[Fall 2021] Step 3: Add validation for taint.config files

[onionymous]

Pysa rules, sources, sinks and other taint information are specified in JSON taint.config files. Multiple taint.config files can be specified in one project. When Pysa is run, it looks at all the taint.config files specified in the "taint_models_path" of the .pyre_configuration file for that project, and reads the rules, source/sink names, etc. from all of these files.

The goal of this project is to add validation for these taint.config files.

Validation of keys

Right now, when we parse taint.config files, we simply pull out the keys that we recognize and use them. If there's an invalid key, for example:

"sources": [
    {
      "name": "Cookies",
      "coment": "used to annotate cookie sources" // typo in key
    },

there's no error informing the user they've made a mistake.

For this task, look at our existing taint.config files (this is a good example) and determine what the valid and required keys should be. We then want to print out an error message if an unknown key is found in the JSON or if a required key (e.g. rule code, etc.) is not found.

Implementation

The taint.config file is parsed in taintConfiguration.ml. This will most likely be where we want to add the new validation logic.

[abishekvashok]

Closed via https://github.com/facebook/pyre-check/commit/d0b1c16313d82785e4b482b998dad0e01351a143