Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fails to Detect Issues Based on Python Version and Returns Incorrect Signature Requirement #941

Open
ossie-git opened this issue Nov 14, 2024 · 3 comments
Open

Fails to Detect Issues Based on Python Version and Returns Incorrect Signature Requirement #941

ossie-git opened this issue Nov 14, 2024 · 3 comments

Comments

@ossie-git
Copy link

Pysa Bug

Pre-submission checklist
[X] I've checked the list of common issues and mine does not appear

Bug description

I was going through the practice exercise3 and noticed the following

  • if I create and use a virtual environment using Python 3.9, it finds both findings when I run pyre analyze --verify
  • if I create and use a virtual environment using Python 3.12, it finds one findings (the eval) when I run pyre analyze --verify
  • if I create and use a virtual environment using Python 3.13, it finds no findings when I run pyre analyze --verify

In the exercise, we have two sinks:

  • eval
  • exec

and we have the following in the predefined rce_sinks.pysa:

def eval(__source: TaintSink[RemoteCodeExecution], __globals, __locals): ...
if sys.version >= (3, 11, 0):
    def exec(__source: TaintSink[RemoteCodeExecution], __globals, __locals, *, closure): ...
else:
    def exec(__source: TaintSink[RemoteCodeExecution], __globals, __locals): ...

so they should both be detected, even on Python versions higher than 3.11

On 3.12, I would see the following in the output which means that it didn't match def exec and claims that there is a signature mismatch:

ƛ  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/rce_sinks.pysa:4: Model signature parameters for `exec` do not match implementation `def exec(unknown, globals: dict[str, Any] | None = ..., locals: Mapping[str, object] | None = ..., closure: tuple[CellType, ...] | None = ...) -> None: ...`. Reasons:
ƛ unexpected named parameter: `__locals`
ƛ unexpected named parameter: `__globals`
ƛ unexpected named parameter: `__source`

Running:

>>> import inspect
>>> inspect.signature(exec)
<Signature (source, /, globals=None, locals=None, *, closure=None)>

shows that the signature hasn't changed, but for some reason, pyre thinks that it has.

On 3.13, it did this both for exec and eval

ƛ  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/rce_sinks.pysa:2: Model signature parameters for `eval` do not match implementation `def eval(unknown, globals: dict[str, Any] | None = ..., locals: Mapping[str, object] | None = ...) -> Any: ...`. Reasons:
ƛ unexpected positional only parameter: `__locals` at position: 2, expected position 0
ƛ unexpected positional only parameter: `__globals` at position: 1, expected position 0
ƛ  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/rce_sinks.pysa:4: Model signature parameters for `exec` do not match implementation `def exec(unknown, globals: dict[str, Any] | None = ..., locals: Mapping[str, object] | None = ..., closure: tuple[CellType, ...] | None = ...) -> None: ...`. Reasons:
ƛ unexpected named parameter: `__locals`
ƛ unexpected named parameter: `__globals`
ƛ unexpected named parameter: `__source`

Again, looking at the signature shows that it hasn't changed:

>>> inspect.signature(eval)
<Signature (source, /, globals=None, locals=None)>

but pyre thinks that it has for some reason. Any ideas? Thanks

Reproduction steps
See above

Expected behavior
See above

Logs
Please run your reproduction steps with --noninteractive (eg. pyre --noninteractive analyze) and paste the output here:

