13th August 2020, Kathmandu
Facebook has open-sourced Pysa through GitHub, an open-source repository. Pysa is an app that finds and fixes bugs. The app analyzes the code and how data flows through it. Pysa is an acronym for Python Statistic Analyzer.
It is a security tool built upon Facebook’s type checker for Python. Pysa helps detect a wide range of issues. It detects common web app security issues and vulnerable code snippets. And it helps Facebook scale their application security issues for Python.
“Pysa is an automated analyzer that controls quality and security in the codebase.”, said Facebook.
Python’s code base powers the millions of Instagram’s servers. To manage such codebases, security tools like Pysa are essential. Pysa identifies bugs in almost real-time whereas reviewing manually takes days. The quick response helps them eliminate issues before it reaches their system.
“We’ve made it open-sourced with many definitions to help it find security issues”, stated Facebook on Saturday. Pysa detected 44% security bugs in Instagram’s server-side Python.
Facebook also built a statistic-analysis tool Zoncolan. It helps in analyzing more than 100 million lines of the Hack Code. Engineers have prevented numerous security issues through Zoncolan.
“The success of Zoncolan is what motivated us to build Pysa”, said Facebook. Internally built by Facebook, Pysa is fine-tuned through months of testing and improvements.
Another upside of Pysa is its extendability. The tool can be extended to adapt to other frameworks easily.