Simon Willison’s Weblog

Subscribe
Atom feed for staticanalysis

3 items tagged “staticanalysis”

2020

Pysa: An open source static analysis tool to detect and prevent security issues in Python code (via) Interesting new static analysis tool for auditing Python for security vulnerabilities—things like SQL injection and os.execute() calls. Built by Facebook and tested extensively on Instagram, a multi-million line Django application.

# 7th August 2020, 8:50 pm / security, python, facebook, staticanalysis, django

A hands-on introduction to static code analysis. Useful tutorial on using the Python standard library tokenize and ast modules to find specific patterns in Python source code, using the visitor pattern.

# 5th May 2020, 12:15 am / compilers, python, staticanalysis

2008

3 and 1/2 minutes to sort a Terabyte, and a look at Hadoop’s code structure. Bill de hÓra uses some clever static analysis tools to explore Hadoop’s 100,000+ lines of code.

# 7th July 2008, 2:15 pm / hadoop, bill-de-hora, staticanalysis, java