{"id":13468776,"url":"https://github.com/python-security/pyt","last_synced_at":"2025-05-14T19:02:19.734Z","repository":{"id":48540563,"uuid":"72017740","full_name":"python-security/pyt","owner":"python-security","description":"A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications","archived":false,"fork":false,"pushed_at":"2020-12-25T03:47:37.000Z","size":3356,"stargazers_count":2184,"open_issues_count":27,"forks_count":244,"subscribers_count":67,"default_branch":"master","last_synced_at":"2025-04-13T13:18:18.154Z","etag":null,"topics":["abstract-syntax","abstract-syntax-tree","control-flow-graph","dataflow","dataflow-analysis","fixed-point","fixed-point-analysis","flask","program-analysis","pyt","python","python3","security","static-analysis","static-code-analysis","taint","taint-analysis"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/python-security.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-10-26T15:34:48.000Z","updated_at":"2025-04-10T13:31:28.000Z","dependencies_parsed_at":"2022-08-19T21:51:20.453Z","dependency_job_id":null,"html_url":"https://github.com/python-security/pyt","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-security%2Fpyt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-security%2Fpyt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-security%2Fpyt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-security%2Fpyt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/python-security","download_url":"https://codeload.github.com/python-security/pyt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253989991,"owners_count":21995768,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abstract-syntax","abstract-syntax-tree","control-flow-graph","dataflow","dataflow-analysis","fixed-point","fixed-point-analysis","flask","program-analysis","pyt","python","python3","security","static-analysis","static-code-analysis","taint","taint-analysis"],"created_at":"2024-07-31T15:01:18.882Z","updated_at":"2025-05-14T19:02:19.655Z","avatar_url":"https://github.com/python-security.png","language":"Python","readme":".. image:: https://travis-ci.org/python-security/pyt.svg?branch=master\n :target: https://travis-ci.org/python-security/pyt\n\n.. image:: https://readthedocs.org/projects/pyt/badge/?version=latest\n :target: http://pyt.readthedocs.io/en/latest/?badge=latest\n\n.. image:: https://codeclimate.com/github/python-security/pyt/badges/coverage.svg\n :target: https://codeclimate.com/github/python-security/pyt/coverage\n\n.. image:: https://badge.fury.io/py/python-taint.svg\n :target: https://badge.fury.io/py/python-taint\n\n.. image:: https://img.shields.io/badge/PRs-welcome-ff69b4.svg\n :target: https://github.com/python-security/pyt/issues?utf8=%E2%9C%93\u0026q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22+\n\n.. image:: https://img.shields.io/badge/python-v3.6-blue.svg\n :target: https://pypi.org/project/python-taint/\n\n.. image:: https://img.shields.io/badge/Donate-Charity-orange.svg\n :target: https://www.againstmalaria.com/donation.aspx\n\nThis project is no longer maintained\n====================================\n\n**March 2020 Update**: Please go see the amazing `Pysa tutorial`_ that should get you up to speed finding security vulnerabilities in your Python codebase.\n\n`Pyre`_ from Facebook is an amazing project that has a bright future and many smart people working on it.\nI would suggest, if you don't know that much about program analysis, that you understand how PyT works before diving into Pyre. Along with the `README's in most directories`_, there are the original `Master's Thesis`_ and `some slides`_.\nWith that said, **I am happy to review pull requests and give you write permissions if you make more than a few.**\n\nThere were a lot of great contributors to this project, I plan on working on other projects like `detect-secrets`_ and others (e.g. Pyre eventually) in the future if you'd like to work together more :)\n\nIf you are a security engineer with e.g. a Python codebase without type annotations, that Pyre won't handle, I would suggest you replace your sinks with a secure wrapper (something like `defusedxml`_), and alert off any uses of the standard sink. You can use `Bandit`_ to do this since dataflow analysis is not required, but you will have to trim it a lot, due to the high false-positive rate.\n\n.. _Pysa tutorial: https://github.com/facebook/pyre-check/tree/master/pysa_tutorial#pysa-tutorial\n.. _Pyre: https://github.com/facebook/pyre-check\n.. _README's in most directories: https://github.com/python-security/pyt/tree/master/pyt#how-it-works\n.. _Master's Thesis: https://projekter.aau.dk/projekter/files/239563289/final.pdf\n.. _some slides: https://docs.google.com/presentation/d/1JfAykAxR0DcJwwGfHmhrz1RhhKqYsnt5x_GY8CbTp7s\n.. _detect-secrets: https://github.com/Yelp/detect-secrets/blob/master/CHANGELOG.md#whats-new\n.. _defusedxml: https://pypi.org/project/defusedxml/\n.. _Bandit: https://github.com/PyCQA/bandit\n\n\nPython Taint\n============\n\nStatic analysis of Python web applications based on theoretical foundations (Control flow graphs, fixed point, dataflow analysis)\n\n--------\nFeatures\n--------\n\n* Detect command injection, SSRF, SQL injection, XSS, directory traveral etc.\n\n* A lot of customisation possible\n\nFor a look at recent changes, please see the `changelog`_.\n\n.. _changelog: https://github.com/python-security/pyt/blob/master/CHANGELOG.md\n\nExample usage and output:\n\n.. image:: https://raw.githubusercontent.com/KevinHock/rtdpyt/master/readme_static_files/pyt_example.png\n\nInstall\n=======\n\nBefore continuing, make sure you have python3.6 or 3.7 installed.\n\n.. code-block:: python\n\n\tpip install python-taint\n\t✨🍰✨\n\nPyT can also be installed from source. To do so, clone the repo, and then run:\n\n.. code-block:: python\n\n python3 setup.py install\n\nHow it Works\n============\n\nSoon you will find a `README.rst`_ in every directory in the ``pyt/`` folder, `start here`_.\n\n.. _README.rst: https://github.com/python-security/pyt/tree/master/pyt\n.. _start here: https://github.com/python-security/pyt/tree/master/pyt\n\n\nHow to Use\n============\n\n1. Choose a web framework\n\n`The -a option determines which functions will have their arguments tainted`_, by default it is Flask.\n\n2. (optional) Customize source and sink information\n\nUse the ``-t`` option to specify sources and sinks, by default `this file is used`_.\n\n3. (optional) Customize which library functions propagate taint\n\nFor functions from builtins or libraries, e.g. ``url_for`` or ``os.path.join``, use the ``-m`` option to specify whether or not they return tainted values given tainted inputs, by `default this file is used`_.\n\n.. _The -a option determines which functions will have their arguments tainted: https://github.com/python-security/pyt/tree/master/pyt/web_frameworks#web-frameworks\n.. _this file is used: https://github.com/python-security/pyt/blob/master/pyt/vulnerability_definitions/all_trigger_words.pyt\n.. _default this file is used: https://github.com/python-security/pyt/blob/master/pyt/vulnerability_definitions/blackbox_mapping.json\n\n\nUsage\n=====\n\n.. code-block::\n\n usage: python -m pyt [-h] [-a ADAPTOR] [-pr PROJECT_ROOT]\n [-b BASELINE_JSON_FILE] [-j] [-t TRIGGER_WORD_FILE]\n [-m BLACKBOX_MAPPING_FILE] [-i] [-o OUTPUT_FILE]\n [--ignore-nosec] [-r] [-x EXCLUDED_PATHS]\n [--dont-prepend-root] [--no-local-imports]\n targets [targets ...]\n\n required arguments:\n targets source file(s) or directory(s) to be scanned\n\n important optional arguments:\n -a ADAPTOR, --adaptor ADAPTOR\n Choose a web framework adaptor: Flask(Default),\n Django, Every or Pylons\n\n -t TRIGGER_WORD_FILE, --trigger-word-file TRIGGER_WORD_FILE\n Input file with a list of sources and sinks\n\n -m BLACKBOX_MAPPING_FILE, --blackbox-mapping-file BLACKBOX_MAPPING_FILE\n Input blackbox mapping file\n\n optional arguments:\n -pr PROJECT_ROOT, --project-root PROJECT_ROOT\n Add project root, only important when the entry file\n is not at the root of the project.\n\n -b BASELINE_JSON_FILE, --baseline BASELINE_JSON_FILE\n Path of a baseline report to compare against (only\n JSON-formatted files are accepted)\n\n -j, --json Prints JSON instead of report.\n\n -i, --interactive Will ask you about each blackbox function call in\n vulnerability chains.\n\n -o OUTPUT_FILE, --output OUTPUT_FILE\n Write report to filename\n\n --ignore-nosec Do not skip lines with # nosec comments\n\n -r, --recursive Find and process files in subdirectories\n\n -x EXCLUDED_PATHS, --exclude EXCLUDED_PATHS\n Separate files with commas\n\n --dont-prepend-root In project root e.g. /app, imports are not prepended\n with app.*\n\n --no-local-imports If set, absolute imports must be relative to the\n project root. If not set, modules in the same\n directory can be imported just by their names.\n\nUsage from Source\n=================\n\nUsing it like a user ``python3 -m pyt examples/vulnerable_code/XSS_call.py``\n\nRunning the tests ``python3 -m tests``\n\nRunning an individual test file ``python3 -m unittest tests.import_test``\n\nRunning an individual test ``python3 -m unittest tests.import_test.ImportTest.test_import``\n\nContributions\n=============\n\nJoin our slack group: https://pyt-dev.slack.com/ - ask for invite: mr.thalmann@gmail.com\n\n`Guidelines`_\n\n.. _Guidelines: https://github.com/python-security/pyt/blob/master/CONTRIBUTIONS.md\n\n\nVirtual env setup guide\n=======================\n\nCreate a directory to hold the virtual env and project\n\n``mkdir ~/a_folder``\n\n``cd ~/a_folder``\n\nClone the project into the directory\n\n``git clone https://github.com/python-security/pyt.git``\n\nCreate the virtual environment\n\n``python3 -m venv ~/a_folder/``\n\nCheck that you have the right versions\n\n``python3 --version`` sample output ``Python 3.6.0``\n\n``pip --version`` sample output ``pip 9.0.1 from /Users/kevinhock/a_folder/lib/python3.6/site-packages (python 3.6)``\n\nChange to project directory\n\n``cd pyt``\n\nIn the future, just type ``source ~/a_folder/bin/activate`` to start developing.\n","funding_links":[],"categories":["Tools","Python","\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","Python (1887)","Static Code Analysis"],"sub_categories":["Other","\u003ca id=\"c0bec2b143739028ff4ec439e077aa63\"\u003e\u003c/a\u003e漏洞扫描\u0026\u0026挖掘\u0026\u0026发现"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpython-security%2Fpyt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpython-security%2Fpyt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpython-security%2Fpyt/lists"}