node version v7.5.0 (other versions may work but are not tested),
gnuplot (for coverage graphs),
python2 (as python in path).
mitmproxy (Depends libxml2-dev, libxslt-dev, libssl-dev) is required for electron analysis.
npm install inside the ExpoSE directory for a clean installation.
In most cases you want to start by running the ExpoSE dashboard. The GUI provides detailed test case information, easy replay, and coverage graphs. Start the ExpoSE dashboard with
$ npm start
Alternatively, you can invoke ExpoSE directly via the
expoSE command line interface.
$ expoSE ./tests/numbers/infoflow
replay- Replay a test case with a specific input.
ahg- Automatically generate a generic test harness for a specified NPM library.
ExpoSE Browser Support
There is limited support for symbolic execution of webpages through a custom Electron based web browser. To execute ExpoSE on a website you use the same arguments as the CLI. Note: This also requires python3 and a modern version of mitmproxy to function correctly.
$ expoSE "https://google.com"
ExpoSE is configured via environment variables. All work both with the ExpoSE GUI and ExpoSE CLI. Typically these can be set from a terminal by writing a command such as
$ EXPOSE_LOG_LEVEL=1 expoSE target/hello.js
EXPOSE_MAX_TIME- The time (in milliseconds) to limit the total execution
EXPOSE_TEST_TIMEOUT- The time (in milliseconds) a test case can run for before being timed out
EXPOSE_PRINT_COVERAGE- Print out the files checked by an analysis and show the lines which where explored by the analyzer
EXPOSE_PRINT_PATHS- Print the output of each test case to stdout
EXPOSE_LOG_LEVEL- Level from 0 (None) to 3 (High)
EXPOSE_MAX_CONCURRENT- The maximum number of test cases that can run concurrently
RECOMPILE- Force ExpoSE to rebuild before executing scripts
NOTE: To improve performance logging instructions are removed from the output at compile time and so will not be updated if
NO_COMPILE is set.