Document the stable docker image tag.

3ccc1062 · Enkelmann · 041b795b · 3ccc1062 · 3ccc1062 · 3ccc1062
Commit 3ccc1062 authored Jan 27, 2020 by Enkelmann
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 6 deletions

README.md README.md +4 -1

index.mld index.mld +6 -4

cwe_476.mli src/checkers/cwe_476.mli +1 -1

No files found.
--- a/README.md
+++ b/README.md
@@ -47,10 +47,13 @@ The following arguments should convince you to give *cwe_checker* a try:
 -  it is configureable, e.g. apply analyses to new APIs
 -  view results annotated in IDA Pro and Ghidra
 -  *cwe_checker* can be integrated as a plugin into [FACT](https://github.com/fkie-cad/FACT_core)
+
 ## How to install cwe_checker? ##
 There are several ways to install cwe_checker. The recommended way is to get cwe_checker from the Ocaml package manager Opam. You can install cwe_checker via the package [cwe_checker](https://opam.ocaml.org/packages/cwe_checker/) (`opam install cwe_checker`). This gives you a stable version of cwe_checker.

-Another option is to pull the latest Docker container from [dockerhub](https://hub.docker.com/r/fkiecad/cwe_checker) (`docker pull fkiecad/cwe_checker`).
+Another option is to pull the latest Docker image from [dockerhub](https://hub.docker.com/r/fkiecad/cwe_checker):
+-   `docker pull fkiecad/cwe_checker:latest` yields an image based on the current master branch.
+-   `docker pull fkiecad/cwe_checker:stable` yields an image based on the latest stable release version.

 If you plan to develop cwe_checker, it is recommended to build it using the provided `Makefile`. In this case you must ensure that all dependencies are fulfilled:
 -   Ocaml 4.05.0

--- a/index.mld
+++ b/index.mld
@@ -26,11 +26,13 @@ The symbolic execution based checks can be run with the emulation recipe in the 
 {[bap PATH_TO_BINARY --recipe=recipes/emulation]}
 Note that these checks are rather slow at the moment and should only be applied to small binaries.

-{2 How to use the docker image}
+{2 How to use the docker images}

-The docker image, which is based on the current master branch of the repository, can be installed with
-{[docker pull fkiecad/cwe_checker]}
-To use it, mount the target binary inside the docker container and call {i bap} with {i cwe_checker} as a pass as usual:
+There are two docker images containing preinstalled versions of the {i cwe_checker}:
+- [docker pull fkiecad/cwe_checker:latest] pulls the image based on the current master branch.
+- [docker pull fkiecad/cwe_checker:stable] pulls the image based on the current stable release version.
+
+To use them, mount the target binary inside the docker container and call {i bap} with {i cwe_checker} as a pass as usual:
 {[docker run --rm -v [BINARY]:/tmp/input fkiecad/cwe_checker bap /tmp/input --pass=cwe-checker]}
 If you are using a customized [config.json] file, don't forget to mount it inside your container as well!
 If you want to print the output to a file with [--cwe-checker-out], you also need to mount the output file to the docker container, or else the file will be lost once the container gets destroyed.

--- a/src/checkers/cwe_476.mli
+++ b/src/checkers/cwe_476.mli
@@ -21,7 +21,7 @@
      If false, we assume that the callee, resp. the caller on a return instruction,
      checks all unchecked values still contained in parameter registers. If true, every
      unchecked value on a call or return instruction gets reported.
-    - strict_mem_policy=|{true, false|}:
+    - strict_mem_policy=\{true, false\}:
      Determines behaviour on writing an unchecked return value to a memory region other than the stack.
      If true, these instances get reported.
      Depending on the coding style, this can lead to a lot false positives if return values are