未知的AnalysisClassHierarchy。在pyre analyze处发生未跟踪(41;异常

2024-09-21 03:19:54 发布

您现在位置:Python中文网/ 问答频道 /正文
9852 3

紧急试图找到一个未知和未记录错误的修复程序

运行pysa分析并获取以下信息:

ƛ Uncaught exception:
ƛ 
ƛ   AnalysisClassHierarchy.Untracked(_)
ƛ 
ƛ Raised at file "string.ml", line 115, characters 19-34
ƛ Called from file "src/sexp.ml", line 113, characters 13-47
ƛ Client exited with error code 1```

pyre配置文件:

{
  "source_directories": [
    "."
  ],
  "taint_models_path": ".",
  "exclude": "/home/zeus/work/test-protecc/env/lib/python3.9/.*"
}

我们的模式:

model_content = """
protecc.vortex.Vortex.SECRETS: TaintSource[Secret]
protecc.vortex.Vortex.endpoints: TaintSink[Endpoint]
"""

该课程的建模:

...
class Vortex:
    def __init__(self):
        self.SECRETS = {}   # Populate with sources
        self.endpoints = set() # Populate with sinks
...

我们试着调整了很多东西,但我们总是得到同样的错误。 到目前为止,只发现3次提到这个问题herehere at the end of the pagehere。到目前为止,没有一个是有用的


Tags: selfhere错误withlinemlatfile
2条回答
网友
1楼 · 编辑于 2024-09-21 03:19:54

这也是作为issue on GitHub跟踪的,所以我将把讨论保留在那里,并将此链接作为面包屑留给遇到问题并找到此帖子的其他人

网友
2楼 · 编辑于 2024-09-21 03:19:54

我也遇到了这个错误。当.pyre_configuration文件中未配置或错误配置Pyretypeshed目录时,会发生AnalysisClassHierarchy.Untracked错误

例如,如果已将Pyre安装到/home/max/.local/lib/pyre_check/,则typeshed目录为/home/max/.local/lib/pyre_check/typeshed

为了立即重现此错误,我已将配置文件中的typeshed目录更改为不正确的目录。因此,我得到了以下错误:

Analysis__ClassHierarchy.Untracked("typing.NamedTuple")

在更正路径后,Pyre能够发现漏洞。见下文。我还将给出一些实例,说明它是如何发现错误的,如何配置错误,以及需要对源代码进行哪些更改

如果您希望安装自定义存根(包含.pyi文件的目录),请将它们添加到typeshed/third_party/2and3/,或者,在我的情况下,将其添加到/home/max/.local/lib/pyre_check/typeshed/third_party/2and3/

因此,您的.pyre_configuration文件将如下所示:

{
  "source_directories": ["/home/max/myproject"],
  "taint_models_path": "/home/max/myproject/taint",
  "typeshed": "/home/max/.local/lib/pyre_check/typeshed"
}

不要使用默认的Pyre污染目录。您已经指定了自己的污染目录,这是正确的。您已经在.中创建了它,但是最好为它创建一个包含多个子目录的新目录。请创建一个新的taint目录,如/home/max/myproject/taint,并将pyer安装文件夹中的taint.config文件复制到其中。另外,将.pysa文件从Pyre安装复制到此目录,但只复制您需要的文件,而不是所有文件。还将模型.pisa文件放在那里

让我举几个例子

例如,使用https://github.com/fportantier/vulpyPyre时,发现了以下错误:

