### Setup Pysa Tutorial Environment Source: https://github.com/facebook/pyre-check/blob/main/documentation/pysa_tutorial/README.md Set up a Python virtual environment and install necessary packages for the Pysa tutorial. Ensure you are in the correct directory. ```bash cd documentation/pysa_tutorial # STOP! Make sure you're in pyre-check/documentation/pysa_tutorial python3 -m venv tutorial source tutorial/bin/activate pip3 install pyre-check fb-sapp django-stubs ``` -------------------------------- ### Execute Setup Script Source: https://github.com/facebook/pyre-check/blob/main/documentation/deliberately_vulnerable_flask_app/README.md Run the setup script to install dependencies and configure pyre-check. This script automates steps 3 and 4, potentially creating a different configuration. ```bash . setup.sh ``` -------------------------------- ### Install Pyre with venv on Ubuntu Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/installation.md Install necessary packages, create a Python virtual environment, and install Pyre using pip. This is an example for setting up Pyre on Ubuntu via WSL. ```bash $ sudo apt install python3-venv build-essential python3-dev libpython3-dev $ python3 -m venv /tmp/tp $ /tmp/tp/bin/pip install --upgrade pip setuptools wheel $ /tmp/tp/bin/pip install pyre-check $ source /tmp/tp/bin/activate $ cd /mnt/c/path/to/repo $ pyre --source-directory . check $ (tp) cooper@TESTFAC-1FMHLI2:/mnt/c/path/to/repo$ pyre --source-directory . check ƛ Setting up a `.pyre_configuration` with `pyre init` may reduce overhead. ƛ No type errors found ``` -------------------------------- ### Setup Virtual Environment Source: https://github.com/facebook/pyre-check/blob/main/documentation/deliberately_vulnerable_flask_app/README.md Create and activate a Python virtual environment for project isolation. This is a standard practice before installing project dependencies. ```bash python -m venv ../env source ../env/bin/activate ``` -------------------------------- ### Install Zstandard with VCPKG Source: https://github.com/facebook/pyre-check/blob/main/source/hack_parallel/hack_parallel/third-party/zstd/README.md Build and install Zstandard using the VCPKG dependency manager. This process involves cloning VCPKG, bootstrapping it, integrating it, and then installing zstd. ```bash git clone https://github.com/Microsoft/vcpkg.git cd vcpkg ./bootstrap-vcpkg.sh ./vcpkg integrate install ./vcpkg install zstd ``` -------------------------------- ### Set up a Python Virtual Environment and Install Pyre Source: https://github.com/facebook/pyre-check/blob/main/README.md Create a project directory, set up a virtual environment, and install pyre-check using pip. ```bash $ mkdir my_project && cd my_project $ python3 -m venv ~/.venvs/venv $ source ~/.venvs/venv/bin/activate (venv) $ pip install pyre-check ``` -------------------------------- ### Setup Pysa Tutorial with Docker Source: https://github.com/facebook/pyre-check/blob/main/documentation/pysa_tutorial/README.md Build a Docker image for the Pysa tutorial and run it in a container. This is an alternative setup for unsupported operating systems. ```bash docker build -f documentation/pysa_tutorial/Dockerfile -t pyre-check-docker . docker run --rm --name pyre-check -it pyre-check-docker /bin/bash # You will now be inside the docker container you just created cd documentation/pysa_tutorial ``` -------------------------------- ### Setup Pyre Development Environment Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/installation.md Set up the local development environment by running the setup script. This compiles Pyre and runs unit tests. ```bash $ cd pyre-check $ ./scripts/setup.sh --local ``` -------------------------------- ### Install Wheel and Setuptools Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_quickstart.md Install the 'wheel' package and upgrade 'setuptools' if you encounter 'invalid command 'bdist_wheel'' errors during installation. These packages are essential for building Python distributions. ```shell (pysa) pip3 install wheel (pysa) python3 -m pip install --upgrade setuptools ``` -------------------------------- ### Install Pyre Playground Backend Script Source: https://github.com/facebook/pyre-check/blob/main/tools/playground/README.md Download the installation script for setting up the Pyre Playground backend on an Ubuntu machine. This script automates the installation of dependencies and configurations. ```bash curl \ https://raw.githubusercontent.com/facebook/pyre-check/main/tools/playground/install-in-ubuntu.sh \ > ~/install-in-ubuntu.sh ``` -------------------------------- ### Install setuptools on Ubuntu Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_quickstart.md Installs or upgrades the setuptools package for Python 3.9 on Ubuntu. This is a prerequisite for running Pysa. ```shell $ python3.9 -m pip install --upgrade setuptools ``` -------------------------------- ### Set up a Python Project and Install Pyre Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/getting_started.md Create a new project directory, set up a virtual environment, and install the Pyre-check package using pip. This prepares your project for Pyre integration. ```bash mkdir my_project && cd my_project python3 -m venv ~/.venvs/venv source ~/.venvs/venv/bin/activate pip install pyre-check ``` -------------------------------- ### Install Pyre and SAPP Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_quickstart.md Install the necessary packages, Pyre and SAPP, within the activated virtual environment. ```shell pip install pyre-check fb-sapp ``` -------------------------------- ### Install Python Client Dependencies and Run Tests Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/installation.md Install dependencies for the Python client and run its tests. Ensure you are in the Pyre project directory. ```bash $ cd /path/to/pyre-check $ pip install -r requirements.txt $ ./scripts/run-python-tests.sh ``` -------------------------------- ### Install Python and Watchman with Homebrew Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/getting_started.md Use Homebrew to install Python 3.9+ and Watchman on macOS. Ensure these prerequisites are met before installing Pyre. ```bash brew install python3 watchman ``` -------------------------------- ### Install setuptools on macOS Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_quickstart.md Installs or upgrades the setuptools package for Python on macOS. This is a prerequisite for running Pysa. ```shell $ python3 -m pip install --upgrade setuptools ``` -------------------------------- ### Install Pyre-Check Source: https://github.com/facebook/pyre-check/blob/main/documentation/deliberately_vulnerable_flask_app/README.md Install the pyre-check static analysis tool using pip. Ensure your virtual environment is activated. ```bash pip install pyre-check ``` -------------------------------- ### Navigate to Exercise 1 Source: https://github.com/facebook/pyre-check/blob/main/documentation/pysa_tutorial/README.md Navigate to the first exercise directory and view its README file. This is the starting point for the tutorial exercises. ```bash cd exercise1 cat README.md ``` -------------------------------- ### Install Development Dependencies Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_quickstart.md Install necessary development packages for Python 3.9, including the Python.h header file and setuptools. This is required if you encounter compilation errors during installation. ```shell sudo apt install python3.9-dev -y source ~/.venvs/pysa/bin/activate (pysa) python3 -m pip install --upgrade setuptools ``` -------------------------------- ### Build Zstandard with Make Source: https://github.com/facebook/pyre-check/blob/main/source/hack_parallel/hack_parallel/third-party/zstd/README.md Build the zstd CLI tool using the Makefile in the root directory. 'make install' installs the tool, library, and man pages. ```bash make ``` -------------------------------- ### Install Python and Watchman on Ubuntu/Debian Source: https://github.com/facebook/pyre-check/blob/main/README.md Use apt-get for Python 3 and pip, and Homebrew for Watchman on Ubuntu, Mint, or Debian. ```bash $ sudo apt-get install python3 python3-pip python3-venv $ brew install watchman ``` -------------------------------- ### Basic Pyre Configuration Example Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/configuration.md A minimal configuration specifying source directories and external libraries for Pyre to check. ```json { "source_directories": [ "." ], "search_path": [ "/external/library", {"site-package": "foo"} ] } ``` -------------------------------- ### Install Pyre via Pip Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/installation.md Install the Pyre type checker using pip. This is the recommended method for most users. ```bash $ (venv) $ pip install pyre-check ``` -------------------------------- ### Install Python, Pip, Venv, and Watchman on Ubuntu Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/getting_started.md Use apt-get and Homebrew to install Python 3.9+, pip, venv, and Watchman on Ubuntu-based systems. These are necessary dependencies for Pyre. ```bash sudo apt-get install python3 python3-pip python3-venv watchman ``` -------------------------------- ### Start SAPP Server Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_quickstart.md Spawn the SAPP Web UI server. Access the UI at http://localhost:5000 to view and filter Pysa issues. ```shell sapp server ``` -------------------------------- ### Troubleshoot Pysa Installation with Zsh Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_quickstart.md Use these commands to resolve installation issues specific to Zsh shells, ensuring Pysa is correctly installed and activated. ```zsh (pysa) $ pip uninstall pyre-check-nightly (pysa) $ deactivate $ zsh (pysa) $ source ~/.venvs/pysa/bin/activate (pysa) $ pip install pyre-check ``` -------------------------------- ### Pysa PyreFly Query Example Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_model_dsl.md Internal example demonstrating how to use pyreFly-query to execute a model query and redirect its output. Requires specific internal tooling. ```bash buck run fbcode//tools/pyre/facebook/client:pysa -- pyrefly-query "model_query('/data/sandcastle/boxes/instagram-server/distillery/stubs/taint/core_privacy_security/','model_query_name')" > /tmp/model_query_output cat /tmp/model_query_output | jq . ``` -------------------------------- ### Set up Virtual Environment for Pysa Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_quickstart.md Create and activate a virtual environment for Pysa. This isolates dependencies and ensures a clean setup. ```shell python3 -m venv ~/.venvs/pysa source ~/.venvs/pysa/bin/activate ``` -------------------------------- ### Configure Pyre-check Project Setup Source: https://github.com/facebook/pyre-check/blob/main/AGENTS.md Run this command to set up the project locally. Choose the appropriate script based on whether you are a Meta internal user or an open-source user. ```bash # For Meta internal users (facebook/ directory exists) ./facebook/scripts/setup.sh --local ``` ```bash # For open source users ./scripts/setup.sh --local ``` -------------------------------- ### Start Pyre Server for Analysis Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/querying_pyre.md To ensure accurate Pysa analysis, start the Pyre server with flags to analyze external sources and use the correct binary. This is crucial for avoiding discrepancies between `pyre query` and `pyre analyze`. ```bash $ pyre servers stop # Stop existing pyre servers $ pyre --no-saved-state start --skip-initial-type-check --wait-on-initialization --analyze-external-sources ``` -------------------------------- ### Activate Virtual Environment and Install Pyre Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_quickstart.md Activate your Pysa virtual environment and install the pyre-check package. This is a prerequisite for using Pysa. ```shell source ~/.venvs/pysa/bin/activate (pysa) $ pip install pyre-check ``` -------------------------------- ### Pysa Source Summary Example Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_implementation_details.md Illustrates how Pysa infers a source summary for a function that directly returns a source. ```python def source() -> TaintSource[UserControlled]: ... ``` ```python def returns_source(): return source() ``` ```python def returns_source() -> TaintSource[UserControlled]: ... ``` -------------------------------- ### Install Virtual Environment Dependencies Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_quickstart.md Install the python3.9-venv and python3.9-dev packages if you encounter issues creating a virtual environment due to missing ensurepip. Ensure you remove any partially created virtual environment directories before retrying. ```shell sudo apt install python3.9-venv python3.9-dev -y rm -rf ~/.venvs/pysa python3 -m venv ~/.venvs/pysa ``` -------------------------------- ### Build Docker Image Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/installation.md Build the Docker image with the tag `pyre-check` (or another tag if you wish). Ensure Docker is installed before running this command. ```bash docker build -t pyre-docker . ``` -------------------------------- ### Activate Virtual Environment and Check Pyre Source: https://github.com/facebook/pyre-check/blob/main/tools/playground/README.md Activate the Python virtual environment created during installation and verify that Pyre is installed and functional by running a non-interactive check. ```bash source ~/play-env/bin/activate python --noninteractive check ``` -------------------------------- ### Python Code for `@Entrypoint` Example Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_advanced.md This Python code defines classes and functions, some of which will be marked as entrypoints for Pysa analysis. ```Python class MyClass: def class_entrypoint(): taint_sink(taint_source()) def my_bad_func_1(): taint_sink(taint_source()) def my_bad_func_2(): taint_sink(taint_source()) def func_entrypoint(): my_bad_func_1() def main(): func_entrypoint() my_bad_func_2() MyClass().class_entrypoint() main() ``` -------------------------------- ### Install Flask App Dependencies Source: https://github.com/facebook/pyre-check/blob/main/documentation/deliberately_vulnerable_flask_app/README.md Install the Python dependencies required by the Flask application from a requirements file. This ensures all necessary libraries are available. ```bash pip install -r requirements.txt ``` -------------------------------- ### Pysa Sink Summary Example Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_implementation_details.md Shows how Pysa infers a sink summary for a function that calls a sink function with its argument. ```python def sink(arg: TaintSink[RemoteCodeExecution]): ... ``` ```python def calls_sink(arg): sink(arg) ``` ```python def calls_sink(arg: TaintSink[RemoteCodeExecution]): ... ``` -------------------------------- ### Single Trace Sanitizer Examples Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_advanced.md Provides examples of using `@SanitizeSingleTrace` to apply sanitization only to the forward or backward taint trace. This is a more performant but potentially less precise alternative to standard sanitizers. ```Python @SanitizeSingleTrace(TaintSource) def f(): ... ``` ```Python @SanitizeSingleTrace(TaintSource[UserControlled]) def g(): ... ``` ```Python @SanitizeSingleTrace(TaintSink) def h(): ... ``` ```Python @SanitizeSingleTrace(TaintSink[RemoteCodeExecution]) def i(): ... ``` -------------------------------- ### Source Code Example Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_running.md Defines Python source code with a user input source and an os.system sink, demonstrating a potential security vulnerability. ```python # static_analysis_example/source.py import os def get_image(url): command = "wget -q https:".format(url) return os.system(command) def convert(): image_link = input("image link: ") image = get_image(image_link) ``` -------------------------------- ### Run Black Code Formatter for Python Source: https://github.com/facebook/pyre-check/blob/main/CONTRIBUTING.md Use the Black code formatter for all Python files. Install it via pip and run it on client files. ```bash pip install black ``` ```bash black pyre-check/client ``` -------------------------------- ### Start Pysa Model Explorer Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_explore.md Launch the interactive Pysa model exploration script. This script loads the taint output JSON generated by Pysa for analysis. ```bash python3 -i scripts/explore_pysa_models.py ``` -------------------------------- ### Run OCamlFormat Code Formatter Source: https://github.com/facebook/pyre-check/blob/main/CONTRIBUTING.md Use the ocamlformat code formatter for all OCaml files. Install it via opam and run it on changed files. ```bash opam install ocamlformat ``` ```bash ocamlformat -i affectedFile.ml ``` -------------------------------- ### Source/Sink Sanitizer Example Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_basics.md Illustrates how source/sink sanitizers prevent taint flow to sinks. This code would raise a Pysa issue without sanitization. ```python def render_string_safe(string: str): safe_strings_list = ["safe", "string", "list"] if string in safe_strings_list: return render(string) def render_input_view(request: HttpRequest): user_input = request.GET["user_input"] return render_string_safe(user_input) ``` -------------------------------- ### Model Query Example Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/querying_pyre.md The `model_query` command allows you to retrieve models generated by a ModelQuery. Ensure the provided path points to a directory containing a `taint.config` file. ```python # a.py def foo(x): ... def food(y): ... ``` -------------------------------- ### Pysa Feature Annotation Example Source: https://github.com/facebook/pyre-check/blob/main/documentation/pysa_tutorial/exercise4/README.md Demonstrates the correct syntax for adding feature annotations to Pysa models. Ensure only feature annotations are used, not standard type annotations. ```python AddFeatureToArgument[Via[FEATURE_NAME]] ``` -------------------------------- ### Configure Site Package Search Strategy Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/configuration.md Control how Pyre discovers type checking dependencies installed via pip. Options include 'none', 'all', and 'pep561'. ```json "site_package_search_strategy": "none" ``` ```json "site_package_search_strategy": "all" ``` ```json "site_package_search_strategy": "pep561" ``` -------------------------------- ### Run Pysa Model Explorer Internally Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_explore.md Internally at Meta, the `pysa-explore-models` script can be run directly. Ensure Bento is installed and potentially use shell integration for convenience. ```bash $ python3 ~/fbcode/tools/pyre/facebook/scripts/in_path/pysa-explore-models ``` ```bash $ feature install bento ``` ```bash pysa-explore-models ``` -------------------------------- ### Pysa Chained Sink Summary Example Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_implementation_details.md Illustrates Pysa inferring sink summaries through chained function calls, demonstrating indirect taint flow to sinks. ```python def calls_sink(arg: TaintSink[RemoteCodeExecution]): ... ``` ```python def wraps_sink(arg): calls_sink(arg) ``` ```python def wraps_sink(arg: TaintSink[RemoteCodeExecution]): ... ``` -------------------------------- ### Initialize Pyre Project Configuration Source: https://github.com/facebook/pyre-check/blob/main/README.md Run `pyre init` to set up the `.pyre_configuration` and `.watchmanconfig` files for your project. Defaults can be accepted initially. ```bash (venv) $ pyre init ``` -------------------------------- ### Example Classes for Decorator Filtering Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_model_dsl.md These example classes demonstrate how different decorators and arguments affect Pysa model queries. Only `Foo` will match the `cls.decorator` clause in the preceding example. ```python @d1(2) class Foo: def __init__(self, a, b): ... @d1() class Bar: def __init__(self, a, b): ... @d2(2) class Baz: def __init__(self, a, b): ... ``` -------------------------------- ### Install wheel on macOS Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_quickstart.md Installs the wheel package for Python on macOS. This is a prerequisite for running Pysa. ```shell $ pip3 install wheel ``` -------------------------------- ### Initialize Pysa and SAPP Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_quickstart.md Run the initialization command to set up your repository for Pysa and SAPP analysis. This command also applies optional repository tweaks to enhance Pysa's results. ```shell pyre init-pysa ``` -------------------------------- ### Widen Broadening Example with Dictionary Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_advanced.md Illustrates widen broadening in a loop where a dictionary's keys can grow infinitely, requiring Pysa to stop at a certain depth for termination. ```Python def foo(n): d = {} for _ in range(n): d = { "a": source(), "b": d, } return d ``` -------------------------------- ### Install Stable Pyre Check Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_quickstart.md If Pysa is not working and you suspect a nightly version issue, uninstall `pyre-check-nightly` and install the stable `pyre-check` package. ```shell (pysa) $ pip uninstall pyre-check-nightly (pysa) $ pip install pyre-check ``` -------------------------------- ### Start SAPP Server with Source Directory Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_quickstart.md When the SAPP Web UI shows 'No file found' errors for issues, run the `sapp server` command with the `--source-directory` flag pointing to your project's source code. ```shell (pysa) $ sapp server --source-directory path/to/project_source_code ``` -------------------------------- ### Build OCaml Binary for Pyre-check Source: https://github.com/facebook/pyre-check/blob/main/AGENTS.md Navigate to the source directory and run 'make' to build the OCaml binary. The executable will be located at source/_build/default/main.exe. ```bash cd source && make ``` -------------------------------- ### Initialize Pyre Configuration Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/configuration.md Use this command to generate an initial `.pyre_configuration` file in your project's root directory. ```bash $ pyre init ``` -------------------------------- ### Install Python 3.9 and dependencies on Ubuntu Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_quickstart.md Updates Ubuntu to Python 3.9 and installs necessary development and pip packages. This is required for Pysa on older Ubuntu versions. ```shell $ sudo apt-get update $ sudo apt install python3.9 python3.9-venv python3.9-dev python3-pip -y ``` -------------------------------- ### Python Code for Taint In Taint Out Example Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_advanced.md This Python code defines a `read_file` function that reads content from a file. It serves as an example for demonstrating taint in taint out transforms. ```Python def read_file(path): with open(path, "r") as f: content = f.read() return content ``` -------------------------------- ### Build Zstandard with Buck Source: https://github.com/facebook/pyre-check/blob/main/source/hack_parallel/hack_parallel/third-party/zstd/README.md Build the zstd binary using Buck. The command should be executed from the root of the repository. ```bash buck build programs:zstd ``` -------------------------------- ### Build Python CLI for Pyre-check (Meta Internal) Source: https://github.com/facebook/pyre-check/blob/main/AGENTS.md Meta internal users can build the Python CLI using the 'buck build' command. ```bash # For Meta internal users buck build fbcode//tools/pyre/client:pyre ``` -------------------------------- ### Clone Pyre Repository Source: https://github.com/facebook/pyre-check/blob/main/documentation/pysa_tutorial/README.md Clone the pyre-check repository to your local machine. This is the first step to setting up the tutorial environment. ```bash git clone https://github.com/facebook/pyre-check.git cd pyre-check ``` -------------------------------- ### Correct `ParamSpec` Usage Example Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/errors.md This example demonstrates the correct way to use `ParamSpec` with `typing.Callable`, including both `*args: P.args` and `**kwargs: P.kwargs` in the function signature, which Pyre will not flag with errors. ```python from typing import Callable from pyre_extensions import ParameterSpecification P = ParameterSpecification("P") # OK def good(f: Callable[P, int], *args: P.args, **kwargs: P.kwargs) -> int: return f(*args, **kwargs) ``` -------------------------------- ### Build Zstandard with Meson Source: https://github.com/facebook/pyre-check/blob/main/source/hack_parallel/hack_parallel/third-party/zstd/README.md Build Zstandard using Meson. Refer to the build/meson directory for specific instructions. The default build type is release. ```bash cd build/meson meson setup build ninja -C build ``` -------------------------------- ### Pyre Error Code Example: General Type Error Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/errors.md Shows a typical Pyre output format, highlighting an error code within brackets. This example indicates an 'Incompatible variable type' error. ```bash (venv) $ pyre ƛ Found 1 type error! test.py:1:0 Incompatible variable type [9]: a is declared to have type `int` but is used as type `str`. ``` -------------------------------- ### Limit Tito Collapse Depth Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_advanced.md These Python examples show how taint-in-taint-out (TITO) propagation is limited by depth. The first example demonstrates TITO for return values, and the second shows its application to sinks in backward analysis. ```python def identity(arg): return arg def foo(): input = {'a': {'b': {'c': source()}}} output = identity(input) ``` ```python def foo(arg): output = identity(arg) sink(output['a']['b']['c']) ``` -------------------------------- ### Configure Search Path with Toplevel Site Package Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/configuration.md Specify a site package as a single-file module rather than a package, useful for libraries structured differently. ```json {"site-package": "package_name", "is_toplevel_module": true} ``` -------------------------------- ### Maximum Tree Depth After Widening Example Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_advanced.md Example of a source tree depth of 3 in Python within a loop. Pysa limits this depth to prevent excessive analysis, adding 'widen-broadening' features when the limit is exceeded. ```python def foo(): variable = MyClass() for x in generate(): variable.a.b.c = source() return result ``` -------------------------------- ### Initialize Pyre Configuration Source: https://github.com/facebook/pyre-check/blob/main/documentation/deliberately_vulnerable_flask_app/README.md Generate the initial configuration file for pyre-check. This command sets up the necessary files for static analysis. ```bash pyre init ``` -------------------------------- ### Troubleshoot Pyre Client Not Found Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_quickstart.md This example demonstrates how to troubleshoot the 'Could not find a pyre client' error, which can occur with certain shell configurations like zsh. It involves deactivating and reactivating the virtual environment, and ensuring the 'pyre' executable is correctly located within the virtual environment's path. ```shell (pysa) $ pip install pyre-check (pysa) $ cd demo-project (pysa) $ pyre analyze --no-verify ƛ Error: Could not find a pyre client. (pysa) $ which pyre /usr/local/bin/pyre (pysa) $ deactivate (pysa) $ zsh $ source ~/.venvs/pysa/bin/activate (pysa) $ which pyre /Users/unixname/.venvs/pysa/bin/ ``` -------------------------------- ### Run Python Tests for Pyre-check (Meta Internal) Source: https://github.com/facebook/pyre-check/blob/main/AGENTS.md For Meta internal users, run Python tests using the 'buck test' command with the specified path. ```bash # For Meta internal users buck test fbcode//tools/pyre/client/... ``` -------------------------------- ### Pysa `.pysa` file for `@Entrypoint` Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_advanced.md This `.pysa` file uses the `@Entrypoint` decorator to specify which functions should be considered as starting points for Pysa analysis, thereby filtering the call graph. ```Pysa @Entrypoint def my_file.MyClass.class_entrypoint(): ... @Entrypoint def func_entrypoint(): ... ``` -------------------------------- ### Run Static Analysis with make staticAnalyze Source: https://github.com/facebook/pyre-check/blob/main/source/hack_parallel/hack_parallel/third-party/zstd/CONTRIBUTING.md Execute the static analysis tests on your local machine using the provided make target. This ensures compliance with the project's static analysis standards. ```bash make staticAnalyze ``` -------------------------------- ### Undefined Import Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/errors.md Pyre raises an 'Undefined import' error when a module cannot be found in the search path. Ensure the module is installed and accessible. ```python from my_module import my_function my_function() ``` -------------------------------- ### List Function and Method Definitions with Pyre Query Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/querying_pyre.md The `defines` query returns all function and method definitions within a given module or class. The output includes the definition name, parameters, and return annotation. ```python class C: a: int = 2 def foo(self) -> str: return "" def bar() -> None: pass ``` ```bash $ pyre query "defines(a.C)" { "response": [ { "name": "a.C.foo", "parameters": [ { "name": "self", "annotation": null } ], "return_annotation": "str" } ] } ``` ```bash $ pyre query "defines(a)" { "response": [ { "name": "a.C.foo", "parameters": [ { "name": "self", "annotation": null } ], "return_annotation": "str" }, { "name": "a.bar", "parameters": [], "return_annotation": "None" } ] } ``` -------------------------------- ### Assignment of Global to Local Variable Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/querying_pyre.md This example shows how assigning a global variable or its attributes to a local variable is considered a leak by Pyre. ```python def foo() -> None: my_local: int = MY_GLOBAL_INT # leak my_other_local: List[str] = MY_OTHER_GLOBAL.str_list # leak ``` -------------------------------- ### Get All Types in a File Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/querying_pyre.md The `types` query returns all resolved types within a specified file. Paths must be relative to the `pyre_configuration`. ```python types('path1', 'path2', ...) ``` -------------------------------- ### Configure Pyre Executable and Binary Path Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/installation.md Set up bash aliases and environment variables to run Pyre from anywhere and point to the compiled binary. This is for general usage. ```bash $ echo "alias pyre='PYTHONPATH="/path/to/pyre-check/..:$PYTHONPATH" python -m pyre_check.client.pyre'" >> ~/.bashrc $ echo "export PYRE_BINARY=/path/to/pyre-check/source/_build/default/main.exe" >> ~/.bashrc $ source ~/.bashrc ``` -------------------------------- ### Get Absolute Path of a Module Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/querying_pyre.md Use the `path_of_module` query to retrieve the full absolute file path for a given Python module. ```bash $ pyre query "path_of_module(module_name)" ``` -------------------------------- ### Use Literal String Sinks with String Formatting Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_advanced.md Python examples demonstrating various string formatting methods (f-strings, .format(), %-style) where the resulting string matches a configured literal sink pattern. Pysa will flag data flowing into these. ```python def may_render(parameter: str) -> None: result = f"" result = "".format(parameter) result = "" % (parameter,) ``` -------------------------------- ### Duplicate Parameter in Function Definition (Python) Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/errors.md Functions cannot have multiple named parameters with the same name. This example shows an error caused by a duplicate parameter 'a'. ```python def add(a: int, a: int) -> None: pass ``` -------------------------------- ### Initialize Pyre Inside Docker Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/installation.md When initializing Pyre with `pyre init` inside the Docker container, you may need to manually provide paths for the binary and typeshed if they are not automatically detected. ```bash ƛ No `pyre.bin` found, enter the path manually: /home/opam/pyre-check/source/_build/default/main.exe ƛ Unable to locate typeshed, please enter its root: /home/opam/pyre-check/stubs/typeshed/typeshed-master ``` -------------------------------- ### Train Zstandard Dictionary Source: https://github.com/facebook/pyre-check/blob/main/source/hack_parallel/hack_parallel/third-party/zstd/README.md Use this command to train a dictionary for small data compression. Provide the path to your training data samples. ```bash zstd --train FullPathToTrainingSet/* -o dictionaryName ``` -------------------------------- ### Model File Annotations Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_basics.md Applies multiple Pysa annotations to a single attribute in model files. This example annotates HttpRequest.COOKIES as both UserControlled and Cookies. ```python django.http.request.HttpRequest.COOKIES: TaintSource[UserControlled] django.http.request.HttpRequest.COOKIES: TaintSource[Cookies] ``` -------------------------------- ### Compress File with Dictionary Source: https://github.com/facebook/pyre-check/blob/main/source/hack_parallel/hack_parallel/third-party/zstd/README.md Compress a file using a pre-trained Zstandard dictionary. Ensure the dictionary file is accessible. ```bash zstd -D dictionaryName FILE ``` -------------------------------- ### Run OCaml Tests for Pyre-check Source: https://github.com/facebook/pyre-check/blob/main/AGENTS.md Execute OCaml tests using 'make test' for all tests or 'dune exec' for specific test files. Ensure you are in the source directory. ```bash # All OCaml tests cd source && make test ``` ```bash # Specific OCaml test - e.g. analysis/test/integration/methodTest.ml: cd source && dune exec analysis/test/integration/methodTest.exe ``` -------------------------------- ### Invalid Exception Group Handler Type (Python) Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/errors.md This example demonstrates another invalid usage of `except*` where a non-exception type `int` is used, which is not permitted. ```python try: pass except* int as e: pass ``` -------------------------------- ### Pysa Analysis Thresholds Configuration Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_advanced.md Example of configuring Pysa's analysis thresholds in a taint.config file. These options fine-tune the taint analysis behavior. ```json { "sources": [], "sinks": [], "features": [], "rules": [], "options": { "maximum_model_source_tree_width": 10, "maximum_model_sink_tree_width": 10, "maximum_model_tito_tree_width": 10 } } ``` -------------------------------- ### Run Local Tests (Quick Check) Source: https://github.com/facebook/pyre-check/blob/main/source/hack_parallel/hack_parallel/third-party/zstd/CONTRIBUTING.md Run a quick check of your local tests to ensure changes haven't broken existing functionality. ```bash make shortest ``` -------------------------------- ### Example of Taint Propagation Depth Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_advanced.md Illustrates how taint can propagate through multiple function calls. Pysa's `--maximum-tito-depth` option can limit this for performance. ```Python def foo(x): return x def bar(x): return foo(x) def baz(x): return bar(x) ``` -------------------------------- ### TITO Sanitizer Example Source: https://github.com/facebook/pyre-check/blob/main/documentation/website/docs/pysa_basics.md Demonstrates TITO sanitizers for taint flowing into and out of a function. This code would generate a Pysa issue without TITO sanitization. ```python def sanitize_string(string: str): return re.sub('[^0-9a-z]+', '*', string) def render_input_view(request: HttpRequest): user_input = request.GET["user_input"] safe_str = sanitize_string(user_input) return render(safe_str) ``` -------------------------------- ### Run Local Tests (Full Check) Source: https://github.com/facebook/pyre-check/blob/main/source/hack_parallel/hack_parallel/third-party/zstd/CONTRIBUTING.md Run a more comprehensive set of local tests to ensure changes haven't broken existing functionality. ```bash make test ``` -------------------------------- ### Generate Files, Configure, and Run Analysis Source: https://github.com/facebook/pyre-check/blob/main/scripts/pysa_fuzzer/README.md Generates a specified number of files with a given number of statements, configures the analysis environment, and runs Pysa analysis. ```bash python run.py all --num-files 50 --num-statements 10 ```