Pysa: open source static analysis tool

Pysa is an open source static analysis tool developed by Facebook to detect and prevent security issues in Python code. Pysa is a security-focused tool built for Python. It is used to look at the code and analyze how data flows through it.

Pysa is used to verify how Python properly uses certain internal frameworks, which are designed to prevent access to or disclosure of user data based on privacy policies. Pysa also detects common web application security issues, such as XSS and SQL injection. As Zoncolan did for the Hack code, Pysa helped develop the security efforts of the Python application, especially the basic code that powers the Instagram servers.

Pysa a fost dezvoltat bazandu-se pe experienta acumulata cu Zoncolan. Utilizeaza aceiasi algoritmi pentru a efectua analiza statica si chiar impartaseste unele coduri cu Zoncolan. Ca si Zoncolan, Pysa urmareste fluxurile de date printr-un program. Utilizatorul defineste sursele (locurile de unde provin date importante), precum si locurile in care datele din sursa nu ar trebui sa se termine.

For security applications, the most common types of sources are places where user-controlled data enters the application, such as HttpRequest.GET Django dictionary. Pysa performs iterative rounds of analysis to build summaries to determine which functions return data from a source and which functions have parameters that eventually reach a sink. If Pysa finds that a source is eventually connecting to a sink, it reports a problem.