Add setup script and update READM.md

filipeom · filipeom · commit ac7e6fc90736 · 2025-05-12T21:13:23.000+01:00
diff --git a/Dockerfile b/Dockerfile
@@ -62,22 +62,15 @@ RUN cd "${BASE}/explode-js/vendor/graphjs" \
     && sudo pip install --break-system-packages -r ./requirements.txt \
     && cd ./parser && sudo npm install && npm exec tsc
 
-RUN opam init --disable-sandboxing --shell-setup -y \
+RUN opam init --bare --disable-sandboxing --shell-setup -y \
+    && sudo apt update \
     && opam switch create -y ecma-sl 5.3.0 \
     && eval $(opam env --switch=ecma-sl) \
     && opam update \
     && echo "eval \$(opam env --switch=ecma-sl)" >> ~/.bash_profile
 
 RUN cd "${BASE}/explode-js/" && eval $(opam env --switch=ecma-sl) \
-  && opam install z3 -y --confirm-level=unsafe-yes
-
-RUN cd "${BASE}/explode-js/" && eval $(opam env --switch=ecma-sl) \
-    && sudo apt update \
-    && cd ./vendor/ECMA-SL && opam install -y . --deps-only --confirm-level=unsafe-yes \
-    && dune build -p ecma-sl --profile release && dune install -p ecma-sl \
-    && cd ../../ && opam install -y . --deps-only --confirm-level=unsafe-yes \
-    && dune build @install --profile release \
-    && dune install
+  && ./setup.ml --skip-graphjs
 
 # Cleanup unavailable resources
 RUN cd "${BASE}/explode-js/" && \
diff --git a/README.md b/README.md
@@ -1,38 +1,56 @@
 # Explode-js
 
-Automatic exploit generation for Node.js applications. See [examples]
+Automatic exploit generation for Node.js applications.
 
 ### Build from source
 
-- Install the library dependencies:
+When building **Explode-js** from source, it is recommended that you first
+ensure the following:
 
+- Install [opam](https://opam.ocaml.org/doc/Install.html) and bootstrap
+the OCaml compiler:
+
+<!-- $MDX skip -->
 ```sh
-git clone https://github.com/formalsec/explode-js.git
-cd explode-js
-opam install . --deps-only
+$ opam init
+$ opam switch create 5.3.0 5.3.0
 ```
 
-- Build and test:
+- Setup a managed Python environment using either [direnv](https://direnv.net/) or
+[virtualenv](https://docs.python.org/3/library/venv.html).
+
+Then, you can proceed with the installation of Explode-js:
+
+- Clone the repository and its dependencies, then run the `setup.ml` script:
 
+<!-- $MDX skip -->
 ```sh
-dune build
-dune runtest
+$ git clone https://github.com/formalsec/explode-js.git
+$ git submodule update --init
+# Or, if you only want to run explode-js and not the evaluation, use:
+# $ git submodule update --init bench/graphjs bench/ECMA-SL
+$ cd explode-js
+$ ./setup.ml
 ```
 
-- Install `explode-js` on your path by running:
+- To run tests:
 
+<!-- $MDX skip -->
 ```sh
-dune install
+$ dune runtest
 ```
 
+### Examples
+
+For examples on how to run explode-js in different settings, see [examples].
+
 ### Evaluation
 
 For benchmarking and evaluation see [bench]
 
 [bench]: ./bench
 [examples]: ./example
 
-
 ## Coding Practices
 
 In this project I adopted some practices that made some parts of the code more
diff --git a/setup.ml b/setup.ml
@@ -0,0 +1,69 @@
+#!/usr/bin/env ocaml
+
+let skip_python = ref false
+
+let () =
+  let usage = Format.sprintf "%s [--skip-graphjs]" Sys.argv.(0) in
+  let spec_list =
+    [ ( "--skip-graphjs"
+      , Arg.Set skip_python
+      , "Skip graphjs's python configuration" )
+    ]
+  in
+  Arg.parse spec_list ignore usage
+
+let with_dir fpath f =
+  let cwd = Sys.getcwd () in
+  Sys.chdir fpath;
+  Fun.protect ~finally:(fun () -> Sys.chdir cwd) f
+
+let on_fail res msg = if res <> 0 then Format.ksprintf failwith "Error: %s" msg
+
+let opam_install pkg =
+  Format.ksprintf Sys.command "opam install %s -y --confirm-level=unsafe-yes"
+    pkg
+
+let opam_exec rest = Format.ksprintf Sys.command "opam exec -- %s" rest
+
+let setup_graphjs () =
+  Format.printf "Installing graphjs ...@.";
+  with_dir "vendor/graphjs" @@ fun () ->
+  on_fail
+    (Sys.command "pip install -r ./requirements.txt")
+    "Could not install graphjs's python requirements";
+  with_dir "parser" @@ fun () ->
+  on_fail
+    (Sys.command "npm install")
+    "Could not install graphjs's normalizer dependencies";
+  on_fail (Sys.command "npm exec tsc") "Could not compile graphjs's normalizer"
+
+let setup_z3 () =
+  Format.printf "Installing Z3 ...@.";
+  on_fail (opam_install "z3") "Could not install z3 through opam!"
+
+let setup_ecmasl () =
+  Format.printf "Installing ECMA-SL ...@.";
+  with_dir "vendor/ECMA-SL" @@ fun () ->
+  on_fail
+    (opam_install ". --deps-only")
+    "Could not install ECMA-SL's dependencies";
+  on_fail
+    (opam_exec "dune build -p ecma-sl --profile release")
+    "Could not build ECMA-SL!";
+  on_fail (opam_exec "dune install -p ecma-sl") "Could not install ECMA-SL!"
+
+let setup_explodejs () =
+  Format.printf "Installing Explode-js ...@.";
+  on_fail
+    (opam_install ". --deps-only")
+    "Could not install Explode-js's dependencies";
+  on_fail
+    (opam_exec "dune build @install --profile release")
+    "Could not build Explode-js!";
+  on_fail (opam_exec "dune install") "Could not install Explode-js!"
+
+let () =
+  if !skip_python then () else setup_graphjs ();
+  setup_z3 ();
+  setup_ecmasl ();
+  setup_explodejs ()
