Facebook bude a tsaye analyzer (Python Static Analyzer), wanda aka ƙera don gano yuwuwar lahani a cikin lambar Python. An ƙirƙira sabon mai nazari azaman ƙari ga nau'in kayan aikin dubawa kuma ya buga a ma'ajiyar sa. Lambar karkashin lasisin MIT.
Pysa yana ba da bincike game da kwararar bayanai a sakamakon aiwatar da lambar, wanda ke ba ku damar gano yawancin lahani da al'amuran sirri da ke da alaƙa da amfani da bayanai a wuraren da bai kamata ya bayyana ba.
Misali, Pysa na iya bin diddigin amfani da danyen bayanan waje a cikin kiraye-kirayen da ke kaddamar da shirye-shiryen waje, a cikin ayyukan fayil, da kuma ginawar SQL.
Ayyukan mai tantancewa ya zo ne don gano tushen bayanai da kuma kira masu haɗari waɗanda bai kamata a yi amfani da ainihin bayanan ba. Bayanai daga buƙatun yanar gizo (misali, ƙamus na HttpRequest.GET a Django) ana ɗaukarsu azaman tushe, kuma ana ɗaukar kira kamar eval da os.open azaman amfani mai haɗari. Pysa tana bin diddigin bayanai ta hanyar jerin ayyukan kira kuma tana danganta bayanan tushen tare da yuwuwar wurare masu haɗari a cikin lambar. Rashin lahani na yau da kullun da aka gano ta amfani da Pysa matsala ce ta buɗaɗɗen turawa () a cikin dandali na aika saƙon Zulip, wanda ke haifar da wucewa mara ƙazanta na waje lokacin da ake yin thumbnails.
Ƙarfin bin diddigin kwararar bayanai na Pysa na iya don tabbatar da daidai amfani da ƙarin tsarin da kuma ƙayyade yarda da manufofin amfani da bayanan mai amfani. Misali, ana iya amfani da Pysa ba tare da ƙarin saiti ba don bincika ayyukan ta amfani da tsarin Django da Tornado. Pysa kuma na iya gano raunin gama gari a cikin aikace-aikacen yanar gizo, kamar allurar SQL da rubutun giciye (XSS).
A kan Facebook, ana amfani da mai nazari don bincika lambar sabis ɗin Instagram. A cikin kwata na farko na 2020, Pysa ya taimaka gano kashi 44% na duk matsalolin injiniyoyin Facebook da aka samu a cikin lambar sabar-gefen uwar garken Instagram.
Gabaɗaya, tsarin bitar canje-canjen Pysa mai sarrafa kansa ya gano batutuwa 330, waɗanda 49 (15%) an ƙididdige su a matsayin manyan kuma 131 (40%) a matsayin marasa ƙarfi. A cikin shari'o'i 150 (45%) an rarraba matsalolin a matsayin tabbataccen ƙarya.
source: budenet.ru