[pysa question] Can't model __setitem__ on object of unknown type #981
Description
Hey,
I'm trying to model the obj[key] = value construct on an obj of possibly unknown type. I don't care about the type of obj and want to mark all calls to __setitem__ as a sink.
Example code:
text: str = input()
text1: str = input()
text2: str = input()
class A:
pass
a = A()
def my_func():
foo = getattr(a, text)
foo[text1] = text2
my_func()I've tried adding the sink to dict.__setitem__, and creating the models using the DSL. This is my .pysa file:
@SkipObscure
def getattr(
__o: TaintInTaintOut[Via[customgetattr]],
__name,
__default: TaintInTaintOut[LocalReturn],
) -> TaintSource[CustomGetAttr, ViaValueOf[__name, WithTag["get-name"]]]: ...
@SkipOverrides
@SkipObscure
def dict.__setitem__(
__o: TaintSink[CustomSetItem, ViaValueOf[__name, WithTag["set-name"]], ViaValueOf[__value, WithTag["set-value"]]],
__name,
__value,
): ...
ModelQuery(
name = "get_setitem_calls_funcs",
find = "functions",
where = [name.matches("__setitem__")],
model = [
Parameters(
TaintSink[CustomSetItem],
where=[
index.equals(0)
]
),
],
)
ModelQuery(
name = "get_setitem_calls_methods",
find = "methods",
where = [name.matches("__setitem__")],
model = [
Parameters(
TaintSink[CustomSetItem],
where=[
index.equals(0)
]
),
],
)I've ran pysa with some debugging and got this, which I think is the cause of the issue; pysa cannot figure out what the function call refers to:
19:4-19:24 -> {"__setitem__" -> { call =
(Some { call_targets = [];
new_targets = [];
init_targets = [];
decorated_targets = [];
higher_order_parameters = {};
unresolved =
(CallGraph.Unresolved.True
(CallGraph.Unresolved.BypassingDecorators
CallGraph.Unresolved.UnknownBaseType));
recognized_call = False });
attribute_access = None;
identifier = None; string_format = None
}}
Is there any way to get pysa to use one of the models, even if the base type is unknown?
Thanks in advance