Skip to content

VarsVisitor RuntimeError on code like f(g(a)(b)) #157

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bcaller opened this issue Jul 30, 2018 · 3 comments · Fixed by #163
Closed

VarsVisitor RuntimeError on code like f(g(a)(b)) #157

bcaller opened this issue Jul 30, 2018 · 3 comments · Fixed by #163
Labels
help wanted

Comments

@bcaller
Copy link
Collaborator

bcaller commented Jul 30, 2018

If you run pyt on code like x = f(g(a)(b)), it will raise an Exception

  File "/pack/pyt/pyt/cfg/stmt_visitor.py", line 83, in stmt_star_handler
    node = self.visit(stmt)
  File "/usr/lib/python3.7/ast.py", line 262, in visit
    return visitor(node)
  File "/pack/pyt/pyt/cfg/stmt_visitor.py", line 452, in visit_Assign
    return self.assignment_call_node(label.result, node)
  File "/pack/pyt/pyt/cfg/stmt_visitor.py", line 485, in assignment_call_node
    vars_visitor.visit(ast_node.value)
  File "/usr/lib/python3.7/ast.py", line 262, in visit
    return visitor(node)
  File "/pack/pyt/pyt/helper_visitors/vars_visitor.py", line 106, in visit_Call
    raise

Test case:

    def test_curried_function(self):
        vars = self.perform_vars_on_expression('f(g(a)(b)(c))')
        self.assertEqual(vars.result, ???)

What should the result be? ['a', 'b', 'c']? I'm not exactly sure what the function on VarsVisitor is.
bcaller added a commit to bcaller/pyt that referenced this issue Jul 31, 2018
@bcaller
HACK: Don't raise exception on f(g(a)(b)(c))
7226d4d 
Just hide for now.

VarsVisitor needs to be fixed python-security#157.
@bcaller
Copy link
Collaborator Author

bcaller commented Aug 2, 2018

@KevinHock Do you have any ideas?

@KevinHock
Copy link
Collaborator

KevinHock commented Aug 2, 2018
edited
Loading

That is interesting, I'll play around with it more today but it might be [ret_g, b, c] or just [ret_g] depending on if b and c get passed to g() or f(). https://github.com/python-security/pyt/blob/master/tests/helper_visitors/vars_visitor_test.py#L43-L46

@KevinHock
Copy link
Collaborator

So this is difficult, we probably wouldn't generate a "proper" CFG for curried code, (the calling what is returned part). For now we can make it [ret_g, b, c] which means false-positives but definitely acceptable given how rare code like this is.

@bcaller bcaller mentioned this issue Aug 3, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix VarsVisitor RuntimeError on code like f(g(a)(b)(c)) bcaller/pyt
2 participants
@KevinHock @bcaller