Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

validate_taint_models() fails for specific cases of incorrect Syntax in .pysa files #431

Closed
m0mosenpai opened this issue May 24, 2021 · 1 comment
Closed

validate_taint_models() fails for specific cases of incorrect Syntax in .pysa files #431

m0mosenpai opened this issue May 24, 2021 · 1 comment

Comments

@m0mosenpai
Copy link
Contributor

m0mosenpai commented May 24, 2021
edited

Pysa Bug

Bug description

Validating taint models fails for specific cases of incorrect Syntax. Since the new Pysa VSCode Plugin relies on validate_taint_models() performing correctly, the extension is unable to publish diagnostics and highlight the errors.

Reproduction steps

Taking one of the example .pysa files provided in documentation/pysa_tutorial/exercise2 folder,

image

If there is an error in the way ShellExecution is spelt or subprocess is spelt, an error such as the following is displayed:

image
image

These errors make it possible for the VSCode Extension to take in the line values and publish the diagnostics. However, upon removing one the square brackets or misspelling def at the beginning causes:

image

Expected behavior

Pysa should be able to parse errors like misspelling "def" or misplacing brackets as well. The parsed output should be similar to the ones shown in the beginning - with proper line numbers, path to the file etc. This will help in publishing the errors to VSCode for the extension. Since this only seems to occur for some particular changes, it causes inconsistencies in the extensions's model validation feature where it successfully shows errors in some cases, and crashes/ ignores in cases where this happens.

Logs

Output with --noninteractive flag enabled

image

2021-05-24 17:59:31,225 [PID 67312] DEBUG Sending `["Query", "validate_taint_models()"]`
2021-05-24 17:59:31,227 [PID 67312] DEBUG Received `["Query",{"error":"(\"PyreParser.Parser.Error(\\\"Could not parse file at $invalid_path:5:13-5:13\\\\n  ef subprocess.getoutput(cmd: TaintSink[ShellExecution]): ...\\\\n              ^\\\")\")"}]`
{"error": "(\"PyreParser.Parser.Error(\\\"Could not parse file at $invalid_path:5:13-5:13\\\\n  ef subprocess.getoutput(cmd: TaintSink[ShellExecution]): ...\\\\n              ^\\\")\")"}

Additional Context

The development of the Pysa VSCode Extension's model validation feature can be checked here #409 and this issue has been filed after discussions with @gbleaney.
@m0mosenpai m0mosenpai mentioned this issue May 24, 2021
Closed
5 tasks
@arthaud
Copy link
Contributor

arthaud commented Jun 8, 2021
edited

Syntax errors should now be reported as any other model verification error :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@arthaud @m0mosenpai