False positive with sanitization in method #977

draftyfrog · 2025-03-16T16:22:40Z

Pysa Bug

Pre-submission checklist
[x] I've checked the list of common issues and mine does not appear

I've reported a similar issue for Mariana Trench (Issue 179) so maybe that's just expected behavior.

Bug description
Please consider the following code

my_instance = MyClass()
my_instance.attribute = source()
sanitize(my_instance)
sink(my_instance.attribute) # Reported by Pysa

using the following functions/classes

def sink(param: str): # Defined as sink in Pysa config
    pass

def source(): # Defined as source in Pysa config
    return "Secret"

def sanitize(a: MyClass):
    a.attribute = ""

class MyClass:
    attribute: str

Running Pysa on this code returns one issue (as annotated in the code above), but actually no taint is leaked in this code.

If we move the sanitizing inline like this:

my_instance = MyClass()
my_instance.attribute = source()
my_instance.attribute = ""
sink(my_instance.attribute) # Not reported by Pysa

Pysa correctly doesn't report the issue.

I call pysa via pyre analyze --save-results-to ./results/ and I'm using version 0.9.23.

The text was updated successfully, but these errors were encountered:

arthaud · 2025-03-17T11:13:03Z

Hi,

please see my answer for Mariana Trench, which also applies here facebook/mariana-trench#179

…(see #977) Summary: As titled. Reviewed By: tianhan0 Differential Revision: D71310937 fbshipit-source-id: 48a31bdfee9a56f7c1e8e317775e3a5c86bb6da0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

False positive with sanitization in method #977

False positive with sanitization in method #977

draftyfrog commented Mar 16, 2025

arthaud commented Mar 17, 2025

False positive with sanitization in method #977

False positive with sanitization in method #977

Comments

draftyfrog commented Mar 16, 2025

Pysa Bug

arthaud commented Mar 17, 2025