Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pathological code causes RecursionError #149

Open
bcaller opened this issue Jul 23, 2018 · 1 comment
Open

Pathological code causes RecursionError #149

bcaller opened this issue Jul 23, 2018 · 1 comment

Comments

@bcaller
Copy link
Collaborator

bcaller commented Jul 23, 2018
edited

I noticed some code I had crashed pyt. I managed to reduce it to what I think is the minimum required for the RecursionError. In the original code we had a source which reached a sink and then further operations were carried out on the return value of the sink function.

def f(x):  # having this function defined is optional
    return 123


@blueprint.route("/x/<query>/", methods=["POST"])
def bad_route(query):
    if 123:
        res = execute(query)
    else:
        res = execute(query)

    for r in res:
        r["a"] = f(r)

If I collapse the if statement simply to res = execute(query) there is no RecursionError. If r["a"] = f(r) is replaced by r["a"] = r["b"] there is no RecursionError.

Traceback (most recent call last):
  File "/usr/lib/python3.6/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/pack/pyt/pyt/__main__.py", line 141, in <module>
    main()
  File "/pack/pyt/pyt/__main__.py", line 125, in main
    nosec_lines
  File "/pack/pyt/pyt/vulnerabilities/vulnerabilities.py", line 547, in find_vulnerabilities
    nosec_lines
  File "/pack/pyt/pyt/vulnerabilities/vulnerabilities.py", line 509, in find_vulnerabilities_in_cfg
    blackbox_mapping
  File "/pack/pyt/pyt/vulnerabilities/vulnerabilities.py", line 451, in get_vulnerability
    def_use
  File "/pack/pyt/pyt/vulnerabilities/vulnerabilities.py", line 299, in get_vulnerability_chains
    vuln_chain
  File "/pack/pyt/pyt/vulnerabilities/vulnerabilities.py", line 299, in get_vulnerability_chains
    vuln_chain
  File "/pack/pyt/pyt/vulnerabilities/vulnerabilities.py", line 299, in get_vulnerability_chains
    vuln_chain
  [Previous line repeated 987 more times]
  File "/pack/pyt/pyt/vulnerabilities/vulnerabilities.py", line 290, in get_vulnerability_chains
    if use == sink:
RecursionError: maximum recursion depth exceeded in comparison

Not sure what is going on.
@KevinHock
Copy link
Collaborator

I wrote this code in #81 :) I'll try to fix it after my current PR is merged, (just have inner_most_function_call equivalent in my expr_star_handler function left, I think, atm, along with existing tests.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@KevinHock @bcaller