Below is the output for 3.13.0

2024-11-14 15:49:43,638 [PID 114464] INFO No binary specified, looking for `pyre.bin` in PATH
2024-11-14 15:49:43,638 [PID 114464] INFO Pyre binary is located at `/home/vagrant/.pyenv/versions/3.13.0/bin/pyre.bin`
2024-11-14 15:49:43,638 [PID 114464] INFO Could not determine the number of Pyre workers from configuration. Auto-set the value to 7.
2024-11-14 15:49:43,639 [PID 114464] INFO No typeshed specified, looking for it...
2024-11-14 15:49:43,640 [PID 114464] INFO Found: `/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed`
2024-11-14 15:49:43,642 [PID 114464] INFO Writing arguments into /tmp/pyre_arguments_994b4gkc.json...
2024-11-14 15:49:43,642 [PID 114464] DEBUG Arguments:
{
  "source_paths": {
    "kind": "simple",
    "paths": [
      "/tmp/pyre-check/documentation/pysa_tutorial/exercise3"
    ]
  },
  "search_paths": [
    "/tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/python3.13/site-packages$pip",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/python3.13/site-packages$yaml-stubs",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/python3.13/site-packages$packaging",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/python3.13/site-packages$mypy_django_plugin",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/python3.13/site-packages$django_stubs_ext",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/python3.13/site-packages$testslide",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/python3.13/site-packages$click",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/python3.13/site-packages$asgiref",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/python3.13/site-packages$libcst",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/python3.13/site-packages$django-stubs",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/python3.13/site-packages$dataclasses_json",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/python3.13/site-packages$marshmallow",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/python3.13/site-packages$typeguard",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stdlib",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/ExifRead",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/PyMySQL",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/PyYAML",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/aiofiles",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/boto",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/chevron",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/colorama",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/ldap3",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/mysqlclient",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/paramiko",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/psycopg2",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/pycurl",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/python-dateutil",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/pytz",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/regex",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/requests",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/retry",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/tqdm",
    "/home/vagrant/.pyenv/versions/3.13.0/lib/pyre_check/typeshed/stubs/ujson"
  ],
  "excludes": [
    ".*/integration_test/.*"
  ],
  "checked_directory_allowlist": [
    "/tmp/pyre-check/documentation/pysa_tutorial/exercise3"
  ],
  "checked_directory_blocklist": [],
  "extensions": [],
  "log_path": "/tmp/pyre-check/documentation/pysa_tutorial/exercise3/.pyre",
  "global_root": "/tmp/pyre-check/documentation/pysa_tutorial/exercise3",
  "debug": false,
  "python_version": {
    "major": 3,
    "minor": 13,
    "micro": 0
  },
  "shared_memory": {},
  "parallel": true,
  "number_of_workers": 7,
  "inline_decorators": false,
  "infer_self_tito": false,
  "infer_argument_tito": false,
  "no_verify": true,
  "verify_dsl": false,
  "verify_taint_config_only": false,
  "strict": false,
  "taint_model_paths": [
    "/tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint",
    "/tmp/pyre-check/documentation/pysa_tutorial/exercise3"
  ],
  "use_cache": false,
  "build_cache_only": false,
  "check_invariants": false,
  "limit_entrypoints": false,
  "compact_ocaml_heap": false,
  "saved_state": {
    "watchman_root": null,
    "project_name": null,
    "preset": null,
    "cache_critical_files": []
  },
  "compute_coverage": false
}
2024-11-14 15:49:43,663 [PID 114464] INFO  Initializing shared memory (heap_size: 8589934592, dep_table_pow: 1, hash_table_pow: 26)
2024-11-14 15:49:43,663 [PID 114464] INFO  Initializing and verifying taint configuration...
2024-11-14 15:49:43,673 [PID 114464] INFO  Initialized and verified taint configuration: 0.001s
2024-11-14 15:49:43,673 [PID 114464] PERFORMANCE  Initialized and verified taint configuration: 0.001s
2024-11-14 15:49:43,673 [PID 114464] INFO  Verifying model syntax...
2024-11-14 15:49:43,673 [PID 114464] INFO  Finding taint models in `/tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint, /tmp/pyre-check/documentation/pysa_tutorial/exercise3`.
2024-11-14 15:49:43,673 [PID 114464] INFO  Verified model syntax: 0.004s
2024-11-14 15:49:43,673 [PID 114464] PERFORMANCE  Verified model syntax: 0.004s
2024-11-14 15:49:43,673 [PID 114464] INFO  Parsing taint models modes...
2024-11-14 15:49:43,673 [PID 114464] INFO  Finding taint models in `/tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint, /tmp/pyre-check/documentation/pysa_tutorial/exercise3`.
2024-11-14 15:49:43,674 [PID 114464] INFO  Parsed taint models modes: 0.002s
2024-11-14 15:49:43,674 [PID 114464] PERFORMANCE  Parsed taint models modes: 0.002s
2024-11-14 15:49:43,674 [PID 114464] INFO  Building module tracker...
2024-11-14 15:49:43,744 [PID 114464] PERFORMANCE  Module tracker built: 0.069s
2024-11-14 15:49:43,745 [PID 114464] PERFORMANCE  Full environment built: 0.070s
2024-11-14 15:49:43,745 [PID 114464] INFO  Starting type checking...
2024-11-14 15:49:43,745 [PID 114464] INFO  Found 3345 modules
2024-11-14 15:49:43,745 [PID 114464] INFO  Collecting all definitions...
2024-11-14 15:49:45,299 [PID 114464] PERFORMANCE  Collected definitions (defines: 64026): 1.555s
2024-11-14 15:49:45,299 [PID 114464] INFO  Found 64026 functions
2024-11-14 15:49:45,299 [PID 114464] INFO  Checking 64026 functions...
2024-11-14 15:49:47,822 [PID 114464] INFO  Processed 4574 of 64026 functions
2024-11-14 15:49:48,270 [PID 114464] INFO  Processed 9148 of 64026 functions
2024-11-14 15:49:48,758 [PID 114464] INFO  Processed 13722 of 64026 functions
2024-11-14 15:49:48,809 [PID 114464] INFO  Processed 18296 of 64026 functions
2024-11-14 15:49:48,840 [PID 114464] INFO  Processed 22870 of 64026 functions
2024-11-14 15:49:49,685 [PID 114464] INFO  Processed 27444 of 64026 functions
2024-11-14 15:49:50,590 [PID 114464] INFO  Processed 32018 of 64026 functions
2024-11-14 15:49:50,773 [PID 114464] INFO  Processed 36592 of 64026 functions
2024-11-14 15:49:51,028 [PID 114464] INFO  Processed 41166 of 64026 functions
2024-11-14 15:49:51,171 [PID 114464] INFO  Processed 45740 of 64026 functions
2024-11-14 15:49:51,252 [PID 114464] INFO  Processed 50314 of 64026 functions
2024-11-14 15:49:51,303 [PID 114464] INFO  Processed 54888 of 64026 functions
2024-11-14 15:49:52,650 [PID 114464] INFO  Processed 59452 of 64026 functions
2024-11-14 15:49:53,378 [PID 114464] INFO  Processed 64026 of 64026 functions
2024-11-14 15:49:53,378 [PID 114464] PERFORMANCE  Check_TypeCheck: 8.074s
2024-11-14 15:49:53,378 [PID 114464] MEMORY  Shared memory size post-typecheck (size: 80)
2024-11-14 15:49:53,379 [PID 114464] INFO  Computing class hierarchy graph...
2024-11-14 15:49:53,806 [PID 114464] INFO  Computed class hierarchy graph: 0.427s
2024-11-14 15:49:53,806 [PID 114464] PERFORMANCE  Computed class hierarchy graph: 0.427s
2024-11-14 15:49:53,806 [PID 114464] INFO  Computing class intervals...
2024-11-14 15:49:53,827 [PID 114464] INFO  Computed class intervals: 0.019s
2024-11-14 15:49:53,827 [PID 114464] PERFORMANCE  Computed class intervals: 0.019s
2024-11-14 15:49:53,877 [PID 114464] INFO  Fetching initial callables to analyze...
2024-11-14 15:49:54,397 [PID 114464] INFO  Fetched initial callables to analyze: 0.520s
2024-11-14 15:49:54,397 [PID 114464] PERFORMANCE  Fetched initial callables to analyze (definitions: 12898, internals: 4, stubs: 36453): 0.520s
2024-11-14 15:49:54,397 [PID 114464] INFO  Parsing taint models...
2024-11-14 15:49:54,569 [PID 114464] INFO  Finding taint models in `/tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint, /tmp/pyre-check/documentation/pysa_tutorial/exercise3`.
2024-11-14 15:49:55,067 [PID 114464] ERROR  Found 35 model verification errors!
2024-11-14 15:49:55,068 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/rce_sinks.pysa:2: Model signature parameters for `eval` do not match implementation `def eval(unknown, globals: dict[str, Any] | None = ..., locals: Mapping[str, object] | None = ...) -> Any: ...`. Reasons:
2024-11-14 15:49:55,068 [PID 114464] ERROR unexpected positional only parameter: `__locals` at position: 2, expected position 0
2024-11-14 15:49:55,068 [PID 114464] ERROR unexpected positional only parameter: `__globals` at position: 1, expected position 0
2024-11-14 15:49:55,068 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/rce_sinks.pysa:4: Model signature parameters for `exec` do not match implementation `def exec(unknown, globals: dict[str, Any] | None = ..., locals: Mapping[str, object] | None = ..., closure: tuple[CellType, ...] | None = ...) -> None: ...`. Reasons:
2024-11-14 15:49:55,068 [PID 114464] ERROR unexpected named parameter: `__locals`
2024-11-14 15:49:55,068 [PID 114464] ERROR unexpected named parameter: `__globals`
2024-11-14 15:49:55,068 [PID 114464] ERROR unexpected named parameter: `__source`
2024-11-14 15:49:55,068 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/requests_api_sinks.pysa:312: Model signature parameters for `urllib.request.urlopen` do not match implementation `def urlopen(url: str | Request, data: unknown = ..., timeout: float | None = ..., context: SSLContext | None = ...) -> Any: ...`. Reasons:
2024-11-14 15:49:55,068 [PID 114464] ERROR unexpected named parameter: `cadefault`
2024-11-14 15:49:55,068 [PID 114464] ERROR unexpected named parameter: `capath`
2024-11-14 15:49:55,068 [PID 114464] ERROR unexpected named parameter: `cafile`
