2026-05-05 03:43:45 -04:00
|
|
|
//! Dynamic verification layer (feature-gated: `dynamic`).
|
|
|
|
|
//!
|
|
|
|
|
//! Static analysis confirms a flow exists. Dynamic execution confirms it fires.
|
|
|
|
|
//! This module turns a [`crate::commands::scan::Diag`] into a runnable harness,
|
|
|
|
|
//! injects a payload from a per-cap corpus, executes inside a sandbox, and
|
|
|
|
|
//! reports back whether the sink actually triggered.
|
|
|
|
|
//!
|
|
|
|
|
//! Pipeline:
|
|
|
|
|
//!
|
|
|
|
|
//! ```text
|
2026-05-11 22:56:43 -04:00
|
|
|
//! Diag --> HarnessSpec --> lang::emit() --> BuiltHarness
|
|
|
|
|
//! |
|
|
|
|
|
//! v
|
|
|
|
|
//! sandbox::run(payload)
|
|
|
|
|
//! |
|
|
|
|
|
//! v
|
|
|
|
|
//! SandboxOutcome
|
|
|
|
|
//! |
|
|
|
|
|
//! v
|
|
|
|
|
//! oracle + sink_hit check
|
|
|
|
|
//! |
|
|
|
|
|
//! v
|
|
|
|
|
//! VerifyResult
|
2026-05-05 03:43:45 -04:00
|
|
|
//! ```
|
|
|
|
|
//!
|
|
|
|
|
//! All submodules are read-only consumers of the static engine's output.
|
|
|
|
|
//! Nothing in this tree mutates SSA, taint, or label state.
|
|
|
|
|
//!
|
|
|
|
|
//! Off by default. Enable with `--features dynamic`. Heavy deps (container
|
|
|
|
|
//! runtime client, fuzzer harness) live behind the same gate.
|
|
|
|
|
|
2026-05-11 22:56:43 -04:00
|
|
|
pub mod build_sandbox;
|
2026-05-05 03:43:45 -04:00
|
|
|
pub mod corpus;
|
|
|
|
|
pub mod harness;
|
2026-05-11 22:56:43 -04:00
|
|
|
pub mod lang;
|
|
|
|
|
pub mod mount_filter;
|
2026-05-12 12:51:04 -04:00
|
|
|
pub mod oob;
|
2026-05-11 22:56:43 -04:00
|
|
|
pub mod repro;
|
2026-05-05 03:43:45 -04:00
|
|
|
pub mod report;
|
|
|
|
|
pub mod runner;
|
|
|
|
|
pub mod sandbox;
|
|
|
|
|
pub mod spec;
|
2026-05-11 22:56:43 -04:00
|
|
|
pub mod telemetry;
|
|
|
|
|
pub mod toolchain;
|
2026-05-05 03:43:45 -04:00
|
|
|
pub mod verify;
|
|
|
|
|
|
|
|
|
|
pub use report::{VerifyResult, VerifyStatus};
|
|
|
|
|
pub use spec::HarnessSpec;
|
|
|
|
|
pub use verify::{verify_finding, VerifyOptions};
|
