Revise

pascal-lab · Dec 30, 2024 · 6f218a7 · 6f218a7
1 parent 098c0a0
commit 6f218a7
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 24 deletions.
diff --git a/docs/en/taint-configuration.adoc → docs/en/commonly-used-taint-config.adoc b/docs/en/taint-configuration.adoc → docs/en/commonly-used-taint-config.adoc
@@ -1,10 +1,13 @@
+[[commonly-used-taint-config.adoc]]
+include::attributes.adoc[]
+
 = Taint Configuration for Common Vulnerabilities
 
-`Taint Configuration for Common Vulnerabilities` is a collection of `source`, `sink`, and `transfer` rules tailored for various common vulnerability types. 
-Currently, this collection contains 327 `source` rules, 920 `sink` rules, and 138 `transfer` rules, enabling users to adapt and extend them to detect 13 types of vulnerabilities.
+_Taint Configuration for Common Vulnerabilities_ is a collection of `source`, `sink`, and `transfer` rules tailored for various common vulnerability types.
+Currently, this collection contains 327 `source` , 920 `sink`, and 138 `transfer` rules, enabling users to adapt and extend them to detect 13 types of vulnerabilities.
 
 
-== Project Structure
+== Organizational structure
 
 We have classified the rules by packages and vulnerability types to help users quickly locate the required ones.
 The structure of this project is as follows:
@@ -13,44 +16,36 @@ The structure of this project is as follows:
 ----
 taint-configuration
 ├── sink
-│   ├── infoleak                       contains 141 sinks
+│   ├── infoleak              # contains 141 sinks
 │   │   └── java-io
-│   │
-│   └── injection                      contains 779 sinks
+│   └── injection             # contains 779 sinks
 │       ├── android
 │       │   └── sql-injection
-│       │
 │       ├── java
 │       │   ├── crlf
 │       │   ├── path-traversal
 │       │   ├── rce
 │       │   └── ...
-│       │
 │       └── ...
-│
-├── source                             
-│   ├── infoleak                       contains 158 sources
+├── source
+│   ├── infoleak              # contains 158 sources
 │   │   └── java
-│   │
-│   └── injection                      contains 169 sources
+│   └── injection             # contains 169 sources
 │       ├── apache-struts2
-│       │
 │       ├── javax
 │       │   ├── javax-portlet
 │       │   ├── javax-servlet
 │       │   └── javax-swing
-│       │
 │       └── ...
-│
-└── transfer                           contains 138 transfers about String
+└── transfer                  # contains 138 transfers about String
 ----
 
 Specifically, this project firstly categorizes the configuration files into three main categories: sink, source, and transfer.
 
 * `sink` category: Contains `sink` configurations files related to information leakage and injection vulnerabilities, further subdivided into two subdirectories:
   ** `infoleak`: Categorized by package name.
   ** `injection`: Categorized by vulnerability type.
-  
+
 * `source` category: Contains `source` configurations related to information leakage and injection vulnerabilities, further subdivided into two subdirectories:
   ** `infoleak`: Categorized by package name.
   ** `injection`: Categorized by package name.
@@ -59,15 +54,13 @@ Specifically, this project firstly categorizes the configuration files into thre
 
 Additionally, each subdirectory contains a corresponding `README` file that provides a brief overview of the relevant vulnerability types.
 
-== How to Use it?
+== How to Use it? (An Example)
 
-Users can directly integrate the configuration files from this collection into the `taint-config.yml` for the `Tai-e` taint analysis tool, 
-or modify and extend them as needed to better meet specific analysis requirements. 
-For information on properly configuring `Tai-e` taint analysis, please refer to the link:https://tai-e.pascal-lab.net/docs/0.2.2/reference/en/taint-analysis.html#configuring-taint-analysis[Configuring Taint Analysis].
 
-== An example
+Users can directly integrate the configuration files from this collection into the <<taint-analysis#taint-analysis,Configuration File for the Tai-e taint analysis>>,
+or modify and extend them as needed to better meet specific analysis requirements.
 
-Here is an example of how to use the configuration files from this collection. 
+Here is an example of how to use the configuration files from this collection.
 If the user needs to detect an `RCE (Remote Code Execution)` injection vulnerability in a Java project using the `Jetty` software library, the following steps can be taken to modify the `taint-config.yml` file:
 
 1. Add the `source` rules related to the *Jetty software library* from the file `taint-configuration/source/injection/jetty/jetty-http/jetty-http.yml` to the `taint-config.yml`.

diff --git a/docs/en/index-single.adoc b/docs/en/index-single.adoc
@@ -18,6 +18,8 @@ include::types-classes.adoc[leveloffset=+1]
 
 include::taint-analysis.adoc[leveloffset=+1]
 
+include::commonly-used-taint-config.adoc[leveloffset=+1]
+
 include::develop-new-analysis.adoc[leveloffset=+1]
 
 include::program-abstraction.adoc[leveloffset=+1]

diff --git a/docs/en/index.adoc b/docs/en/index.adoc
@@ -11,6 +11,7 @@ The reference documentation consists of the following sections:
 * <<command-line-options#,How to Run Tai-e (command-line options)?>>
 * <<types-classes#,How to Specify and Access Types, Classes, and Class Members (Methods and Fields)?>>
 * <<taint-analysis#,How to Use Taint Analysis?>>
+** <<commonly-used-taint-config#,Commonly Used Taint Configuration>>
 * <<develop-new-analysis#,How to Develop A New Analysis on Tai-e?>>
 * <<program-abstraction#,Program Abstraction in Tai-e (core classes and IR)>>
 * <<analysis-management#,Analysis Management>>