-
Notifications
You must be signed in to change notification settings - Fork 240
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fails on Python 3.9.0 #207
Comments
Hi I've been looking at this and pyre-check. I've found myself looking at this issue because I can't be bothered with setting up a bunch of config files with pyre-check - anyway, I've managed to stop things crashing At the following line File "/root/.local/pipx/venvs/python-taint/lib/python3.9/site-packages/pyt/helper_visitors/label_visitor.py", line 190, in slicev
self.visit(node.value) Change Output: 21 vulnerabilities found (plus 3 sanitised):
Vulnerability 1:
File: .\XSS.py
> User input at line 6, source "request.args.get(":
~call_1 = ret_request.args.get('param', 'not set')
Reassigned in:
File: .\XSS.py
> Line 6: param = ~call_1
File: .\XSS.py
> reaches line 9, sink "replace(":
~call_5 = ret_html.replace('{{ param }}', param)
[...] Given that this is now an unsupported project I'm wondering if you (and anyone else) would see the value in me/ a group or enthusiastic python devs creating a fork for python 3.9? |
I've decided to maintain this for the foreseeable future: https://github.com/FHPythonUtils/PyTaintX |
Would you like to maintain the non-fork @FredHappyface? i.e. this repo. You'd certainly get more views/contributions, maintaining this repo. |
(Happy to still mention your repo at the top of the README of this one, if not.) |
Yeah I'd love to maintain the non fork! (Would be good to have issues in one place too) Edit: clarify that I'd be interested in maintaining the non forked repo |
Thanks, I'll ask @Thalmann and @StefanMich to give you the same access as I have. |
Thank you |
Looks like pyt took a dependency on a private attribute that has disappeared. Yes. I saw the tool is no longer maintained, but it used to at least run on 3.8.x
The text was updated successfully, but these errors were encountered: