Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Display positions in SinkDuplicate errors #756

Closed

Conversation

abishekvashok
Copy link
Contributor

Pre-submission checklist

  • I've ran the linters locally and fixed lint errors related to the files I modified in this PR. You can install the linters by running pip install -r requirements-dev.txt && pre-commit install
  • pre-commit run

Summary

Previously when SinkDuplicate errors occured, we just displayed a note. Now we can display locations where the duplicates occured.

Modifies and updates test as well.

Test Plan

  • Post changes with the default taint.config, running pysa on documentation/pysa_tutorial/exercise1
Screenshot 2023-07-20 at 11 46 33 AM
  • Modify taint.config to:
{
  "sources": [
    {
      "name": "CustomUserControlled",
      "comment": "use to annotate user input"
    }
  ],

  "sinks": [
    {
      "name": "CodeExecution",
      "comment": "use to annotate execution of python code"
    },
    {
      "name": "CodeExecution",
      "comment": "duplicate for testing"
    }
  ],

  "features": [],

  "rules": [
    {
      "name": "Possible RCE:",
      "code": 5001,
      "sources": [ "CustomUserControlled" ],
      "sinks": [ "CodeExecution" ],
      "message_format": "User specified data may reach a code execution sink"
    }
  ]
}

Before this PR:

Screenshot 2023-07-20 at 11 53 32 AM

After this PR:

Screenshot 2023-07-20 at 11 47 49 AM
  • make test

Fixes part of: MLH-Fellowship#82
Signed-off-by: Abishek V Ashok abishekvashok@gmail.com

Previously when SinkDuplicate errors occured, we just displayed a note.
Now we can display locations where the duplicates occured.

Modifies and updates test as well.

Fixes part of: MLH-Fellowship#82
Signed-off-by: Abishek V Ashok <abishekvashok@gmail.com>
@facebook-github-bot
Copy link
Contributor

@r0rshark has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

@facebook-github-bot
Copy link
Contributor

@r0rshark merged this pull request in 57de96e.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants