Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Increase Recursion Limit #185

Open
lfatty opened this issue Nov 15, 2018 · 2 comments
Open

Increase Recursion Limit #185

lfatty opened this issue Nov 15, 2018 · 2 comments

Comments

@lfatty
Copy link

lfatty commented Nov 15, 2018

I noticed the error below

RecursionError: maximum recursion depth exceeded while calling a Python object

Is there a way to increase the recursion depth?

@bcaller
Copy link
Collaborator

bcaller commented Nov 16, 2018

You can, but I don't think you really want to increase the recursion depth. The RecursionError usually means that there is a bug in pyt which gets it stuck in an infinite loop when it tries to analyse some code it doesn't handle well. To debug this further we'd need to see the code being analysed, preferably a minimal failing example.

@wchresta
Copy link
Contributor

wchresta commented Jan 18, 2019

Happens when running against twschiller/open-synthesis:

$ python --version
Python 3.6.7

$ pip show python-taint
Name: python-taint
Version: 0.42
Summary: Find security vulnerabilities in Python web applications using static analysis.
Home-page: https://github.com/python-security/pyt
Author: python-security
Author-email: [email protected]
License: GPLv2
Location: /home/brachiel/.local/lib/python3.6/site-packages
Requires: 
Required-by: 

$ git clone https://github.com/twschiller/open-synthesis.git
$ pyt -a Django -r .
Traceback (most recent call last):
  File "/home/user/.local/bin/pyt", line 11, in <module>
    sys.exit(main())
  File "/home/user/.local/lib/python3.6/site-packages/pyt/__main__.py", line 106, in main
    allow_local_directory_imports=args.allow_local_imports
  File "/home/user/.local/lib/python3.6/site-packages/pyt/cfg/make_cfg.py", line 42, in make_cfg
    allow_local_directory_imports
  File "/home/user/.local/lib/python3.6/site-packages/pyt/cfg/expr_visitor.py", line 69, in __init__
    self.init_cfg(node)
  File "/home/user/.local/lib/python3.6/site-packages/pyt/cfg/expr_visitor.py", line 76, in init_cfg
    module_statements = self.visit(node)
  File "/usr/lib/python3.6/ast.py", line 253, in visit
    return visitor(node)
[...]
  File "/usr/lib/python3.6/ast.py", line 253, in visit
    return visitor(node)
  File "/home/user/.local/lib/python3.6/site-packages/pyt/cfg/stmt_visitor.py", line 67, in visit_Module
    return self.stmt_star_handler(node.body)
  File "/home/user/.local/lib/python3.6/site-packages/pyt/cfg/stmt_visitor.py", line 88, in stmt_star_handler
    node = self.visit(stmt)
  File "/usr/lib/python3.6/ast.py", line 253, in visit
    return visitor(node)
  File "/home/user/.local/lib/python3.6/site-packages/pyt/cfg/stmt_visitor.py", line 768, in visit_Expr
    return self.visit(node.value)
  File "/usr/lib/python3.6/ast.py", line 253, in visit
    return visitor(node)
  File "/home/user/.local/lib/python3.6/site-packages/pyt/cfg/expr_visitor.py", line 158, in visit_Str
    return IgnoredNode()
RecursionError: maximum recursion depth exceeded while calling a Python object

A smaller example:

$ pyt -a D openach/views/evidence.py 
Traceback (most recent call last):
  File "/home/user/.local/bin/pyt", line 11, in <module>
    sys.exit(main())
  File "/home/user/.local/lib/python3.6/site-packages/pyt/__main__.py", line 136, in main
    nosec_lines
  File "/home/user/.local/lib/python3.6/site-packages/pyt/vulnerabilities/vulnerabilities.py", line 533, in find_vulnerabilities
    nosec_lines
  File "/home/user/.local/lib/python3.6/site-packages/pyt/vulnerabilities/vulnerabilities.py", line 497, in find_vulnerabilities_in_cfg
    blackbox_mapping
  File "/home/user/.local/lib/python3.6/site-packages/pyt/vulnerabilities/vulnerabilities.py", line 441, in get_vulnerability
    def_use
  File "/home/user/.local/lib/python3.6/site-packages/pyt/vulnerabilities/vulnerabilities.py", line 296, in get_vulnerability_chains
    vuln_chain
  File "/home/user/.local/lib/python3.6/site-packages/pyt/vulnerabilities/vulnerabilities.py", line 296, in get_vulnerability_chains
    vuln_chain
  File "/home/user/.local/lib/python3.6/site-packages/pyt/vulnerabilities/vulnerabilities.py", line 296, in get_vulnerability_chains
    vuln_chain
  [Previous line repeated 991 more times]
  File "/home/user/.local/lib/python3.6/site-packages/pyt/vulnerabilities/vulnerabilities.py", line 287, in get_vulnerability_chains
    if use == sink:
RecursionError: maximum recursion depth exceeded in comparison

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants