I read that global variables are not taint tracked, and the workaround is as follows according to the doc:

The best workaround is to avoid using globals in your code. If a refactor isn't possible, but you do know what globals should be considered tainted, you can explicitly declare the global tainted in your .pysa files.

My desired sink is a function call from a global logging.Logger object, but i'm not sure how I annotate that in .pysa.

Here is an example:

import logging
from mymodule.secrets import THIS_IS_SECRET

global_secret = THIS_IS_SECRET
logger = logging.getLogger(__file__)

class MyClass:
  def __init__(self):
    logger.info("MyClass Instantiated: %s", global_secret) # this should be sink

my .pysa file may look like

# secret
mymodule.secrets.THIS_IS_SECRET : TaintSource[MySecret]

# logging
def logging.Logger.info(
  self,
  msg: TaintSink[Logging],
  *args: TaintSink[Logging],
  exc_info: TaintSink[Logging],
  stack_info: TaintSink[Logging],
  extra: TaintSink[Logging]
): ...

I know how I'd annotate TaintSource, but not sure how I would annotate TaintSink for the global variable logger.
Could you help me how I would taint track it?

Thank you very much!

I just noticed that annotating the type of logger kind of fixed the issue. Is that a right way to fix it?
e.g.,

logger : logging.Logger = logging.getLogger(__file__)

Hi @anydayeol, yes, that should be a proper fix. Global variables have to be type-annotated so that Pysa understands its type (unlike some local and nonlocal variables), which is used in the analysis.

For future reference, the ability to target global variables has also somewhat recently been added to our model DSL, and you can read more about that here.

Awesome! thanks a lot :D closing the issue