Facebook
Pysa provides analysis of data flow as a result of code execution, which allows you to identify many potential vulnerabilities and privacy issues associated with the use of data in places where it should not appear.
For example, Pysa can track the use of raw external data in calls that launch external programs, in file operations, and in SQL constructs.
The work of the analyzer is reduced to determining the sources of data and dangerous calls in which the source data should not be used. Data from web requests is considered as a source (for example, the HttpRequest.GET dictionary in Django), and calls like eval and os.open are considered as dangerous uses. Pysa tracks data as it passes through the chain of function calls and associates the original data with potentially dangerous places in the code. As a typical vulnerability identified using Pysa, the problem with an open redirect is mentioned (
Pysa's ability to track data flows can
In Facebook, the analyzer is used to check the code of the Instagram service. In the first quarter of 2020, Pysa helped identify 44% of all issues found by Facebook engineers in the Instagram back-end codebase.
A total of 330 problems were identified during the automated change check process using Pysa, 49 (15%) of which were rated as significant, and 131 (40%) were not serious. In 150 cases (45%) the problems were classified as false positives.
Source: opennet.ru