  {
    "line": 20,
    "column": 43,
    "stop_line": 20,
    "stop_column": 51,
    "path": "mod_user.py",
    "code": 5005,
    "name": "SQL injection.",
    "description":
      "SQL injection. [5005]: Data from [UserControlled] source(s) may reach [SQL] sink(s)",
    "inference": null,
    "define": "mod_user.do_login"
  },
  {
    "line": 20,
    "column": 33,
    "stop_line": 20,
    "stop_column": 41,
    "path": "mod_user.py",
    "code": 5005,
    "name": "SQL injection.",
    "description":
      "SQL injection. [5005]: Data from [UserControlled] source(s) may reach [SQL] sink(s)",
    "inference": null,
    "define": "mod_user.do_login"
  },
  {
    "line": 52,
    "column": 33,
    "stop_line": 52,
    "stop_column": 41,
    "path": "mod_user.py",
    "code": 5005,
    "name": "SQL injection.",
    "description":
      "SQL injection. [5005]: Data from [UserControlled] source(s) may reach [SQL] sink(s)",
    "inference": null,
    "define": "mod_user.do_create"
  },
  {
    "line": 52,
    "column": 23,
    "stop_line": 52,
    "stop_column": 31,
    "path": "mod_user.py",
    "code": 5005,
    "name": "SQL injection.",
    "description":
      "SQL injection. [5005]: Data from [UserControlled] source(s) may reach [SQL] sink(s)",
    "inference": null,
    "define": "mod_user.do_create"
  },
  {
    "line": 80,
    "column": 55,
    "stop_line": 80,
    "stop_column": 63,
    "path": "mod_user.py",
    "code": 5005,
    "name": "SQL injection.",
    "description":
      "SQL injection. [5005]: Data from [UserControlled] source(s) may reach [SQL] sink(s)",
    "inference": null,
    "define": "mod_user.do_chpasswd"
  },
  {
    "line": 39,
    "column": 24,
    "stop_line": 39,
    "stop_column": 40,
    "path": "mod_api.py",
    "code": 6060,
    "name": "User-controlled data flows into filesystem API (other)",
    "description":
      "User-controlled data flows into filesystem API (other) [6060]: Data from [UserControlled] source(s) may reach [FileSystem_Other] sink(s)",
    "inference": null,
    "define": "mod_api.do_key_create"
  },
  {
    "line": 39,
    "column": 24,
    "stop_line": 39,
    "stop_column": 40,
    "path": "mod_api.py",
    "code": 5011,
    "name": "User data to filesystem operation (read/write)",
    "description":
      "User data to filesystem operation (read/write) [5011]: Data from [UserControlled] source(s) may reach [FileSystem_ReadWrite] sink(s)",
    "inference": null,
    "define": "mod_api.do_key_create"
  }
]

对于https://github.com/lchsk/django-insecurePyre,发现了以下错误:

  {
    "line": 16,
    "column": 29,
    "stop_line": 16,
    "stop_column": 80,
    "path": "security/views.py",
    "code": 5005,
    "name": "SQL injection.",
    "description":
      "SQL injection. [5005]: Data from [UserControlled] source(s) may reach [StringMayBeSQL] sink(s)",
    "inference": null,
    "define": "security.views.unsafe_users"
  },
  {
    "line": 32,
    "column": 14,
    "stop_line": 32,
    "stop_column": 22,
    "path": "security/views.py",
    "code": 5011,
    "name": "User data to filesystem operation (read/write)",
    "description":
      "User data to filesystem operation (read/write) [5011]: Data from [UserControlled] source(s) may reach [FileSystem_ReadWrite] sink(s)",
    "inference": null,
    "define": "security.views.read_file"
  },
  {
    "line": 41,
    "column": 14,
    "stop_line": 41,
    "stop_column": 17,
    "path": "security/views.py",
    "code": 5001,
    "name": "Possible shell injection",
    "description":
      "Possible shell injection [5001]: Data from [UserControlled] source(s) may reach [RemoteCodeExecution] sink(s)",
    "inference": null,
    "define": "security.views.copy_file"
  },
  {
    "line": 72,
    "column": 24,
    "stop_line": 72,
    "stop_column": 29,
    "path": "security/views.py",
    "code": 6066,
    "name": "Unsafe deserialization may result in RCE",
    "description":
      "Unsafe deserialization may result in RCE [6066]: Data from [UserControlled] source(s) may reach [ExecDeserializationSink] sink(s)",
    "inference": null,
    "define": "security.views.admin_index"
  }
]

在我的例子中https://github.com/lchsk/django-insecure项目的存根目录包含以下文件:

collection_propagation.pysa
django_sources_sinks.pysa
filesystem_other_sinks.pysa
filesystem_sinks.pysa
flask_sources_sinks.pysa
format_string_sinks.pysa
general.pysa
github-django-insecure-views.pysa
http_server.pysa
logging_sinks.pysa
protocols.pysa
rce_sinks.pysa
requests_api_sinks.pysa
sanitizers.pysa
skipped_overrides.pysa
sqlite3_sinks.pysa
taint.config
wsgi_ref.pysa
xss_sinks.pysa

github-django-unsecure-views.pysa文件的内容如下所示。需要定义视图函数的字符串参数也是污染源:

def security.views.unsafe_users(request, user_id: TaintSource[UserControlled]): ...
def security.views.safe_users(request, user_id: TaintSource[UserControlled]): ...
def security.views.read_file(request, filename: TaintSource[UserControlled]): ...
def security.views.copy_file(request, filename: TaintSource[UserControlled]): ...
def security.views.admin_index(request): ...
def security.views.search(request): ...
def security.views.log(request): ...

我还编辑了views.py文件以指定请求参数的类型,如下所示:

def unsafe_users(request: HttpRequest, user_id):

您不能仅仅为views.py创建.pyi文件来定义请求参数的类型,因为如果Pyre找到一个.pyi文件,它将跳过对该文件的扫描,因此您必须确保在代码中明确指定了该类型。否则,Pyre将无法跟踪从污染源到污染接收器的执行流

相关问题 更多 >

    编程相关推荐

    热门问题