Skip to content
This repository has been archived by the owner on Oct 27, 2022. It is now read-only.

googleinterns/tsec-validation

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

tsec validation

This is not an officially supported Google product.

This repository contains the code for a tool identifying runtime Trusted Types (TT) violations that were not found through static analysis tools like https://github.com/googleinterns/tsec

Build and run

Build

# Clone the repository
git clone https://github.com/googleinterns/tsec-validation.git

# Install dependencies
yarn

# Run linter
yarn lint

# Compile the project
yarn build

Run

The tested application must be already running.

yarn tt-runtime-check

Options:

  • --endpoint -e {TEST_ENDPOINT} – tested application's URL, default: http://127.0.0.1:8080
  • --path -p {TEST_PATH} – project root of tested application's source code, if not provided then only the web locations of violations are reported.
  • --headless -hl – do not open browser while running tests
  • --verbose -v – enable verbose logging on request interception
  • --interactive -i – run application in the interactive mode, the report will be printed after pressing CTRL+c.
  • --timeout -t – the time in ms the application waits for violation reports. Default: 10000

Source Code Headers

Every file containing source code must include copyright and license information. This includes any JS/CSS files that you might be serving out to browsers. (This is to help well-intentioned people avoid accidental copying that doesn't comply with the license.)

Apache header:

Copyright 2020 Google LLC

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

About

No description, website, or topics provided.

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published