Run, debug, and update Pysa taint analysis end-to-end integration tests.
This skill is an open-source, prompt/doc-only test utility with no keys or remote endpoints declared; overall risk is low, limited mainly to ordinary local test execution and repository file access.
No keys, tokens, or other sensitive credentials are required or indicated, and there is no sign of credential misuse.
No remote endpoints or egress targets are listed, and no user-data exfiltration path is described.
The description includes test commands that execute local test and analysis workflows; this is normal behavior for a skill/test tool.
The tool reads repository test sources and companion .models/.cg/.hofcg/.overrides files and may generate .actual files; access appears confined to the declared test tree.
The source is a GitHub open-source repository (facebook/pyre-check), which is auditable; however, the license is undeclared, community adoption is 0 stars, and maintenance status is unknown, limiting supply-chain confidence.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "pysa-integration-tests" skill from askskill: 1. Download https://raw.githubusercontent.com/facebook/pyre-check/main/.llms/skills/pysa-integration-tests/SKILL.md 2. Save it as ~/.claude/skills/pysa-integration-tests/SKILL.md 3. Reload skills and tell me it's ready
Help me diagnose a failing Pysa integration test and update the expected output files under `source/interprocedural_analyses/taint/test/integration`, then explain the before-and-after differences.
A diagnosis of the failure, updated expected files, and a summary of the diffs with validation advice.
I added a new taint-analysis scenario. Create a complete Pysa integration test under `source/interprocedural_analyses/taint/test/integration`, including test inputs and any required `.models`, `.cg`, `.hofcg`, `.overrides`, or expected output files.
A runnable new integration test suite with the necessary files and an explanation of each file’s purpose and assertions.
Review the `.models`, `.cg`, `.hofcg`, and `.overrides` files in this Pysa integration test for consistency, identify any modeling or configuration issues causing unexpected taint-analysis results, and propose fixes.
A consistency review of the test files, root-cause findings, and actionable fixes.
End-to-end integration tests for the Pysa taint analysis engine. Each test is a .py file under source/interprocedural_analyses/taint/test/integration/. Tests run the full taint analysis pipeline and compare output against expected files.
All commands must be run from the source/ directory.
cd source
# Run ALL tests (parallelized with 16 shards)
OUNIT_SHARDS=16 dune exec interprocedural_analyses/taint/test/integrationTest.exe
# Run a SINGLE test (e.g., format.py)
PYSA_INTEGRATION_TEST=format.py dune exec interprocedural_analyses/taint/test/integrationTest.exe
See the "Pyrefly Integration" section in AGENTS.md for how to build the Pyrefly binary.
To run integration tests with Pyrefly:
PYREFLY_BINARY=<path-to-binary> PYSA_INTEGRATION_TEST=format.py dune exec interprocedural_analyses/taint/test/integrationTest.exe
Each test <name>.py may have these companion files:
| File | Required | Purpose |
|---|---|---|
<name>.py | Yes | Python source code to analyze |
<name>.py.pysa | No | Pysa model file: declares sources, sinks, TITO |
<name>.py.config | No | Taint configuration: rules, sources, sinks, options |
<name>.py.models | Yes | Expected output: taint models and issues (JSON) |
<name>.py.cg | Yes | Expected output: call graph |
<name>.py.hofcg | Yes | Expected output: higher-order call graph |
<name>.py.overrides | Yes | Expected output: override graph |
<name>.py.pyrefly.models | No | Expected Pyrefly output: models |
<name>.py.pyrefly.cg | No | Expected Pyrefly output: call graph |
<name>.py.pyrefly.hofcg | No | Expected Pyrefly output: higher-order call graph |
<name>.py.pyrefly.overrides | No | Expected Pyrefly output: overrides |
Default models: When no .pysa and no .config file is present, the test runner automatically provides default test models (_test_sink, _test_source, etc.). When either file is present, the test must be self-contained.
When a test fails because expected output doesn't match:
.actual files for each mismatched output (e.g., format.py.models.actual)diff to compare expected vs actual:diff source/interprocedural_analyses/taint/test/integration/format.py.models \
source/interprocedural_analyses/taint/test/integration/format.py.models.actual
If the test fails with type errors or analysis errors (not output mismatches), the issue is in the Python source or model definitions.
If the output changes are expected (e.g., you intentionally changed the analysis):
# Automatically moves all .actual files to their expected counterparts
facebook/scripts/in_path/pysa-update-expected
This replaces each <name>.py.<ext> with the corresponding <name>.py.<ext>.actual.
Always review the diff before updating — run sl diff after updating to verify changes are intentional.
<name>.py under source/interprocedural_analyses/taint/test/integration/<name>.py.pysa (model file) and/or <name>.py.config (taint config)PYSA_INTEGRATION_TEST=<name>.py dune exec interprocedural_analyses/taint/test/integrationTest.exe
.models, .cg, .hofcg, .overrides filesPYSA_INTEGRATION_TEST, not PYSA_TEST or similar.py extension: Use PYSA_INTEGRATION_TEST=format.py, not formatdune exec must be run from source/…
Understand the Pyre/Pysa architecture and locate key implementations quickly.
Apply the right commit prefix, reviewer, and test plan for code changes.
Debug Pysa false negatives by comparing outputs and locating lost taint flows.
Read, write, and debug Pysa JSON taint models and .models output.
Get idiomatic Relay guidance for React code, debugging, and code reviews.
Write and run Markdown-driven end-to-end tests for Relay apps.