Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pysa detection capabilities #959

Open
yoann-marquer opened this issue Jan 10, 2025 · 2 comments
Open

Pysa detection capabilities #959

yoann-marquer opened this issue Jan 10, 2025 · 2 comments

Comments

@yoann-marquer
Copy link

Pysa Bug

Pre-submission checklist
[✓] I've checked the list of common issues and mine does not appear

Bug description
Apologies, this is not exactly a bug, more a set of questions to better understand Pysa capabilities, don't hesitate to redirect us if necessary.

We are trying to use Pysa to detect vulnerabilities in several Python projects.
According to the tutorial and the documentation, Pysa is able to detect when there is a data flow from a source to a sink (which, eventually, was not caught by a sanitizer) and to report a location in the path between the source and the sink as the vulnerability location.

But is it possible to do more with Pysa, by defining dedicated rules?
For instance:

  • be able to detect if a variable is present in a given procedure/statement
  • be able to report a vulnerability if a sink is present but there is no data flow between the source and the sink (as opposed to the current behavior where there must be a data flow to report a vulnerability)
  • be able to detect that there is a data flow between a source and the end of a procedure (instead of a sink)

Reproduction steps
None

Expected behavior
For CVE-2016-9243, is it possible to detect in ‎src/cryptography/hazmat/primitives/kdf/hkdf.py that the variable self._algorithm.digest_size was divided by 8? For instance, by detecting the presence of the character 8 at Line 94?

For CVE-2017-2809, is it possible to detect in ansible_vault/api.py that yaml.load was called instead of yaml.safe_load at Line 18?

For CVE-2016-9909, is it possible to detect in html5lib/serializer/htmlserializer.py that the variable self.quote_attr_values was not compared with the value "legacy", as in the fix at Line 255?

For CVE-2014-7143, is it possible to detect in twisted/web/client.py
 that the "source" _trustRoot should be present when the "sink" optionsForClientTLS is called (i.e., there is a vulnerability if optionsForClientTLS is called without _trustRoot)?

Similarly, for CVE-2012-2417, is it possible to detect in ‎lib/Crypto/PublicKey/ElGamal.py that the "source" getPrime should be reached before the "sink" .isPrime (i.e., there is a vulnerability if getPrime is called but not .isPrime)?

Logs
None

Additional context
None
@arthaud
Copy link
Contributor

arthaud commented Jan 13, 2025
edited
Loading

Hi,

  • be able to detect if a variable is present in a given procedure/statement

How would it "detect" the variable? By its name? Then, no, in the general case, Pysa is not able to detect if a variable name is used. If, instead, you want to detect if an attribute is used, then you can model a specific class attribute as a source or sink.

  • be able to report a vulnerability if a sink is present but there is no data flow between the source and the sink (as opposed to the current behavior where there must be a data flow to report a vulnerability)

No, unfortunately, Pysa can only find flows from sources to sinks. If you just want to know if a function is called from anywhere, you could use the call graph generated by Pysa (see option --dump-call-graph).

  • be able to detect that there is a data flow between a source and the end of a procedure (instead of a sink)

Yes, you can mark the return value of a function as a sink using return sinks. Unfortunately, it looks like this isn't documented, but this is supported. See this test:
https://github.com/facebook/pyre-check/blob/main/source/interprocedural_analyses/taint/test/integration/return_sinks.py.pysa#L3-L4
https://github.com/facebook/pyre-check/blob/main/source/interprocedural_analyses/taint/test/integration/return_sinks.py#L24-L30

For CVE-2016-9243, is it possible to detect in ‎src/cryptography/hazmat/primitives/kdf/hkdf.py that the variable self._algorithm.digest_size was divided by 8? For instance, by detecting the presence of the character 8 at Line 94?

You could try this: make int. __truediv__ a sink, so you find all flows from digest_size (you would make it a source DigestSize) to any integer division. Then, you can use ViaValueOf: https://pyre-check.org/docs/pysa-features/#via-value-feature-using-viavalueof
This will make Pysa add a breadcrumb via-value:<dividend> (e.g via-value:8) to all these flows. Then you can use filters to exclude issues where the dividend is not 8.
However I will admit this is just a workaround and might not be the best approach.

For CVE-2017-2809, is it possible to detect in ansible_vault/api.py that yaml.load was called instead of yaml.safe_load at Line 18?

Pysa can only find flows from sources to sinks. For instance, using yaml.load on a static string or something coming from a configuration file is probably not a vulnerability. I could imagine a few things that could be sinks here. For instance, anything returned by Vault.decrypt seems like it could be user controlled? Or at least you could make a source DecryptedPayload or something.
You could also just find all calls to yaml.load using the call graph, as I suggested above for another question.

For CVE-2016-9909, is it possible to detect in html5lib/serializer/htmlserializer.py that the variable self.quote_attr_values was not compared with the value "legacy", as in the fix at Line 255?

I don't see an easy way for Pysa to detect whether a variable is NOT compared with a specific string. However, I'm wondering if this vulnerability can be modeled differently as a source to sink problem.

For CVE-2014-7143, is it possible to detect in twisted/web/client.py that the "source" _trustRoot should be present when the "sink" optionsForClientTLS is called (i.e., there is a vulnerability if optionsForClientTLS is called without _trustRoot)?

Pysa cannot detect a "not" flow. I think the correct way to model this is to make hostname be the source, and filter out flows where _trustRoot was provided. For instance, ViaValueOf can tell if you an argument was present or NOT.

Similarly, for CVE-2012-2417, is it possible to detect in ‎lib/Crypto/PublicKey/ElGamal.py that the "source" getPrime should be reached before the "sink" .isPrime (i.e., there is a vulnerability if getPrime is called but not .isPrime)?

I would make getPrime a sanitizer, but then we need something to act as a source. Maybe bits could be the source?

@yoann-marquer
Copy link
Author

Thank you very much @arthaud for your very useful answer, as usual, and sorry for the delay.

For CVE-2016-9243 we tried to made different combinations (parameters and return values) of int. __truediv__ , float. __truediv__ , int. __floordiv__ sinks (with _algorithm as a source) but we did not manage to detect the tainted information flow (we are not sure why, logs available below).

For CVE-2017-2809, we correctly detected the vulnerability, by annotating stream as source and load (but not safe_load , of course) as sink.

For CVE-2014-7143, we correctly detected the vulnerability, by annotating hostname as source and optionsForClientTLS as sink.
We can filter out amongst both detections the one after commit using ViaValueOf, as you suggested, but OK, apparently it's not possible to NOT detect it.

For CVE-2012-2417, we tried to detect the vulnerability by annotating bits as source and getPrime as sink, but we did not manage to detect the tainted information flow (we are not sure why, logs available below).

In short, we could not detect any vulnerability we wanted, it has to follow the source-to-sink pattern, and even in that case some flows are not detected.
At least we better understand the tool and its capabilities, now, thank you again for your valuable insights :)

Don't hesitate if you have any idea regarding CVE-2016-9243 and CVE-2012-2417.
Otherwhise, I'll close the issue and if we have more questions we'll create a new one.

Sources and sinks for CVE-2016-9243:

def numbers.Complex.__truediv__(self: TaintSink[CVE20169243Sink], other): ...
def numbers.Complex.__truediv__(self, other:TaintSink[CVE20169243Sink]): ...
def int.__truediv__(value, /)->TaintSink[CVE20169243Sink]: ...
def int.__truediv__(value:TaintSink[CVE20169243Sink], /): ...
 
def float.__truediv__(value, /)->TaintSink[CVE20169243Sink]: ...
def float.__truediv__(value:TaintSink[CVE20169243Sink], /): ...
 
def int.__floordiv__(value, /)->TaintSink[CVE20169243Sink]: ...
def int.__floordiv__(value:TaintSink[CVE20169243Sink], /): ...
 
def float.__floordiv__(value, /)->TaintSink[CVE20169243Sink]: ...
def float.__floordiv__(value:TaintSink[CVE20169243Sink], /): ...
 
hkdf_before.HKDFExpand._algorithm:TaintSource[CVE20169243Source]  = ...

Logs for CVE-2016-9243:

