Open lfatty opened 5 years ago
bcaller
commented
5 years ago You can, but I don't think you really want to increase the recursion depth. The RecursionError usually means that there is a bug in pyt which gets it stuck in an infinite loop when it tries to analyse some code it doesn't handle well. To debug this further we'd need to see the code being analysed, preferably a minimal failing example.
wchresta
commented
5 years ago Happens when running against twschiller/open-synthesis:
$ python --version
Python 3.6.7
$ pip show python-taint
Name: python-taint
Version: 0.42
Summary: Find security vulnerabilities in Python web applications using static analysis.
Home-page: https://github.com/python-security/pyt
Author: python-security
Author-email: mr.thalmann@gmail.com
License: GPLv2
Location: /home/brachiel/.local/lib/python3.6/site-packages
Requires:
Required-by:
$ git clone https://github.com/twschiller/open-synthesis.git
$ pyt -a Django -r .
Traceback (most recent call last):
File "/home/user/.local/bin/pyt", line 11, in <module>
sys.exit(main())
File "/home/user/.local/lib/python3.6/site-packages/pyt/__main__.py", line 106, in main
allow_local_directory_imports=args.allow_local_imports
File "/home/user/.local/lib/python3.6/site-packages/pyt/cfg/make_cfg.py", line 42, in make_cfg
allow_local_directory_imports
File "/home/user/.local/lib/python3.6/site-packages/pyt/cfg/expr_visitor.py", line 69, in __init__
self.init_cfg(node)
File "/home/user/.local/lib/python3.6/site-packages/pyt/cfg/expr_visitor.py", line 76, in init_cfg
module_statements = self.visit(node)
File "/usr/lib/python3.6/ast.py", line 253, in visit
return visitor(node)
[...]
File "/usr/lib/python3.6/ast.py", line 253, in visit
return visitor(node)
File "/home/user/.local/lib/python3.6/site-packages/pyt/cfg/stmt_visitor.py", line 67, in visit_Module
return self.stmt_star_handler(node.body)
File "/home/user/.local/lib/python3.6/site-packages/pyt/cfg/stmt_visitor.py", line 88, in stmt_star_handler
node = self.visit(stmt)
File "/usr/lib/python3.6/ast.py", line 253, in visit
return visitor(node)
File "/home/user/.local/lib/python3.6/site-packages/pyt/cfg/stmt_visitor.py", line 768, in visit_Expr
return self.visit(node.value)
File "/usr/lib/python3.6/ast.py", line 253, in visit
return visitor(node)
File "/home/user/.local/lib/python3.6/site-packages/pyt/cfg/expr_visitor.py", line 158, in visit_Str
return IgnoredNode()
RecursionError: maximum recursion depth exceeded while calling a Python object
A smaller example:
$ pyt -a D openach/views/evidence.py
Traceback (most recent call last):
File "/home/user/.local/bin/pyt", line 11, in <module>
sys.exit(main())
File "/home/user/.local/lib/python3.6/site-packages/pyt/__main__.py", line 136, in main
nosec_lines
File "/home/user/.local/lib/python3.6/site-packages/pyt/vulnerabilities/vulnerabilities.py", line 533, in find_vulnerabilities
nosec_lines
File "/home/user/.local/lib/python3.6/site-packages/pyt/vulnerabilities/vulnerabilities.py", line 497, in find_vulnerabilities_in_cfg
blackbox_mapping
File "/home/user/.local/lib/python3.6/site-packages/pyt/vulnerabilities/vulnerabilities.py", line 441, in get_vulnerability
def_use
File "/home/user/.local/lib/python3.6/site-packages/pyt/vulnerabilities/vulnerabilities.py", line 296, in get_vulnerability_chains
vuln_chain
File "/home/user/.local/lib/python3.6/site-packages/pyt/vulnerabilities/vulnerabilities.py", line 296, in get_vulnerability_chains
vuln_chain
File "/home/user/.local/lib/python3.6/site-packages/pyt/vulnerabilities/vulnerabilities.py", line 296, in get_vulnerability_chains
vuln_chain
[Previous line repeated 991 more times]
File "/home/user/.local/lib/python3.6/site-packages/pyt/vulnerabilities/vulnerabilities.py", line 287, in get_vulnerability_chains
if use == sink:
RecursionError: maximum recursion depth exceeded in comparison
I noticed the error below
Is there a way to increase the recursion depth?