Adds verify taint config only option #740
Conversation
source/command/analyzeCommand.ml
Outdated
| Log.log_exception "Taint analysis failed." exn (Worker.exception_backtrace exn); | ||
| raise exn |
There was a problem hiding this comment.
@arthaud Do you have a second opinion if we can do better for the logging?
abishekvashok
force-pushed
the
taint-config-validate-command
branch
from
cf8f7ae
to
56f3baa
Compare
|
@tianhan0 thanks for the review. Made the changes, hopefully, as suggested. Back to you if it pleases you :) |
There was a problem hiding this comment.
Looks good! Just left a nitpick that hope you can address.
Also, do you know why this test failed: https://github.com/facebook/pyre-check/actions/runs/5141096156/jobs/9253212045?pr=740? Is this expected?
That test has been failing for a long time and is unrelated to this PR. I think, from some tests that I did that the setup ocaml action actually uses caches which need to be invalidated now. I tried to run the action by manually setting up opam with a package manager instead of the actions and the build doesn't error out as it does in the main repo. But then without the action, setting up the switch takes a large chunk of time. I think there is a way to specify a cache key that is invalidated for a specific amount of time. I can look into this further if you want.
Ofcourse, I can address it. Thanks for the valuable suggestions and reviews. Made the change! |
abishekvashok
force-pushed
the
taint-config-validate-command
branch
from
56f3baa
to
3702746
Compare
Adds verify_taint_config_only option to the analyze command that just verifies taint.config files and skips the analysis. This can be useful in the future when we want to verify taint config files via the vs code extension without performing analysis or even any other sort of preprocessing. Modifies the ocaml server and the python client to pass options for the same. Signed-off-by: Abishek V Ashok <[email protected]>
abishekvashok
force-pushed
the
taint-config-validate-command
branch
from
3702746
to
985868b
Compare
|
LGTM! |
|
@arthaud has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator. |
Adds verify_taint_config_only option to the analyze command that just verifies taint.config files and skips the analysis. This can be useful in the future when we want to verify taint config files via the vs code extension without performing analysis or even any other sort of preprocessing.
Modifies the ocaml server and the python client to pass options for the same.
Pre-submission checklist
pip install -r requirements-dev.txt && pre-commit installpre-commit runSummary
Test Plan
taint.configondocumentation/pysa_tutorial/exercise1/:python3 -m pyre-check.client.pyre -n analyze --verify-taint-config-onlytaint.configto induce a TaintConfigurationError:{ "sources": [ { "name": "CustomUserControlled", "comment": "use to annotate user input" } ], "sinks": [ { "name": "CodeExecution", "comment": "use to annotate execution of python code" } ], "features": [], "rules": [ { "name": "Possible RCE:", "code": 5001, "sources": [ "CustomUserControlled" ], "sinks": [ "CodeExecution" ], "message_format": "User specified data may reach a code execution sink" }, { "name": "test-duplicate", "code": 5001, "sources": [ "CustomUserControlled" ], "sinks": [ "CodeExecution" ], "message_format": "duplicate" } ] }Command:
python3 -m pyre-check.client.pyre -n analyze --verify-taint-config-onlyFixes part of MLH-Fellowship#82
Signed-off-by: Abishek V Ashok [email protected]