When running the open source version of pysa on a codebase, we see a lot of errors such as:
`rest_framework.request.Request.POST` is not part of the environment, no module `rest_framework` in search path.
`aiohttp.client.ClientSession.get` is not part of the environment, no module `aiohttp` in search path.
[...]
This is because we have models (sources and sinks) for many libraries, and we error if we don't find the modeled function or method.
We want to preserve that behavior internally at Meta, because such errors are usually indicating a problem in the configuration.
This is different for open source, we don't expect a given corebase to use all libraries annotated by Pysa.
To prevent this, the idea would be to hide model verification errors of the form "X is not part of the environment" when a given option is provided, either via a command line flag, or better, via a configuration file (such as a taint.config file or the .pyre_configuration file).
When running the open source version of pysa on a codebase, we see a lot of errors such as:
This is because we have models (sources and sinks) for many libraries, and we error if we don't find the modeled function or method. We want to preserve that behavior internally at Meta, because such errors are usually indicating a problem in the configuration. This is different for open source, we don't expect a given corebase to use all libraries annotated by Pysa.
To prevent this, the idea would be to hide model verification errors of the form "X is not part of the environment" when a given option is provided, either via a command line flag, or better, via a configuration file (such as a taint.config file or the .pyre_configuration file).