In this digital age, application security issues are a major concern. A tool for detecting security problems in a Python-based application is the latest development from Facebook. The open source tool Pysa (Python Static Analyzer) examines how data flows through code. Splitting information streams is valuable because numerous security and protection issues can be displayed as an information stream in a place where it shouldn’t.
Works by Pysa
- The user defines sources (the places where important data comes from) and sinks (the place where the code generated at the source should not flow).
- Pysa conducts iterative rounds of investigation to create synopses to find out which functions return information from a source and which functions have limits that can get to a sink in the long run. Pysa reports a problem when it detects that a source may be connecting to a sink.
It is used internally by Facebook on Instagram. Used to review the technician’s suggested code change for security and protection issues and to prevent them from appearing in the code base to differentiate the existing issues in a code base.
Limitations of Pysa:
- False positives and false negatives
- False-positive: It occurs when the tool reports a false problem
- False Negative: This occurs when the tool does not indicate a problem present in the application.
Pysa is designed to avoid false negative results and to find as many problems as possible. This method can compromise the false positive result.
To avoid this, Pysa uses two functions: disinfectant and functions.
- Pysa can detect data flow problems and not all security and privacy problems.
Note: We are not the author of this content. For the Authentic and complete version,
Check its Original Source