(pysa) marwamadni@Marwas-MacBook-Air Before % pyre --noninteractive analyze
2025-01-30 15:54:26,174 [PID 22588] INFO No binary specified, looking for `pyre.bin` in PATH
2025-01-30 15:54:26,174 [PID 22588] INFO Pyre binary is located at `/opt/homebrew/anaconda3/envs/pysa/bin/pyre.bin`
2025-01-30 15:54:26,174 [PID 22588] INFO Could not determine the number of Pyre workers from configuration. Auto-set the value to 7.
2025-01-30 15:54:26,177 [PID 22588] INFO No typeshed specified, looking for it...
2025-01-30 15:54:26,177 [PID 22588] INFO Found: `/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed`
2025-01-30 15:54:26,178 [PID 22588] INFO Writing arguments into /var/folders/pn/0vbng5w93zd04b05mv8jrzg40000gn/T/pyre_arguments_st62vqvb.json...
2025-01-30 15:54:26,178 [PID 22588] DEBUG Arguments:
{
  "source_paths": {
    "kind": "simple",
    "paths": [
      "/Users/marwamadni/Documents/StudentJob/PyreResults/CVE-2016-9243/Before"
    ]
  },
  "search_paths": [
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$Crypto",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$dataclasses_json",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$mypy",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$testslide",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$idna",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$click",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$yaml-stubs",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$attr",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$django_stubs_ext",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$incremental",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$pkg_resources",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$asgiref",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$libcst",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$marshmallow",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$tomli",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$attrs",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$packaging",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$typeguard",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$automat",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$twisted",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$pip",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$hyperlink",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stdlib",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/ExifRead",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/PyMySQL",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/PyYAML",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/aiofiles",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/boto",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/chevron",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/colorama",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/ldap3",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/mysqlclient",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/paramiko",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/psycopg2",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/pycurl",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/python-dateutil",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/pytz",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/regex",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/requests",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/retry",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/tqdm",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/ujson"
  ],
  "excludes": [
    ".*/integration_test/.*"
  ],
  "checked_directory_allowlist": [
    "/Users/marwamadni/Documents/StudentJob/PyreResults/CVE-2016-9243/Before"
  ],
  "checked_directory_blocklist": [],
  "extensions": [],
  "log_path": "/Users/marwamadni/Documents/StudentJob/PyreResults/CVE-2016-9243/Before/.pyre",
  "global_root": "/Users/marwamadni/Documents/StudentJob/PyreResults/CVE-2016-9243/Before",
  "debug": false,
  "python_version": {
    "major": 3,
    "minor": 10,
    "micro": 0
  },
  "shared_memory": {},
  "parallel": true,
  "number_of_workers": 7,
  "inline_decorators": false,
  "infer_self_tito": false,
  "infer_argument_tito": false,
  "no_verify": false,
  "verify_dsl": false,
  "verify_taint_config_only": false,
  "strict": false,
  "taint_model_paths": [
    "/Users/marwamadni/Documents/StudentJob/PyreResults/CVE-2016-9243/Before"
  ],
  "use_cache": false,
  "build_cache_only": false,
  "check_invariants": false,
  "limit_entrypoints": false,
  "compact_ocaml_heap": false,
  "saved_state": {
    "watchman_root": null,
    "project_name": null,
    "preset": null,
    "cache_critical_files": []
  },
  "compute_coverage": false
}
2025-01-30 15:54:26,367 [PID 22588] INFO  Initializing shared memory (heap_size: 8589934592, dep_table_pow: 1, hash_table_pow: 26)
2025-01-30 15:54:26,392 [PID 22588] INFO  Initializing and verifying taint configuration...
2025-01-30 15:54:26,392 [PID 22588] INFO  Initialized and verified taint configuration: 0.006s
2025-01-30 15:54:26,392 [PID 22588] PERFORMANCE  Initialized and verified taint configuration: 0.007s
2025-01-30 15:54:26,393 [PID 22588] INFO  Verifying model syntax...
2025-01-30 15:54:26,393 [PID 22588] INFO  Finding taint models in `/Users/marwamadni/Documents/StudentJob/PyreResults/CVE-2016-9243/Before`.
2025-01-30 15:54:26,405 [PID 22588] INFO  Verified model syntax: 0.007s
2025-01-30 15:54:26,405 [PID 22588] PERFORMANCE  Verified model syntax: 0.007s
2025-01-30 15:54:26,405 [PID 22588] INFO  Parsing taint models modes...
2025-01-30 15:54:26,405 [PID 22588] INFO  Finding taint models in `/Users/marwamadni/Documents/StudentJob/PyreResults/CVE-2016-9243/Before`.
2025-01-30 15:54:26,405 [PID 22588] INFO  Parsed taint models modes: 0.001s
2025-01-30 15:54:26,405 [PID 22588] PERFORMANCE  Parsed taint models modes: 0.001s
2025-01-30 15:54:26,406 [PID 22588] INFO  Building module tracker...
2025-01-30 15:54:26,631 [PID 22588] PERFORMANCE  Module tracker built: 0.224s
2025-01-30 15:54:26,631 [PID 22588] PERFORMANCE  Full environment built: 0.226s
2025-01-30 15:54:26,631 [PID 22588] INFO  Starting type checking...
2025-01-30 15:54:26,632 [PID 22588] INFO  Found 3762 modules
2025-01-30 15:54:26,632 [PID 22588] INFO  Collecting all definitions...
2025-01-30 15:54:27,348 [PID 22588] INFO <unknown>:625: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:27,578 [PID 22588] INFO <unknown>:341: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:27,963 [PID 22588] INFO <unknown>:158: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:28,459 [PID 22588] INFO <unknown>:98: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:28,459 [PID 22588] INFO <unknown>:111: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:29,142 [PID 22588] INFO <unknown>:198: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:29,556 [PID 22588] INFO <unknown>:74: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:29,556 [PID 22588] INFO <unknown>:215: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,403 [PID 22588] INFO <unknown>:113: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,539 [PID 22588] INFO <unknown>:575: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,540 [PID 22588] INFO <unknown>:576: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,540 [PID 22588] INFO <unknown>:577: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,540 [PID 22588] INFO <unknown>:578: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,540 [PID 22588] INFO <unknown>:579: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,540 [PID 22588] INFO <unknown>:583: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,541 [PID 22588] INFO <unknown>:585: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,541 [PID 22588] INFO <unknown>:604: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,541 [PID 22588] INFO <unknown>:605: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,541 [PID 22588] INFO <unknown>:606: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,541 [PID 22588] INFO <unknown>:607: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,542 [PID 22588] INFO <unknown>:608: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,542 [PID 22588] INFO <unknown>:622: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,542 [PID 22588] INFO <unknown>:624: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,542 [PID 22588] INFO <unknown>:634: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,543 [PID 22588] INFO <unknown>:635: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,543 [PID 22588] INFO <unknown>:636: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,543 [PID 22588] INFO <unknown>:637: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,543 [PID 22588] INFO <unknown>:638: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,689 [PID 22588] INFO <unknown>:324: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:30,689 [PID 22588] INFO <unknown>:339: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:31,183 [PID 22588] INFO <unknown>:442: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:31,184 [PID 22588] INFO <unknown>:451: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:31,592 [PID 22588] INFO <unknown>:2309: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:32,289 [PID 22588] INFO <unknown>:2905: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:32,516 [PID 22588] INFO <unknown>:461: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:32,516 [PID 22588] INFO <unknown>:462: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:32,691 [PID 22588] INFO <unknown>:742: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:32,692 [PID 22588] INFO <unknown>:743: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:32,692 [PID 22588] INFO <unknown>:744: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:32,692 [PID 22588] INFO <unknown>:745: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:32,692 [PID 22588] INFO <unknown>:772: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:32,692 [PID 22588] INFO <unknown>:773: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:32,692 [PID 22588] INFO <unknown>:774: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:32,692 [PID 22588] INFO <unknown>:775: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:32,692 [PID 22588] INFO <unknown>:406: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:32,825 [PID 22588] INFO <unknown>:425: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,055 [PID 22588] INFO <unknown>:302: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,061 [PID 22588] INFO <unknown>:304: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,404 [PID 22588] INFO <unknown>:760: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,404 [PID 22588] INFO <unknown>:761: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,404 [PID 22588] INFO <unknown>:762: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,404 [PID 22588] INFO <unknown>:763: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,405 [PID 22588] INFO <unknown>:764: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,405 [PID 22588] INFO <unknown>:768: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,405 [PID 22588] INFO <unknown>:770: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,405 [PID 22588] INFO <unknown>:792: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,405 [PID 22588] INFO <unknown>:793: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,405 [PID 22588] INFO <unknown>:794: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,405 [PID 22588] INFO <unknown>:795: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,405 [PID 22588] INFO <unknown>:796: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,405 [PID 22588] INFO <unknown>:813: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,406 [PID 22588] INFO <unknown>:815: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,406 [PID 22588] INFO <unknown>:828: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,406 [PID 22588] INFO <unknown>:829: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,406 [PID 22588] INFO <unknown>:830: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,406 [PID 22588] INFO <unknown>:831: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:33,406 [PID 22588] INFO <unknown>:832: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:34,318 [PID 22588] INFO <unknown>:490: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:34,319 [PID 22588] INFO <unknown>:524: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:34,514 [PID 22588] INFO <unknown>:84: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:34,918 [PID 22588] INFO <unknown>:378: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:34,932 [PID 22588] INFO <unknown>:1026: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:35,006 [PID 22588] INFO <unknown>:198: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:35,006 [PID 22588] INFO <unknown>:220: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:35,006 [PID 22588] INFO <unknown>:221: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:35,006 [PID 22588] INFO <unknown>:233: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:35,655 [PID 22588] INFO <unknown>:196: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:36,882 [PID 22588] INFO <unknown>:129: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:36,882 [PID 22588] INFO <unknown>:132: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:36,882 [PID 22588] INFO <unknown>:140: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:36,882 [PID 22588] INFO <unknown>:143: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:54:37,621 [PID 22588] PERFORMANCE  Collected definitions (defines: 93428): 10.984s
2025-01-30 15:54:37,622 [PID 22588] INFO  Found 93428 functions
2025-01-30 15:54:37,634 [PID 22588] INFO  Checking 93428 functions...
2025-01-30 15:54:53,366 [PID 22588] INFO  Processed 4918 of 93428 functions
2025-01-30 15:54:55,874 [PID 22588] INFO  Processed 9836 of 93428 functions
2025-01-30 15:54:57,174 [PID 22588] INFO  Processed 14754 of 93428 functions
2025-01-30 15:54:57,718 [PID 22588] INFO  Processed 19672 of 93428 functions
2025-01-30 15:54:58,212 [PID 22588] INFO  Processed 24590 of 93428 functions
2025-01-30 15:54:58,757 [PID 22588] INFO  Processed 29508 of 93428 functions
2025-01-30 15:55:08,346 [PID 22588] INFO  Processed 34426 of 93428 functions
2025-01-30 15:55:09,308 [PID 22588] INFO  Processed 39344 of 93428 functions
2025-01-30 15:55:14,469 [PID 22588] INFO  Processed 44262 of 93428 functions
2025-01-30 15:55:14,519 [PID 22588] INFO  Processed 49180 of 93428 functions
2025-01-30 15:55:14,672 [PID 22588] INFO  Processed 54098 of 93428 functions
2025-01-30 15:55:15,572 [PID 22588] INFO  Processed 59016 of 93428 functions
2025-01-30 15:55:17,347 [PID 22588] INFO  Processed 63934 of 93428 functions
2025-01-30 15:55:19,454 [PID 22588] INFO  Processed 68852 of 93428 functions
2025-01-30 15:55:24,305 [PID 22588] INFO  Processed 73770 of 93428 functions
2025-01-30 15:55:26,487 [PID 22588] INFO  Processed 78688 of 93428 functions
2025-01-30 15:55:26,736 [PID 22588] INFO  Processed 83606 of 93428 functions
2025-01-30 15:55:26,812 [PID 22588] INFO  Processed 88524 of 93428 functions
2025-01-30 15:55:32,004 [PID 22588] INFO  Processed 93428 of 93428 functions
2025-01-30 15:55:32,005 [PID 22588] PERFORMANCE  Check_TypeCheck: 54.373s
2025-01-30 15:55:32,005 [PID 22588] MEMORY  Shared memory size post-typecheck (size: 148)
2025-01-30 15:55:32,005 [PID 22588] INFO  Computing class hierarchy graph...
2025-01-30 15:55:34,294 [PID 22588] INFO  Computed class hierarchy graph: 2.287s
2025-01-30 15:55:34,295 [PID 22588] PERFORMANCE  Computed class hierarchy graph: 2.288s
2025-01-30 15:55:34,295 [PID 22588] INFO  Computing class intervals...
2025-01-30 15:55:34,345 [PID 22588] INFO  Computed class intervals: 0.044s
2025-01-30 15:55:34,345 [PID 22588] PERFORMANCE  Computed class intervals: 0.044s
2025-01-30 15:55:34,421 [PID 22588] INFO  Fetching initial callables to analyze...
2025-01-30 15:55:37,109 [PID 22588] INFO  Fetched initial callables to analyze: 2.685s
2025-01-30 15:55:37,109 [PID 22588] PERFORMANCE  Fetched initial callables to analyze (definitions: 32036, internals: 11, stubs: 28826): 2.685s
2025-01-30 15:55:37,109 [PID 22588] INFO  Parsing taint models...
2025-01-30 15:55:37,448 [PID 22588] INFO  Finding taint models in `/Users/marwamadni/Documents/StudentJob/PyreResults/CVE-2016-9243/Before`.
2025-01-30 15:55:37,561 [PID 22588] INFO  Parsed taint models: 0.449s
2025-01-30 15:55:37,561 [PID 22588] PERFORMANCE  Parsed taint models (models: 10, queries: 0): 0.449s
2025-01-30 15:55:37,561 [PID 22588] INFO  Computing inferred models...
2025-01-30 15:55:38,864 [PID 22588] INFO  Computed inferred models: 1.315s
2025-01-30 15:55:38,864 [PID 22588] PERFORMANCE  Computed inferred models (models: 766): 1.315s
2025-01-30 15:55:39,165 [PID 22588] INFO  Computing overrides...
2025-01-30 15:55:42,040 [PID 22588] WARNING  `codecs.Codec.decode` has 102 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,041 [PID 22588] WARNING  `codecs.Codec.encode` has 100 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,041 [PID 22588] WARNING  `codecs.IncrementalDecoder.decode` has 85 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,041 [PID 22588] WARNING  `codecs.IncrementalEncoder.encode` has 97 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,042 [PID 22588] WARNING  `lib2to3.fixer_base.BaseFix.transform` has 56 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,042 [PID 22588] WARNING  `libcst._nodes.base.CSTNode._codegen_impl` has 102 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,042 [PID 22588] WARNING  `libcst._nodes.base.CSTNode._visit_and_replace_children` has 119 overrides, this might slow down the analysis con
2025-01-30 15:55:42,042 [PID 22588] WARNING  `object.__eq__` has 319 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,042 [PID 22588] WARNING  `object.__hash__` has 214 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,042 [PID 22588] WARNING  `object.__init__` has 1663 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,042 [PID 22588] WARNING  `object.__ne__` has 75 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,042 [PID 22588] WARNING  `object.__repr__` has 287 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,042 [PID 22588] WARNING  `object.__str__` has 154 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,042 [PID 22588] WARNING  `twisted.internet.protocol.BaseProtocol.connectionMade` has 70 overrides, this might slow down the analysis consi
2025-01-30 15:55:42,042 [PID 22588] WARNING  `twisted.internet.protocol.Protocol.connectionLost` has 60 overrides, this might slow down the analysis considera
2025-01-30 15:55:42,042 [PID 22588] WARNING  `type.__call__` has 249 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,043 [PID 22588] WARNING  `type.__init__` has 1324 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,043 [PID 22588] WARNING  `type.__new__` has 237 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,043 [PID 22588] WARNING  `type.__or__` has 81 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,043 [PID 22588] WARNING  `type.__ror__` has 56 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,043 [PID 22588] WARNING  `typing.Collection.__len__` has 81 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,043 [PID 22588] WARNING  `typing.GenericMeta.__getitem__` has 55 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,043 [PID 22588] WARNING  `typing.Iterable.__iter__` has 63 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,043 [PID 22588] WARNING  `typing.Iterator.__iter__` has 56 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,043 [PID 22588] WARNING  `typing.Iterator.__next__` has 60 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,043 [PID 22588] WARNING  `typing.NamedTuple.__init__` has 156 overrides, this might slow down the analysis considerably.
2025-01-30 15:55:42,118 [PID 22588] INFO  Overrides computed: 2.950s
2025-01-30 15:55:42,119 [PID 22588] PERFORMANCE  Overrides computed: 2.951s
2025-01-30 15:55:42,119 [PID 22588] INFO  Indexing global constants...
2025-01-30 15:55:44,095 [PID 22588] INFO  Finished constant propagation analysis: 1.980s
2025-01-30 15:55:44,095 [PID 22588] PERFORMANCE  Finished constant propagation analysis: 1.980s
2025-01-30 15:55:44,095 [PID 22588] INFO  Building call graph...
2025-01-30 15:57:00,269 [PID 22588] INFO  Call graph built: 76.183s
2025-01-30 15:57:00,270 [PID 22588] PERFORMANCE  Call graph built: 76.184s
2025-01-30 15:57:00,271 [PID 22588] INFO  Computing dependencies...
2025-01-30 15:57:00,746 [PID 22588] INFO  Computed dependencies: 0.471s
2025-01-30 15:57:00,746 [PID 22588] PERFORMANCE  Computed dependencies: 0.471s
2025-01-30 15:57:00,746 [PID 22588] INFO  Purging shared memory...
2025-01-30 15:57:00,796 [PID 22588] PERFORMANCE  Purged shared memory: 0.050s
2025-01-30 15:57:00,797 [PID 22588] INFO  Purging shared memory...
2025-01-30 15:57:00,809 [PID 22588] PERFORMANCE  Purged shared memory: 0.011s
2025-01-30 15:57:00,809 [PID 22588] INFO  Analysis fixpoint started for 16828 overrides and 40 functions......
2025-01-30 15:57:02,781 [PID 22588] PERFORMANCE  Recorded initial models: 1.976s
2025-01-30 15:57:02,781 [PID 22588] INFO  Iteration #0. 19 callables [...]
2025-01-30 15:57:02,903 [PID 22588] INFO  Processed 3 of 19 callables
2025-01-30 15:57:02,904 [PID 22588] INFO  Processed 6 of 19 callables
2025-01-30 15:57:02,904 [PID 22588] INFO  Processed 9 of 19 callables
2025-01-30 15:57:02,917 [PID 22588] INFO  Processed 12 of 19 callables
2025-01-30 15:57:02,929 [PID 22588] INFO  Processed 15 of 19 callables
2025-01-30 15:57:02,942 [PID 22588] INFO  Processed 18 of 19 callables
2025-01-30 15:57:02,942 [PID 22588] INFO  Processed 19 of 19 callables
2025-01-30 15:57:02,942 [PID 22588] INFO  Iteration #0, 19 callables, heap size 0.181GB took 0.16s
2025-01-30 15:57:02,942 [PID 22588] INFO  Iteration #1. 14 callables [...]
2025-01-30 15:57:03,042 [PID 22588] INFO  Processed 3 of 14 callables
2025-01-30 15:57:03,055 [PID 22588] INFO  Processed 6 of 14 callables
2025-01-30 15:57:03,055 [PID 22588] INFO  Processed 9 of 14 callables
2025-01-30 15:57:03,068 [PID 22588] INFO  Processed 11 of 14 callables
2025-01-30 15:57:03,068 [PID 22588] INFO  Processed 14 of 14 callables
2025-01-30 15:57:03,069 [PID 22588] INFO  Iteration #1, 14 callables, heap size 0.181GB took 0.12s
2025-01-30 15:57:03,069 [PID 22588] INFO  Iteration #2. 3 callables [hkdf_before.HKDF.__init__, Overrides{list.__getitem__}, hkdf_before.HKDFExpand._expand]
2025-01-30 15:57:03,081 [PID 22588] INFO  Processed 3 of 3 callables
2025-01-30 15:57:03,082 [PID 22588] INFO  Iteration #2, 3 callables, heap size 0.181GB took 0.01s
2025-01-30 15:57:03,190 [PID 22588] INFO  Found 0 issues
2025-01-30 15:57:03,191 [PID 22588] INFO  Analysis fixpoint complete: 2.384s
2025-01-30 15:57:03,191 [PID 22588] PERFORMANCE  Analysis fixpoint complete (iterations: 3, heap size: 180832256, issues: 0): 2.384s
2025-01-30 15:57:03,191 [PID 22588] PERFORMANCE  Analyze: 156.814s
[]

Sources and sinks for CVE-2012-2417:

def ElGamal_before.generate(bits:TaintSource[ElGamalSource], randfunc, progress_func=...):...
 
def Crypto.Util.number.getPrime(N:TaintSink[ElGamalSink], randfunc): ...

Logs for CVE-2012-2417:

(pysa) marwamadni@Marwas-MacBook-Air Before % pyre --noninteractive analyze
2025-01-30 15:39:45,185 [PID 22066] INFO No binary specified, looking for `pyre.bin` in PATH
2025-01-30 15:39:45,186 [PID 22066] INFO Pyre binary is located at `/opt/homebrew/anaconda3/envs/pysa/bin/pyre.bin`
2025-01-30 15:39:45,186 [PID 22066] INFO Could not determine the number of Pyre workers from configuration. Auto-set the value to 7.
2025-01-30 15:39:45,189 [PID 22066] INFO No typeshed specified, looking for it...
2025-01-30 15:39:45,189 [PID 22066] INFO Found: `/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed`
2025-01-30 15:39:45,190 [PID 22066] INFO Writing arguments into /var/folders/pn/0vbng5w93zd04b05mv8jrzg40000gn/T/pyre_arguments_lcenpfer.json...
2025-01-30 15:39:45,190 [PID 22066] DEBUG Arguments:
{
  "source_paths": {
    "kind": "simple",
    "paths": [
      "/Users/marwamadni/Documents/StudentJob/PyreResults/CVE-2012-2417/Before"
    ]
  },
  "search_paths": [
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$libcst",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$attr",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$typeguard",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$packaging",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$dataclasses_json",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$yaml-stubs",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$Crypto",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$pip",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$twisted",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$django_stubs_ext",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$click",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$marshmallow",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$testslide",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$incremental",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$idna",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$pkg_resources",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$automat",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$asgiref",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$tomli",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$attrs",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$hyperlink",
    "/opt/homebrew/anaconda3/envs/pysa/lib/python3.10/site-packages$mypy",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stdlib",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/ExifRead",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/PyMySQL",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/PyYAML",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/aiofiles",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/boto",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/chevron",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/colorama",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/ldap3",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/mysqlclient",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/paramiko",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/psycopg2",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/pycurl",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/python-dateutil",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/pytz",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/regex",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/requests",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/retry",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/tqdm",
    "/opt/homebrew/anaconda3/envs/pysa/lib/pyre_check/typeshed/stubs/ujson"
  ],
  "excludes": [
    ".*/integration_test/.*"
  ],
  "checked_directory_allowlist": [
    "/Users/marwamadni/Documents/StudentJob/PyreResults/CVE-2012-2417/Before"
  ],
  "checked_directory_blocklist": [],
  "extensions": [],
  "log_path": "/Users/marwamadni/Documents/StudentJob/PyreResults/CVE-2012-2417/Before/.pyre",
  "global_root": "/Users/marwamadni/Documents/StudentJob/PyreResults/CVE-2012-2417/Before",
  "debug": false,
  "python_version": {
    "major": 3,
    "minor": 10,
    "micro": 0
  },
  "shared_memory": {},
  "parallel": true,
  "number_of_workers": 7,
  "inline_decorators": false,
  "infer_self_tito": false,
  "infer_argument_tito": false,
  "no_verify": false,
  "verify_dsl": false,
  "verify_taint_config_only": false,
  "strict": false,
  "taint_model_paths": [
    "/Users/marwamadni/Documents/StudentJob/PyreResults/CVE-2012-2417/Before"
  ],
  "use_cache": false,
  "build_cache_only": false,
  "check_invariants": false,
  "limit_entrypoints": false,
  "compact_ocaml_heap": false,
  "saved_state": {
    "watchman_root": null,
    "project_name": null,
    "preset": null,
    "cache_critical_files": []
  },
  "compute_coverage": false
}
2025-01-30 15:39:45,254 [PID 22066] INFO  Initializing shared memory (heap_size: 8589934592, dep_table_pow: 1, hash_table_pow: 26)
2025-01-30 15:39:45,279 [PID 22066] INFO  Initializing and verifying taint configuration...
2025-01-30 15:39:45,280 [PID 22066] INFO  Initialized and verified taint configuration: 0.000s
2025-01-30 15:39:45,280 [PID 22066] PERFORMANCE  Initialized and verified taint configuration: 0.001s
2025-01-30 15:39:45,280 [PID 22066] INFO  Verifying model syntax...
2025-01-30 15:39:45,280 [PID 22066] INFO  Finding taint models in `/Users/marwamadni/Documents/StudentJob/PyreResults/CVE-2012-2417/Before`.
2025-01-30 15:39:45,280 [PID 22066] INFO  Verified model syntax: 0.001s
2025-01-30 15:39:45,280 [PID 22066] PERFORMANCE  Verified model syntax: 0.001s
2025-01-30 15:39:45,280 [PID 22066] INFO  Parsing taint models modes...
2025-01-30 15:39:45,280 [PID 22066] INFO  Finding taint models in `/Users/marwamadni/Documents/StudentJob/PyreResults/CVE-2012-2417/Before`.
2025-01-30 15:39:45,280 [PID 22066] INFO  Parsed taint models modes: 0.000s
2025-01-30 15:39:45,280 [PID 22066] PERFORMANCE  Parsed taint models modes: 0.000s
2025-01-30 15:39:45,280 [PID 22066] INFO  Building module tracker...
2025-01-30 15:39:45,456 [PID 22066] PERFORMANCE  Module tracker built: 0.169s
2025-01-30 15:39:45,456 [PID 22066] PERFORMANCE  Full environment built: 0.170s
2025-01-30 15:39:45,456 [PID 22066] INFO  Starting type checking...
2025-01-30 15:39:45,456 [PID 22066] INFO  Found 3762 modules
2025-01-30 15:39:45,456 [PID 22066] INFO  Collecting all definitions...
2025-01-30 15:39:45,958 [PID 22066] INFO <unknown>:625: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:46,261 [PID 22066] INFO <unknown>:341: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:46,631 [PID 22066] INFO <unknown>:158: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:47,099 [PID 22066] INFO <unknown>:98: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:47,101 [PID 22066] INFO <unknown>:111: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:47,688 [PID 22066] INFO <unknown>:198: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:48,235 [PID 22066] INFO <unknown>:74: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:48,235 [PID 22066] INFO <unknown>:215: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,008 [PID 22066] INFO <unknown>:113: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,153 [PID 22066] INFO <unknown>:575: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,154 [PID 22066] INFO <unknown>:576: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,154 [PID 22066] INFO <unknown>:577: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,154 [PID 22066] INFO <unknown>:578: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,154 [PID 22066] INFO <unknown>:579: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,154 [PID 22066] INFO <unknown>:583: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,154 [PID 22066] INFO <unknown>:585: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,154 [PID 22066] INFO <unknown>:604: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,155 [PID 22066] INFO <unknown>:605: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,155 [PID 22066] INFO <unknown>:606: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,155 [PID 22066] INFO <unknown>:607: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,155 [PID 22066] INFO <unknown>:608: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,155 [PID 22066] INFO <unknown>:622: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,155 [PID 22066] INFO <unknown>:624: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,155 [PID 22066] INFO <unknown>:634: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,155 [PID 22066] INFO <unknown>:635: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,156 [PID 22066] INFO <unknown>:636: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,156 [PID 22066] INFO <unknown>:637: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,156 [PID 22066] INFO <unknown>:638: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,302 [PID 22066] INFO <unknown>:324: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,302 [PID 22066] INFO <unknown>:339: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,803 [PID 22066] INFO <unknown>:442: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:49,804 [PID 22066] INFO <unknown>:451: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:50,144 [PID 22066] INFO <unknown>:2309: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:50,844 [PID 22066] INFO <unknown>:2905: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:51,019 [PID 22066] INFO <unknown>:461: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:51,020 [PID 22066] INFO <unknown>:462: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:51,224 [PID 22066] INFO <unknown>:742: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:51,224 [PID 22066] INFO <unknown>:743: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:51,225 [PID 22066] INFO <unknown>:744: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:51,225 [PID 22066] INFO <unknown>:745: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:51,225 [PID 22066] INFO <unknown>:772: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:51,225 [PID 22066] INFO <unknown>:773: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:51,225 [PID 22066] INFO <unknown>:774: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:51,225 [PID 22066] INFO <unknown>:775: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:51,286 [PID 22066] INFO <unknown>:406: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:51,503 [PID 22066] INFO <unknown>:425: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:51,611 [PID 22066] INFO <unknown>:302: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:51,611 [PID 22066] INFO <unknown>:304: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,034 [PID 22066] INFO <unknown>:760: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,034 [PID 22066] INFO <unknown>:761: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,034 [PID 22066] INFO <unknown>:762: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,034 [PID 22066] INFO <unknown>:763: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,035 [PID 22066] INFO <unknown>:764: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,035 [PID 22066] INFO <unknown>:768: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,035 [PID 22066] INFO <unknown>:770: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,035 [PID 22066] INFO <unknown>:792: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,035 [PID 22066] INFO <unknown>:793: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,035 [PID 22066] INFO <unknown>:794: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,035 [PID 22066] INFO <unknown>:795: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,035 [PID 22066] INFO <unknown>:796: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,035 [PID 22066] INFO <unknown>:813: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,036 [PID 22066] INFO <unknown>:815: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,036 [PID 22066] INFO <unknown>:828: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,036 [PID 22066] INFO <unknown>:829: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,036 [PID 22066] INFO <unknown>:830: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,036 [PID 22066] INFO <unknown>:831: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,036 [PID 22066] INFO <unknown>:832: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,856 [PID 22066] INFO <unknown>:490: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:52,856 [PID 22066] INFO <unknown>:524: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:53,046 [PID 22066] INFO <unknown>:84: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:53,371 [PID 22066] INFO <unknown>:378: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:53,383 [PID 22066] INFO <unknown>:1026: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:53,576 [PID 22066] INFO <unknown>:198: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:53,577 [PID 22066] INFO <unknown>:220: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:53,577 [PID 22066] INFO <unknown>:221: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:53,577 [PID 22066] INFO <unknown>:233: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:54,060 [PID 22066] INFO <unknown>:196: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:55,260 [PID 22066] INFO <unknown>:129: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:55,260 [PID 22066] INFO <unknown>:132: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:55,260 [PID 22066] INFO <unknown>:140: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:55,260 [PID 22066] INFO <unknown>:143: SyntaxWarning: invalid escape sequence '\N'
2025-01-30 15:39:55,962 [PID 22066] PERFORMANCE  Collected definitions (defines: 93433): 10.513s
2025-01-30 15:39:55,962 [PID 22066] INFO  Found 93433 functions
2025-01-30 15:39:55,975 [PID 22066] INFO  Checking 93433 functions...
2025-01-30 15:40:12,573 [PID 22066] INFO  Processed 4918 of 93433 functions
2025-01-30 15:40:13,455 [PID 22066] INFO  Processed 9836 of 93433 functions
2025-01-30 15:40:14,704 [PID 22066] INFO  Processed 14754 of 93433 functions
2025-01-30 15:40:15,364 [PID 22066] INFO  Processed 19672 of 93433 functions
2025-01-30 15:40:15,694 [PID 22066] INFO  Processed 24590 of 93433 functions
2025-01-30 15:40:15,742 [PID 22066] INFO  Processed 29508 of 93433 functions
2025-01-30 15:40:16,482 [PID 22066] INFO  Processed 34426 of 93433 functions
2025-01-30 15:40:29,035 [PID 22066] INFO  Processed 39344 of 93433 functions
2025-01-30 15:40:29,663 [PID 22066] INFO  Processed 44262 of 93433 functions
2025-01-30 15:40:31,059 [PID 22066] INFO  Processed 49180 of 93433 functions
2025-01-30 15:40:31,555 [PID 22066] INFO  Processed 54098 of 93433 functions
2025-01-30 15:40:33,973 [PID 22066] INFO  Processed 59016 of 93433 functions
2025-01-30 15:40:34,048 [PID 22066] INFO  Processed 63934 of 93433 functions
2025-01-30 15:40:38,288 [PID 22066] INFO  Processed 68852 of 93433 functions
2025-01-30 15:40:42,376 [PID 22066] INFO  Processed 73770 of 93433 functions
2025-01-30 15:40:42,982 [PID 22066] INFO  Processed 78688 of 93433 functions
2025-01-30 15:40:43,594 [PID 22066] INFO  Processed 83606 of 93433 functions
2025-01-30 15:40:43,632 [PID 22066] INFO  Processed 88524 of 93433 functions
2025-01-30 15:40:49,699 [PID 22066] INFO  Processed 93433 of 93433 functions
2025-01-30 15:40:49,699 [PID 22066] PERFORMANCE  Check_TypeCheck: 53.732s
2025-01-30 15:40:49,700 [PID 22066] MEMORY  Shared memory size post-typecheck (size: 148)
2025-01-30 15:40:49,700 [PID 22066] INFO  Computing class hierarchy graph...
2025-01-30 15:40:52,156 [PID 22066] INFO  Computed class hierarchy graph: 2.456s
2025-01-30 15:40:52,156 [PID 22066] PERFORMANCE  Computed class hierarchy graph: 2.456s
2025-01-30 15:40:52,157 [PID 22066] INFO  Computing class intervals...
2025-01-30 15:40:52,207 [PID 22066] INFO  Computed class intervals: 0.043s
2025-01-30 15:40:52,207 [PID 22066] PERFORMANCE  Computed class intervals: 0.044s
2025-01-30 15:40:52,282 [PID 22066] INFO  Fetching initial callables to analyze...
2025-01-30 15:40:55,225 [PID 22066] INFO  Fetched initial callables to analyze: 2.937s
2025-01-30 15:40:55,225 [PID 22066] PERFORMANCE  Fetched initial callables to analyze (definitions: 32041, internals: 16, stubs: 28826): 2.937s
2025-01-30 15:40:55,225 [PID 22066] INFO  Parsing taint models...
2025-01-30 15:40:55,551 [PID 22066] INFO  Finding taint models in `/Users/marwamadni/Documents/StudentJob/PyreResults/CVE-2012-2417/Before`.
2025-01-30 15:40:55,551 [PID 22066] INFO  Parsed taint models: 0.334s
2025-01-30 15:40:55,551 [PID 22066] PERFORMANCE  Parsed taint models (models: 2, queries: 0): 0.334s
2025-01-30 15:40:55,552 [PID 22066] INFO  Computing inferred models...
2025-01-30 15:40:56,805 [PID 22066] INFO  Computed inferred models: 1.255s
2025-01-30 15:40:56,805 [PID 22066] PERFORMANCE  Computed inferred models (models: 766): 1.255s
2025-01-30 15:40:57,094 [PID 22066] INFO  Computing overrides...
2025-01-30 15:40:59,997 [PID 22066] WARNING  `codecs.Codec.decode` has 102 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,997 [PID 22066] WARNING  `codecs.Codec.encode` has 100 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,998 [PID 22066] WARNING  `codecs.IncrementalDecoder.decode` has 85 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,998 [PID 22066] WARNING  `codecs.IncrementalEncoder.encode` has 97 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,998 [PID 22066] WARNING  `lib2to3.fixer_base.BaseFix.transform` has 56 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,998 [PID 22066] WARNING  `libcst._nodes.base.CSTNode._codegen_impl` has 102 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,998 [PID 22066] WARNING  `libcst._nodes.base.CSTNode._visit_and_replace_children` has 119 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,998 [PID 22066] WARNING  `object.__eq__` has 319 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,998 [PID 22066] WARNING  `object.__hash__` has 214 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,998 [PID 22066] WARNING  `object.__init__` has 1661 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,998 [PID 22066] WARNING  `object.__ne__` has 75 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,998 [PID 22066] WARNING  `object.__repr__` has 287 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,998 [PID 22066] WARNING  `object.__str__` has 154 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,998 [PID 22066] WARNING  `twisted.internet.protocol.BaseProtocol.connectionMade` has 70 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,998 [PID 22066] WARNING  `twisted.internet.protocol.Protocol.connectionLost` has 60 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,998 [PID 22066] WARNING  `type.__call__` has 249 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,999 [PID 22066] WARNING  `type.__init__` has 1324 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,999 [PID 22066] WARNING  `type.__new__` has 237 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,999 [PID 22066] WARNING  `type.__or__` has 81 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,999 [PID 22066] WARNING  `type.__ror__` has 56 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,999 [PID 22066] WARNING  `typing.Collection.__len__` has 81 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,999 [PID 22066] WARNING  `typing.GenericMeta.__getitem__` has 55 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,999 [PID 22066] WARNING  `typing.Iterable.__iter__` has 63 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,999 [PID 22066] WARNING  `typing.Iterator.__iter__` has 56 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,999 [PID 22066] WARNING  `typing.Iterator.__next__` has 60 overrides, this might slow down the analysis considerably.
2025-01-30 15:40:59,999 [PID 22066] WARNING  `typing.NamedTuple.__init__` has 156 overrides, this might slow down the analysis considerably.
2025-01-30 15:41:00,062 [PID 22066] INFO  Overrides computed: 2.965s
2025-01-30 15:41:00,062 [PID 22066] PERFORMANCE  Overrides computed: 2.965s
2025-01-30 15:41:00,062 [PID 22066] INFO  Indexing global constants...
2025-01-30 15:41:02,191 [PID 22066] INFO  Finished constant propagation analysis: 2.131s
2025-01-30 15:41:02,191 [PID 22066] PERFORMANCE  Finished constant propagation analysis: 2.131s
2025-01-30 15:41:02,191 [PID 22066] INFO  Building call graph...
2025-01-30 15:42:25,332 [PID 22066] INFO  Call graph built: 83.134s
2025-01-30 15:42:25,333 [PID 22066] PERFORMANCE  Call graph built: 83.136s
2025-01-30 15:42:25,334 [PID 22066] INFO  Computing dependencies...
2025-01-30 15:42:25,647 [PID 22066] INFO  Computed dependencies: 0.317s
2025-01-30 15:42:25,647 [PID 22066] PERFORMANCE  Computed dependencies: 0.317s
2025-01-30 15:42:25,648 [PID 22066] INFO  Purging shared memory...
2025-01-30 15:42:25,696 [PID 22066] PERFORMANCE  Purged shared memory: 0.053s
2025-01-30 15:42:25,696 [PID 22066] INFO  Purging shared memory...
2025-01-30 15:42:25,708 [PID 22066] PERFORMANCE  Purged shared memory: 0.013s
2025-01-30 15:42:25,709 [PID 22066] INFO  Analysis fixpoint started for 16826 overrides and 201 functions......
2025-01-30 15:42:27,688 [PID 22066] PERFORMANCE  Recorded initial models: 1.970s
2025-01-30 15:42:27,688 [PID 22066] INFO  Iteration #0. 103 callables [...]
2025-01-30 15:42:27,784 [PID 22066] INFO  Processed 15 of 103 callables
2025-01-30 15:42:27,797 [PID 22066] INFO  Processed 30 of 103 callables
2025-01-30 15:42:27,797 [PID 22066] INFO  Processed 45 of 103 callables
2025-01-30 15:42:27,810 [PID 22066] INFO  Processed 60 of 103 callables
2025-01-30 15:42:27,823 [PID 22066] INFO  Processed 75 of 103 callables
2025-01-30 15:42:27,836 [PID 22066] INFO  Processed 90 of 103 callables
2025-01-30 15:42:27,874 [PID 22066] INFO  Processed 103 of 103 callables
2025-01-30 15:42:27,874 [PID 22066] INFO  Iteration #0, 103 callables, heap size 0.181GB took 0.19s
2025-01-30 15:42:27,874 [PID 22066] INFO  Iteration #1. 90 callables [...]
2025-01-30 15:42:27,973 [PID 22066] INFO  Processed 13 of 90 callables
2025-01-30 15:42:27,973 [PID 22066] INFO  Processed 26 of 90 callables
2025-01-30 15:42:27,986 [PID 22066] INFO  Processed 39 of 90 callables
2025-01-30 15:42:27,986 [PID 22066] INFO  Processed 52 of 90 callables
2025-01-30 15:42:27,999 [PID 22066] INFO  Processed 65 of 90 callables
2025-01-30 15:42:28,024 [PID 22066] INFO  Processed 78 of 90 callables
2025-01-30 15:42:28,062 [PID 22066] INFO  Processed 90 of 90 callables
2025-01-30 15:42:28,062 [PID 22066] INFO  Iteration #1, 90 callables, heap size 0.181GB took 0.19s
2025-01-30 15:42:28,180 [PID 22066] INFO  Found 0 issues
2025-01-30 15:42:28,180 [PID 22066] INFO  Analysis fixpoint complete: 2.467s
2025-01-30 15:42:28,180 [PID 22066] PERFORMANCE  Analysis fixpoint complete (iterations: 2, heap size: 180867840, issues: 0): 2.467s
2025-01-30 15:42:28,180 [PID 22066] PERFORMANCE  Analyze: 162.911s
[]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@arthaud @yoann-marquer