From d31a58fb2564dc7a0a42e63bb080ea28ae92193b Mon Sep 17 00:00:00 2001 From: KevinHock Date: Wed, 6 Jun 2018 18:38:17 -0700 Subject: [PATCH 1/4] Update README.rst --- pyt/vulnerabilities/README.rst | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pyt/vulnerabilities/README.rst b/pyt/vulnerabilities/README.rst index 180020d6..92061a5c 100644 --- a/pyt/vulnerabilities/README.rst +++ b/pyt/vulnerabilities/README.rst @@ -1,6 +1,11 @@ Coming soon. -There are a few different kinds of vulnerabilities + +There are a few different `vulnerability types`_ used in `how_vulnerable`_. + +.. _vulnerability types: https://github.com/python-security/pyt/blob/re_organize_code/pyt/vulnerabilities/vulnerability_helper.py#L8-L12 + +.. _how_vulnerable: https://github.com/python-security/pyt/blob/re_organize_code/pyt/vulnerabilities/vulnerabilities.py#L266-L323 Regular Sanitised From 9d13bfa59ae290c480015c1358dc38360e6e30d6 Mon Sep 17 00:00:00 2001 From: KevinHock Date: Wed, 6 Jun 2018 18:39:24 -0700 Subject: [PATCH 2/4] Update README.rst --- pyt/vulnerabilities/README.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/pyt/vulnerabilities/README.rst b/pyt/vulnerabilities/README.rst index 92061a5c..af75a456 100644 --- a/pyt/vulnerabilities/README.rst +++ b/pyt/vulnerabilities/README.rst @@ -1,5 +1,6 @@ Coming soon. +After we get each vulnerability chain, we see `how_vulnerable`_ it is There are a few different `vulnerability types`_ used in `how_vulnerable`_. From bd434e692f8c2a17205234e6e1a4cd4ade0b3277 Mon Sep 17 00:00:00 2001 From: KevinHock Date: Wed, 6 Jun 2018 18:41:42 -0700 Subject: [PATCH 3/4] Update README.rst --- pyt/vulnerabilities/README.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pyt/vulnerabilities/README.rst b/pyt/vulnerabilities/README.rst index af75a456..1a567bf6 100644 --- a/pyt/vulnerabilities/README.rst +++ b/pyt/vulnerabilities/README.rst @@ -1,13 +1,20 @@ Coming soon. +Once we obtain def-use chains, we `find all of the paths from source to sink`_. + + + After we get each vulnerability chain, we see `how_vulnerable`_ it is There are a few different `vulnerability types`_ used in `how_vulnerable`_. +.. _find all of the paths from source to sink: https://github.com/python-security/pyt/blob/re_organize_code/pyt/vulnerabilities/vulnerabilities.py#L397-L405 + .. _vulnerability types: https://github.com/python-security/pyt/blob/re_organize_code/pyt/vulnerabilities/vulnerability_helper.py#L8-L12 .. _how_vulnerable: https://github.com/python-security/pyt/blob/re_organize_code/pyt/vulnerabilities/vulnerabilities.py#L266-L323 + Regular Sanitised Unknown From 6378805ca3ca714124b387453700e31fd8c40a5e Mon Sep 17 00:00:00 2001 From: KevinHock Date: Thu, 7 Jun 2018 18:54:42 -0700 Subject: [PATCH 4/4] Update README.rst --- pyt/vulnerabilities/README.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pyt/vulnerabilities/README.rst b/pyt/vulnerabilities/README.rst index 1a567bf6..b8ff5d24 100644 --- a/pyt/vulnerabilities/README.rst +++ b/pyt/vulnerabilities/README.rst @@ -1,5 +1,7 @@ Coming soon. +The first thing we do is `find all sources and sinks in the file`_, and then `loop through each pair of source and sink to see if a source reaches a sink`_. + Once we obtain def-use chains, we `find all of the paths from source to sink`_. @@ -8,6 +10,9 @@ After we get each vulnerability chain, we see `how_vulnerable`_ it is There are a few different `vulnerability types`_ used in `how_vulnerable`_. +.. _loop through each pair of source and sink to see if a source reaches a sink: https://github.com/python-security/pyt/blob/re_organize_code/pyt/vulnerabilities/vulnerabilities.py#L452-L464 +.. _find all sources and sinks in the file: https://github.com/python-security/pyt/blob/re_organize_code/pyt/vulnerabilities/vulnerabilities.py#L29-L59 + .. _find all of the paths from source to sink: https://github.com/python-security/pyt/blob/re_organize_code/pyt/vulnerabilities/vulnerabilities.py#L397-L405 .. _vulnerability types: https://github.com/python-security/pyt/blob/re_organize_code/pyt/vulnerabilities/vulnerability_helper.py#L8-L12