2024-11-14 15:49:55,068 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/sqlite3_sinks.pysa:6: The modelled function `sqlite3.Connection.executescript` is an imported function, please model `sqlite3.dbapi2.Connection.executescript` directly.
2024-11-14 15:49:55,068 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/sqlite3_sinks.pysa:5: The modelled function `sqlite3.Connection.executemany` is an imported function, please model `sqlite3.dbapi2.Connection.executemany` directly.
2024-11-14 15:49:55,068 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/sqlite3_sinks.pysa:4: The modelled function `sqlite3.Connection.execute` is an imported function, please model `sqlite3.dbapi2.Connection.execute` directly.
2024-11-14 15:49:55,068 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/sqlite3_sinks.pysa:3: The modelled function `sqlite3.Cursor.executescript` is an imported function, please model `sqlite3.dbapi2.Cursor.executescript` directly.
2024-11-14 15:49:55,068 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/sqlite3_sinks.pysa:2: The modelled function `sqlite3.Cursor.executemany` is an imported function, please model `sqlite3.dbapi2.Cursor.executemany` directly.
2024-11-14 15:49:55,068 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/sqlite3_sinks.pysa:1: The modelled function `sqlite3.Cursor.execute` is an imported function, please model `sqlite3.dbapi2.Cursor.execute` directly.
2024-11-14 15:49:55,068 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/general.pysa:24: `_io.BytesIO.__init__` is not part of the environment, no module `_io` in search path.
2024-11-14 15:49:55,068 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/filesystem_other_sinks.pysa:33: Model signature parameters for `shutil._RmtreeType.__call__` do not match implementation `(self: _RmtreeType, path: PathLike[bytes] | PathLike[str] | bytes | str, ignore_errors: bool, onerror: ((...) -> Any, str, tuple[type[BaseException], BaseException, TracebackType]) -> object, onexc: None = ..., dir_fd: int | None = ...) -> None`. Reason: invalid position 2 for named parameter `onerror` (valid options are {formal(onerror, position=3), formal(onerror)}).
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_sources_sinks.pysa:137: The modelled function `django.db.models.manager.Manager.get` is an imported function, please model `django.db.models.manager.BaseManager.get` directly.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_sources_sinks.pysa:134: The function, method or property `django.contrib.sessions.backends.base.SessionBase._session_key` is not a valid attribute - did you mean to use `def django.contrib.sessions.backends.base.SessionBase._session_key(): ...`?
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_sources_sinks.pysa:133: The function, method or property `django.contrib.sessions.backends.base.SessionBase.session_key` is not a valid attribute - did you mean to use `def django.contrib.sessions.backends.base.SessionBase.session_key(): ...`?
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_sources_sinks.pysa:122: Module `django` does not define `django.http.response.HttpResponse.content`.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_sources_sinks.pysa:95: The modelled function `django.db.models.manager.Manager.raw` is an imported function, please model `django.db.models.manager.BaseManager.raw` directly.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_sources_sinks.pysa:79: The modelled function `django.http.response.HttpResponseRedirect.__init__` is an imported function, please model `django.http.response.HttpResponseRedirectBase.__init__` directly.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_sources_sinks.pysa:73: Module `django` does not define `django.http.response.HttpResponse.content`.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_sources_sinks.pysa:63: Class `django.http.response.HttpResponseBase` has no attribute `_headers`.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_sources_sinks.pysa:62: Class `django.http.response.HttpResponseBase` has no attribute `_headers`.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_sources_sinks.pysa:59: Model signature parameters for `django.http.response.HttpResponseBase.setdefault` do not match implementation `(self: HttpResponseBase, key: str, value: str) -> None`. Reason: unexpected named parameter: `header`.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_sources_sinks.pysa:25: Module `django` does not define `django.http.request.build_request_repr`.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_sources_sinks.pysa:23: The modelled function `django.http.request.HttpRequest.__repr__` is an imported function, please model `object.__repr__` directly.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_sources_sinks.pysa:12: The function, method or property `django.http.request.HttpRequest.body` is not a valid attribute - did you mean to use `def django.http.request.HttpRequest.body(): ...`?
