#specjson) are all the options for `spec.json`.

Let's say we analyze the following program, `test.js`:
```javascript
Expand Down Expand Up @@ -135,6 +135,15 @@ You've now analyzed your first application using Augur!
to full dependency information between variables
5. Support for tracking taint through native code (see below)

## Tracking Type
Augur supports *three* methods for tracking taint across your application:

1. `Boolean`: the simplest (and fastest) tracker you can use. During your application's runtime, it simply determines whether a value came from *any* source. It doesn't keep track of which source it came from, or where the flow was introduced. This is not very useful in practice, because you will likely want to use...
2. `SourcedBoolean`: a more practical tracker. For each value in your program, Augur determines if it came from a *source*, and if so, which source and on what line the taint was introduced.
3. `Expression`: the most general tracker. In this mode, Augur will save all the information it finds during your application's runtime. For any given expression, its full set of dependent expressions is recorded. In other words, regardless your specified sources and sinks, Augur will save *every* flow between *every* expression. Expect slowdowns and large output files (on the order of MBs).

The method you choose should be placed in your [`spec.json`](./tests-unit/README.md#specjson).

## Native function models
Modern JavaScript relies on a wide variety of native functions to improve
its usability and performance. Common operations on data structures and
Expand Down
5 changes: 5 additions & 0 deletions tests-unit/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,11 @@ and `TaintType` is of the form:
| "functionReturn" | "literal" | "declaration";
```

and `TrackingType` is of the form:
```typescript
"Boolean" | "SourcedBoolean" | "Expression"
```

## `output-expected`

For each unit test in `tests-unit/input` named `test`, there should be a
Expand Down

0 comments on commit d589ea3

Please sign in to comment.