"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "website/docs/pysa_features.md" between
pyre-check-0.0.54.tar.gz and pyre-check-0.0.55.tar.gz

About: Pyre is a performant type checker for Python (ships with Pysa, a security focused static analysis tool).

pysa_features.md  (pyre-check-0.0.54):pysa_features.md  (pyre-check-0.0.55)
skipping to change at line 108 skipping to change at line 108
would capture the name of a header being set on a Django `HttpResponse`: would capture the name of a header being set on a Django `HttpResponse`:
```python ```python
def django.http.response.HttpResponse.__setitem__( def django.http.response.HttpResponse.__setitem__(
self, self,
header: TaintSink[ResponseHeaderName], header: TaintSink[ResponseHeaderName],
value: TaintSink[ResponseHeaderValue, ViaValueOf[header]] value: TaintSink[ResponseHeaderValue, ViaValueOf[header]]
): ... ): ...
``` ```
You can also associate a tag with a `via-value` feature to ensure that different
`via-value` annotations don't interfere with each other. Here's how you can reta
in
the information that the name of the header was being set:
```python
def django.http.response.HttpResponse.__setitem__(
self,
header: TaintSink[ResponseHeaderName],
value: TaintSink[ResponseHeaderValue, ViaValueOf[header, WithTag["set-header
"]]
): ...
```
The feature would now appear as `via-value-of-set-header:Access-Control-Allow-Or
igin`.
### `via-type` Feature Using `ViaTypeOf[]` ### `via-type` Feature Using `ViaTypeOf[]`
The `via-type` feature is nearly identical to the `via-value` feature, however, The `via-type` feature is nearly identical to the `via-value` feature, however,
it captures *the type of the specified argument, rather than it's value*. Pysa it captures *the type of the specified argument, rather than it's value*. Pysa
will retrieve the type information for the argument from Pyre, and add a feature will retrieve the type information for the argument from Pyre, and add a feature
such as `"via-type": "str"`, `"via-type": "typing.List[str]"`, or `"via-type": such as `"via-type": "str"`, `"via-type": "typing.List[str]"`, or `"via-type":
"typing.Any"` (in the case Pyre doesn't have type information). "typing.Any"` (in the case Pyre doesn't have type information).
`ViaTypeOf` is useful for sinks such as `subprocess.run`, which accepts `ViaTypeOf` is useful for sinks such as `subprocess.run`, which accepts
`Union[bytes, str, Sequence]` for it's `arg` parameter. The `via-type` feature `Union[bytes, str, Sequence]` for it's `arg` parameter. The `via-type` feature
skipping to change at line 134 skipping to change at line 148
added. It is added by specifying `ViaTypeOf[PARAMETER_NAME]`, where added. It is added by specifying `ViaTypeOf[PARAMETER_NAME]`, where
`PARAMETER_NAME` is the name of the function parameter for which you would like `PARAMETER_NAME` is the name of the function parameter for which you would like
to capture the argument value: to capture the argument value:
```python ```python
def subprocess.run( def subprocess.run(
args: TaintSink[RemoteCodeExecution, ViaTypeOf[args]], args: TaintSink[RemoteCodeExecution, ViaTypeOf[args]],
): ... ): ...
``` ```
The `via-type` feature also supports adding tags, using the same syntax as the `
via-value`
feature:
```python
def subprocess.run(
args: TaintSink[RemoteCodeExecution, ViaTypeOf[args, WithTag["subprocess-arg
"]]]
): ...
```
## Automatic Features ## Automatic Features
### `via` Feature ### `via` Feature
In addition to the manually specified `via` features, Pysa automatically adds In addition to the manually specified `via` features, Pysa automatically adds
some `via` features with special meaning such as `via:obscure`, some `via` features with special meaning such as `via:obscure`,
`via:format-string`, and `via:tito`. `via:obscure` means that the flow passed `via:format-string`, and `via:tito`. `via:obscure` means that the flow passed
through code that Pysa does not have access to analyze, and thus some taint flow through code that Pysa does not have access to analyze, and thus some taint flow
assumptions were made. This can be a useful to filter out flows that may be more assumptions were made. This can be a useful to filter out flows that may be more
noisy. `via:format-string` means that a flow passed through a [python noisy. `via:format-string` means that a flow passed through a [python
 End of changes. 2 change blocks. 
0 lines changed or deleted 28 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)