diff options
Diffstat (limited to 'protocols/Tox/libtox/docs/README.md')
| -rw-r--r-- | protocols/Tox/libtox/docs/README.md | 80 |
1 files changed, 56 insertions, 24 deletions
diff --git a/protocols/Tox/libtox/docs/README.md b/protocols/Tox/libtox/docs/README.md index 847ec7cd6f..e7a2b6ba60 100644 --- a/protocols/Tox/libtox/docs/README.md +++ b/protocols/Tox/libtox/docs/README.md @@ -1,44 +1,55 @@ #  -**Current Coverage:** [](https://codecov.io/gh/TokTok/c-toxcore) +**Current Coverage:** +[](https://codecov.io/gh/TokTok/c-toxcore) -[**Website**](https://tox.chat) **|** [**Wiki**](https://wiki.tox.chat/) **|** [**Blog**](https://blog.tox.chat/) **|** [**FAQ**](https://wiki.tox.chat/doku.php?id=users:faq) **|** [**Binaries/Downloads**](https://tox.chat/download.html) **|** [**Clients**](https://wiki.tox.chat/doku.php?id=clients) **|** [**Compiling**](/INSTALL.md) - -**IRC Channels:** Users: [#tox@libera.chat](https://web.libera.chat/#tox), Developers: [#toktok@libera.chat](https://web.libera.chat/#toktok) +[**Website**](https://tox.chat) **|** [**Wiki**](https://wiki.tox.chat/) **|** +[**Blog**](https://blog.tox.chat/) **|** +[**FAQ**](https://wiki.tox.chat/doku.php?id=users:faq) **|** +[**Binaries/Downloads**](https://tox.chat/download.html) **|** +[**Clients**](https://wiki.tox.chat/doku.php?id=clients) **|** +[**Compiling**](/INSTALL.md) ## What is Tox Tox is a peer to peer (serverless) instant messenger aimed at making security and privacy easy to obtain for regular users. It uses -[NaCl](https://nacl.cr.yp.to/) for its encryption and authentication. +[libsodium](https://doc.libsodium.org/) (based on +[NaCl](https://nacl.cr.yp.to/)) for its encryption and authentication. ## IMPORTANT! ###  This is an **experimental** cryptographic network library. It has not been -formally audited by an independent third party that specializes in -cryptography or cryptanalysis. **Use this library at your own risk.** +formally audited by an independent third party that specializes in cryptography +or cryptanalysis. **Use this library at your own risk.** -The underlying crypto library [NaCl](https://nacl.cr.yp.to/install.html) -provides reliable encryption, but the security model has not yet been fully -specified. See [issue 210](https://github.com/TokTok/c-toxcore/issues/210) for -a discussion on developing a threat model. See other issues for known -weaknesses (e.g. [issue 426](https://github.com/TokTok/c-toxcore/issues/426) -describes what can happen if your secret key is stolen). +The underlying crypto library [libsodium](https://doc.libsodium.org/) provides +reliable encryption, but the security model has not yet been fully specified. +See [issue 210](https://github.com/TokTok/c-toxcore/issues/210) for a discussion +on developing a threat model. See other issues for known weaknesses (e.g. +[issue 426](https://github.com/TokTok/c-toxcore/issues/426) describes what can +happen if your secret key is stolen). ## Toxcore Development Roadmap -The roadmap and changelog are generated from GitHub issues. You may view them -on the website, where they are updated at least once every 24 hours: +The roadmap and changelog are generated from GitHub issues. You may view them on +the website, where they are updated at least once every 24 hours: -- Changelog: https://toktok.ltd/changelog/c-toxcore -- Roadmap: https://toktok.ltd/roadmap/c-toxcore +- Changelog: https://toktok.ltd/changelog/c-toxcore +- Roadmap: https://toktok.ltd/roadmap/c-toxcore ## Installing toxcore Detailed installation instructions can be found in [INSTALL.md](INSTALL.md). +Be advised that due to the addition of `cmp` as a submodule, you now also need +to initialize the git submodules required by toxcore. This can be done by +cloning the repo with the following command: +`git clone --recurse-submodules https://github.com/Toktok/c-toxcore` or by +running `git submodule update --init` in the root directory of the repo. + In a nutshell, if you have [libsodium](https://github.com/jedisct1/libsodium) installed, run: @@ -73,17 +84,17 @@ if (err_new != TOX_ERR_NEW_OK) { } ``` -Here, we simply exit the program, but in a real client you will probably want -to do some error handling and proper error reporting to the user. The `NULL` +Here, we simply exit the program, but in a real client you will probably want to +do some error handling and proper error reporting to the user. The `NULL` argument given to the first parameter of `tox_new` is the `Tox_Options`. It -contains various write-once network settings and allows you to load a -previously serialised instance. See [toxcore/tox.h](tox.h) for details. +contains various write-once network settings and allows you to load a previously +serialised instance. See [toxcore/tox.h](tox.h) for details. ### Setting up callbacks -Toxcore works with callbacks that you can register to listen for certain -events. Examples of such events are "friend request received" or "friend sent -a message". Search the API for `tox_callback_*` to find all of them. +Toxcore works with callbacks that you can register to listen for certain events. +Examples of such events are "friend request received" or "friend sent a +message". Search the API for `tox_callback_*` to find all of them. Here, we will set up callbacks for receiving friend requests and receiving messages. We will always accept any friend request (because we're a bot), and @@ -171,3 +182,24 @@ the API documentation in [toxcore/tox.h](toxcore/tox.h) for more information. - [Another echo bot](https://wiki.tox.chat/developers/client_examples/echo_bot) - [minitox](https://github.com/hqwrong/minitox) (A minimal tox client) + +## SAST Tools + +This project uses various tools supporting Static Application Security Testing: + +- [clang-tidy](https://clang.llvm.org/extra/clang-tidy/): A clang-based C++ + "linter" tool. +- [Coverity](https://scan.coverity.com/): A cloud-based static analyzer service + for Java, C/C++, C#, JavaScript, Ruby, or Python that is free for open source + projects. +- [cppcheck](https://cppcheck.sourceforge.io/): A static analyzer for C/C++ + code. +- [cpplint](https://github.com/cpplint/cpplint): Static code checker for C++ +- [goblint](https://goblint.in.tum.de/): A static analyzer for multi-threaded C + programs, specializing in finding concurrency bugs. +- [infer](https://github.com/facebook/infer): A static analyzer for Java, C, + C++, and Objective-C. +- [PVS-Studio](https://pvs-studio.com/en/pvs-studio/?utm_source=website&utm_medium=github&utm_campaign=open_source): + A static analyzer for C, C++, C#, and Java code. +- [tokstyle](https://github.com/TokTok/hs-tokstyle): A style checker for TokTok + C projects. |