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_sources_sinks.pysa:11: Class `django.http.request.HttpRequest` has no attribute `REQUEST`.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_sources_sinks.pysa:6: Class `django.http.request.HttpRequest` has no attribute `user_agent`.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_sources_sinks.pysa:5: Class `django.http.request.HttpRequest` has no attribute `user_agent_string`.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_rest_framework.pysa:15: `rest_framework.request.Request.stream` is not part of the environment, no module `rest_framework` in search path.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_rest_framework.pysa:13: `rest_framework.request.Request.content_type` is not part of the environment, no module `rest_framework` in search path.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_rest_framework.pysa:11: `rest_framework.request.Request.query_params` is not part of the environment, no module `rest_framework` in search path.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_rest_framework.pysa:9: `rest_framework.request.Request.data` is not part of the environment, no module `rest_framework` in search path.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_rest_framework.pysa:7: `rest_framework.request.Request.QUERY_PARAMS` is not part of the environment, no module `rest_framework` in search path.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_rest_framework.pysa:5: `rest_framework.request.Request.DATA` is not part of the environment, no module `rest_framework` in search path.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_rest_framework.pysa:3: `rest_framework.request.Request.FILES` is not part of the environment, no module `rest_framework` in search path.
2024-11-14 15:49:55,069 [PID 114464] ERROR  /tmp/pyre-check/documentation/pysa_tutorial/exercise3/../../../stubs/taint/core_privacy_security/django_rest_framework.pysa:1: `rest_framework.request.Request.POST` is not part of the environment, no module `rest_framework` in search path.
2024-11-14 15:49:55,069 [PID 114464] INFO  Parsed taint models: 0.669s
2024-11-14 15:49:55,069 [PID 114464] PERFORMANCE  Parsed taint models (models: 843, queries: 0): 0.669s
2024-11-14 15:49:55,069 [PID 114464] INFO  Computing inferred models...
2024-11-14 15:49:55,505 [PID 114464] INFO  Computed inferred models: 0.433s
2024-11-14 15:49:55,506 [PID 114464] PERFORMANCE  Computed inferred models (models: 713): 0.434s
2024-11-14 15:49:55,658 [PID 114464] INFO  Computing overrides...
2024-11-14 15:49:56,187 [PID 114464] WARNING  `lib2to3.fixer_base.BaseFix.transform` has 56 overrides, this might slow down the analysis considerably.
2024-11-14 15:49:56,187 [PID 114464] WARNING  `libcst._nodes.base.CSTNode._codegen_impl` has 102 overrides, this might slow down the analysis considerably.
2024-11-14 15:49:56,187 [PID 114464] WARNING  `libcst._nodes.base.CSTNode._visit_and_replace_children` has 119 overrides, this might slow down the analysis considerably.
2024-11-14 15:49:56,187 [PID 114464] WARNING  `typing.GenericMeta.__getitem__` has 56 overrides, this might slow down the analysis considerably.
2024-11-14 15:49:56,198 [PID 114464] INFO  Overrides computed: 0.542s
2024-11-14 15:49:56,198 [PID 114464] PERFORMANCE  Overrides computed: 0.542s
2024-11-14 15:49:56,198 [PID 114464] INFO  Indexing global constants...
2024-11-14 15:49:56,534 [PID 114464] INFO  Finished constant propagation analysis: 0.335s
2024-11-14 15:49:56,534 [PID 114464] PERFORMANCE  Finished constant propagation analysis: 0.336s
2024-11-14 15:49:56,534 [PID 114464] INFO  Building call graph...
2024-11-14 15:50:04,791 [PID 114464] INFO  Call graph built: 8.254s
2024-11-14 15:50:04,792 [PID 114464] PERFORMANCE  Call graph built: 8.254s
2024-11-14 15:50:04,792 [PID 114464] INFO  Computing dependencies...
2024-11-14 15:50:04,873 [PID 114464] INFO  Computed dependencies: 0.076s
2024-11-14 15:50:04,873 [PID 114464] PERFORMANCE  Computed dependencies: 0.076s
2024-11-14 15:50:04,873 [PID 114464] INFO  Purging shared memory...
2024-11-14 15:50:04,873 [PID 114464] PERFORMANCE  Purged shared memory: 0.007s
2024-11-14 15:50:04,874 [PID 114464] INFO  Purging shared memory...
2024-11-14 15:50:04,894 [PID 114464] PERFORMANCE  Purged shared memory: 0.012s
2024-11-14 15:50:04,894 [PID 114464] INFO  Analysis fixpoint started for 8346 overrides and 9 functions......
2024-11-14 15:50:05,350 [PID 114464] PERFORMANCE  Recorded initial models: 0.456s
2024-11-14 15:50:05,351 [PID 114464] INFO  Iteration #0. 4 callables [views.$toplevel, views.get_operator_safe, views.operate_on_threes, views.operate_on_twos]
2024-11-14 15:50:05,351 [PID 114464] INFO  Processed 4 of 4 callables
2024-11-14 15:50:05,351 [PID 114464] INFO  Iteration #0, 4 callables, heap size 0.100GB took 0.00s
2024-11-14 15:50:05,351 [PID 114464] INFO  Iteration #1. 2 callables [views.get_operator_safe, views.operate_on_twos]
2024-11-14 15:50:05,351 [PID 114464] INFO  Processed 2 of 2 callables
2024-11-14 15:50:05,351 [PID 114464] INFO  Iteration #1, 2 callables, heap size 0.100GB took 0.00s
2024-11-14 15:50:05,381 [PID 114464] INFO  Found 0 issues
2024-11-14 15:50:05,382 [PID 114464] INFO  Analysis fixpoint complete: 0.487s
2024-11-14 15:50:05,382 [PID 114464] PERFORMANCE  Analysis fixpoint complete (iterations: 2, heap size: 99731264, issues: 0): 0.487s
2024-11-14 15:50:05,382 [PID 114464] PERFORMANCE  Analyze: 21.710s
[]

Additional context
Add any other context about the problem here. (like dependencies in your venv, third party stub files being used, overall goals, etc.)
@arthaud
Copy link
Contributor

arthaud commented Nov 17, 2024

Hi @ossie-git, thanks for reaching out.

I was able to reproduce the problem, using the uv tool, which is quite convenient:

$ uvx --python 3.10 --with fb-sapp --with django-stubs --from pyre-check pyre -n analyze --no-verify
# 2 issues
$ uvx --python 3.12 --with fb-sapp --with django-stubs --from pyre-check pyre -n analyze --no-verify
# 1 issue
$ uvx --python 3.13 --with fb-sapp --with django-stubs --from pyre-check pyre -n analyze --no-verify

The problem is indeed in our taint stubs. I have a fix internally, we should be able to merge that in master pretty quickly. Once that is merged and the issue is closed, you should be able to use the pyre-check-nightly package instead of pyre-check, until we push a new release.

@ossie-git
Copy link
Author

Thanks @arthaud. Given that this might have resulted in CI/CD pipelines and normal users running pysa missing findings, would it be possible to have these types of errors (signature mismatches) result in pysa failing with a non-zero exit code instead of continuing? A possible option would be to add a command line switch which would allow users to override this. Just a suggestion. Thanks

@arthaud
Copy link
Contributor

arthaud commented Nov 17, 2024

You should get an error if you are running without --no-verify. The problem is that you would also get unrelated errors, related to missing stubs. We would definitely want to improve this, but have higher priority work, unfortunately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@arthaud @ossie-git