You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Validating taint models fails for specific cases of incorrect Syntax. Since the new Pysa VSCode Plugin relies on validate_taint_models() performing correctly, the extension is unable to publish diagnostics and highlight the errors.
Reproduction steps
Taking one of the example .pysa files provided in documentation/pysa_tutorial/exercise2 folder,
If there is an error in the way ShellExecution is spelt or subprocess is spelt, an error such as the following is displayed:
These errors make it possible for the VSCode Extension to take in the line values and publish the diagnostics. However, upon removing one the square brackets or misspelling def at the beginning causes:
Expected behavior
Pysa should be able to parse errors like misspelling "def" or misplacing brackets as well. The parsed output should be similar to the ones shown in the beginning - with proper line numbers, path to the file etc. This will help in publishing the errors to VSCode for the extension. Since this only seems to occur for some particular changes, it causes inconsistencies in the extensions's model validation feature where it successfully shows errors in some cases, and crashes/ ignores in cases where this happens.
Logs
Output with --noninteractive flag enabled
2021-05-24 17:59:31,225 [PID 67312] DEBUG Sending `["Query", "validate_taint_models()"]`
2021-05-24 17:59:31,227 [PID 67312] DEBUG Received `["Query",{"error":"(\"PyreParser.Parser.Error(\\\"Could not parse file at $invalid_path:5:13-5:13\\\\n ef subprocess.getoutput(cmd: TaintSink[ShellExecution]): ...\\\\n ^\\\")\")"}]`
{"error": "(\"PyreParser.Parser.Error(\\\"Could not parse file at $invalid_path:5:13-5:13\\\\n ef subprocess.getoutput(cmd: TaintSink[ShellExecution]): ...\\\\n ^\\\")\")"}
Additional Context
The development of the Pysa VSCode Extension's model validation feature can be checked here #409 and this issue has been filed after discussions with @gbleaney.
The text was updated successfully, but these errors were encountered:
Pysa Bug
Bug description
Validating taint models fails for specific cases of incorrect Syntax. Since the new Pysa VSCode Plugin relies on
validate_taint_models()
performing correctly, the extension is unable to publish diagnostics and highlight the errors.Reproduction steps
Taking one of the example
.pysa
files provided indocumentation/pysa_tutorial/exercise2
folder,If there is an error in the way
ShellExecution
is spelt orsubprocess
is spelt, an error such as the following is displayed:These errors make it possible for the VSCode Extension to take in the line values and publish the diagnostics. However, upon removing one the square brackets or misspelling
def
at the beginning causes:Expected behavior
Pysa should be able to parse errors like misspelling "def" or misplacing brackets as well. The parsed output should be similar to the ones shown in the beginning - with proper line numbers, path to the file etc. This will help in publishing the errors to VSCode for the extension. Since this only seems to occur for some particular changes, it causes inconsistencies in the extensions's model validation feature where it successfully shows errors in some cases, and crashes/ ignores in cases where this happens.
Logs
Output with
--noninteractive
flag enabledAdditional Context
The development of the Pysa VSCode Extension's model validation feature can be checked here #409 and this issue has been filed after discussions with @gbleaney.
The text was updated successfully, but these errors were encountered: