-
Notifications
You must be signed in to change notification settings - Fork 434
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to use OS.enviorn as a taint source #865
Comments
cc @alexkassil this question could use a Pysa expert |
Hi @jallen89, thanks for reaching out. First of, make sure that you have defined a rule for flows of Then, if the problem persists, could you please do the following:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, I have a question about Pysa's tainting.
Currently I am trying to test a small example that considers
os.environ
a source andexec
as a sink (shown below). I expected Pysa to return that it found a dataflow fromos.environ
toexec
. However, after runningpyre analyze
the results returns is an empty list (no dataflows). Is there any additional information I need to provide to Pysa so that it can track this dataflow?My
source_sinks.pysa
file has the following models.So far I have looked at the callgraph, and it identifies both the calls to
os._Environ.__getitem__
and the call toexec
. Do you all have any recommendations on what I should check next.The text was updated successfully, but these errors were encountered: