Facebook has recently released Pysa as open source after its success with Instagram security. The tool specifically aims at security teams facilitating bug fixes.
Facebook released its internally-developed Pysa security tool.
Based on the open-source code of Pyre project, Facebook designed Pysa as a static code analyzer. The tool specifically looks for security bugs, unlike most other analyzers.
Facebook decided to opensource the tool after witnessing its success in security Instagram. The tech giant’s internal team used the tool for identifying various bugs. Sharing the details of the tool in a post, Facebook stated,
Regarding its working, Facebook revealed that it works similar to Zoncolan – another Facebook tool.
It tracks the flow of data through a program. Eventually, the tool assists in analyzing huge codebases with millions of lines of codes.
In brief, it builds summaries by repeatedly analyzing the functions and noting whether the return data comes from source (point of origin of important data) or the sink (points where source data should not end). In the latter case, the tool reports the issue.