Skip to content

Commit 8e5e0a9

Browse files
KevinHockKevinHock
authored
Added How To Use section
1 parent b6129cf commit 8e5e0a9

File tree

1 file changed

+17
-20
lines changed

1 file changed

+17
-20
lines changed

README.rst

Lines changed: 17 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -54,10 +54,26 @@ PyT can also be installed from source. To do so, clone the repo, and then run:
5454
How It Works
5555
============
5656

57-
Soon you will find a README.rst in every directory in the pyt folder, `start here`_.
57+
Soon you will find a `README.rst`_ in every directory in the ``pyt/`` folder, `start here`_.
5858

59+
.. _README.rst: https://github.com/python-security/pyt/tree/master/pyt
5960
.. _start here: https://github.com/python-security/pyt/tree/master/pyt
6061

62+
63+
How To Use
64+
============
65+
66+
1. Choose a web framework: `The -a option chooses what functions will have their arguments tainted`_, by default it is Flask.
67+
68+
2. (optional) Customize source and sink information: Use the ``-t`` option to specify sources and sinks, by default `this file is used`_.
69+
70+
3. (optional) Customize which library functions propagate taint: For functions that are imported from libraries, e.g. ``url_for`` or ``os.path.join``, use the ``-m`` option to specify whether or not they return tainted values given tainted inputs, by `default this file is used`_.
71+
72+
.. _The -a option chooses what functions will have their arguments tainted: https://github.com/python-security/pyt/tree/master/pyt/web_frameworks#web-frameworks
73+
.. _this file is used: https://github.com/python-security/pyt/blob/master/pyt/vulnerability_definitions/all_trigger_words.pyt
74+
.. _default this file is used: https://github.com/python-security/pyt/blob/master/pyt/vulnerability_definitions/blackbox_mapping.json
75+
76+
6177
Usage
6278
=====
6379

@@ -106,25 +122,6 @@ Usage
106122
-i, --interactive Will ask you about each blackbox function call in
107123
vulnerability chains.
108124
109-
Choosing a Web Framework
110-
========================
111-
112-
`The -a option chooses what functions will have their arguments tainted`_
113-
114-
.. _The -a option chooses what functions will have their arguments tainted: https://github.com/python-security/pyt/tree/master/pyt/web_frameworks#web-frameworks
115-
116-
Configuring Source and Sink Information
117-
=======================================
118-
119-
Use the ``-t`` option to specify sources and sinks, by default `this file is used`_.
120-
121-
.. _this file is used: https://github.com/python-security/pyt/blob/master/pyt/vulnerability_definitions/all_trigger_words.pyt
122-
123-
For functions that are imported from libraries, use the ``-m`` option to specify whether or not they
124-
return tainted values given tainted inputs, by `default this file is used`_.
125-
126-
.. _default this file is used: https://github.com/python-security/pyt/blob/master/pyt/vulnerability_definitions/blackbox_mapping.json)
127-
128125
Usage from Source
129126
=================
130127

0 commit comments

Comments
 (0)