{"id":13797150,"url":"https://github.com/exposejs/expose","last_synced_at":"2025-05-13T02:31:21.828Z","repository":{"id":55143554,"uuid":"90259354","full_name":"ExpoSEJS/ExpoSE","owner":"ExpoSEJS","description":"A Dynamic Symbolic Execution (DSE) engine for JavaScript. ExpoSE is highly scalable, compatible with recent JavaScript standards, and supports symbolic modelling of strings and regular expressions.","archived":false,"fork":false,"pushed_at":"2024-07-02T21:48:19.000Z","size":12675,"stargazers_count":183,"open_issues_count":11,"forks_count":36,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-08-04T23:10:55.648Z","etag":null,"topics":["bug-fixing","javascript","program-analysis","programming-languages","software-testing","symbolic-execution","unit-testing"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ExpoSEJS.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-05-04T12:13:45.000Z","updated_at":"2024-07-21T13:06:54.000Z","dependencies_parsed_at":"2023-10-02T19:47:27.807Z","dependency_job_id":null,"html_url":"https://github.com/ExpoSEJS/ExpoSE","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ExpoSEJS%2FExpoSE","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ExpoSEJS%2FExpoSE/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ExpoSEJS%2FExpoSE/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ExpoSEJS%2FExpoSE/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ExpoSEJS","download_url":"https://codeload.github.com/ExpoSEJS/ExpoSE/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225167392,"owners_count":17431594,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-fixing","javascript","program-analysis","programming-languages","software-testing","symbolic-execution","unit-testing"],"created_at":"2024-08-03T23:01:23.525Z","updated_at":"2024-11-18T11:30:46.025Z","avatar_url":"https://github.com/ExpoSEJS.png","language":"JavaScript","readme":"## ExpoSE\n\nExpoSE is a dynamic symbolic execution engine for JavaScript, developed at Royal Holloway, University of London by [Blake Loring](https://www.parsed.uk), Duncan Mitchell, and [Johannes Kinder](https://www.plai.ifi.lmu.de) (now at [LMU Munich](https://www.lmu.de/)).\nExpoSE supports symbolic execution of Node.js programs and JavaScript in the browser. ExpoSE is based on Jalangi2 and the Z3 SMT solver.\n\n### Requirements\n\nRequires `node` version v21.7.2 (other versions may work but are not tested), `npm`, `clang` (with `clang++`), `gnuplot` (for coverage graphs), `make`, `python` (Python 3).\n\n`mitmproxy` (Depends libxml2-dev, libxslt-dev, libssl-dev) is required for electron analysis.\n\n### Installation\n\nExecute `./install` inside the ExpoSE directory for a clean installation.\n\n### Complete instructions (including installing Node.js and NPM using fnm)\n\n```\ncurl -fsSL https://fnm.vercel.app/install | bash\neval $(fnm env)\nfnm install 21.7.2\nfnm use 21.7.2\n./install\n./expoSE ./tests/numbers/infoflow\n```\n\n### ExpoSE CLI\n\nAlternatively, you can invoke ExpoSE directly via the `expoSE` command line interface.\n\nExample:\n\n```sh\n$ expoSE ./tests/numbers/infoflow\n```\n\nValid Options:\n\n- `replay` - Replay a test case with a specific input.\n- `ahg` - Automatically generate a generic test harness for a specified NPM library.\n\n### ExpoSE Browser Support\n\nThere is limited support for symbolic execution of webpages through a custom Electron based web browser. To execute ExpoSE on a website you use the same arguments as the CLI. Note: This also requires python3 and a modern version of mitmproxy to function correctly.\n\n```sh\n$ expoSE \"https://google.com\"\n```\n\n### Configuration\n\nExpoSE is configured via environment variables. All work both with the ExpoSE GUI and ExpoSE CLI. Typically these can be set from a terminal by writing a command such as\n\n```sh\n$ EXPOSE_LOG_LEVEL=1 expoSE target/hello.js\n```\n\n- `EXPOSE_MAX_TIME` - The time (in milliseconds) to limit the total execution\n- `EXPOSE_TEST_TIMEOUT` - The time (in milliseconds) a test case can run for before being timed out\n- `EXPOSE_PRINT_COVERAGE` - Print out the files checked by an analysis and show the lines which where explored by the analyzer\n- `EXPOSE_PRINT_PATHS` - Print the output of each test case to stdout\n- `EXPOSE_LOG_LEVEL` - Level from 0 (None) to 3 (High)\n- `EXPOSE_MAX_CONCURRENT` - The maximum number of test cases that can run concurrently\n- `RECOMPILE` - Force ExpoSE to rebuild before executing scripts\n\nNOTE: To improve performance logging instructions are removed from the output at compile time and so will not be updated if `NO_COMPILE` is set.\n\n### Publications\n\n- Blake Loring, Duncan Mitchell, and Johannes Kinder. [Sound Regular Expression Semantics for Dynamic Symbolic Execution of JavaScript](https://www.unibw.de/patch/papers/pldi19-regex.pdf). In _Proc. ACM SIGPLAN Conf. Programming Language Design and Implementation (PLDI)_, pp. 425–438, ACM, 2019.\n- Blake Loring, Duncan Mitchell, and Johannes Kinder. [ExpoSE: Practical Symbolic Execution of Standalone JavaScript](https://www.unibw.de/patch/papers/spin17-expose.pdf). In _Proc. Int. SPIN Symp. Model Checking of Software (SPIN)_, pp. 196–199, ACM, 2017.\n","funding_links":[],"categories":["\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexposejs%2Fexpose","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fexposejs%2Fexpose","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexposejs%2Fexpose/lists"}