Torna alle notizie per sviluppatori

Pysa: A Contributor’s Story with Sarthak Khattar

The “Contributor’s Story” series is intended to provide a face and voice to our major open source ccontributors and community members, an overview of the projects they are working on, and the successes and challenges contributors face when developing.

In this blog post, we will be talking to Sarthak Khattar, a Pysa contributor working on a Language Server VSCode extension through the Major League Hacking (MLH) Fellowship.

“I have always been fascinated by the world of open source as working on large collaborative projects is what I greatly enjoy…”

Tell us a little bit about yourself and your current experience in the MLH Fellowship.

I'm interested in security and am most comfortable with Python. I was introduced to MLH Fellowship by one of my friends who is also an open source enthusiast.

Where did you first learn about open source? How did you get started using/contributing?

I first became aware of open source when one of my friends became Google Code-In Finalists and encouraged me to learn more about open source and start contributing as well. However, it was not until October 2020 when I first started contributing via a project called IntelOwl. I started with the primary reason to gain experience for the MLH Fellowship.

Describe the project you are currently working on.

I'm currently working on Pysa, a static taint flow analysis tool built on top of Pyre, a Python typechecker. I'm working on creating a Language Server VSCode extension for Pysa to enable features like syntax highlighting, error checking etc. for .pysa files.

How did you initially go about tackling the issue?

Through the Fellowship, we were given an outline of what the process of development would look like by Graham, one of the maintainers of Pysa. We first created an initial template from the already existing extension for Pyre and proceeded to customize it for Pysa. We also updated several documentation points for setting up the development environment for everything.

What roadblocks or problems have you faced thus far in your contribution?

We ran into several build-from-source issues while setting up the development environment for Pysa. Many of the issues we faced were undocumented so finding their workarounds was tricky and time consuming. There were also some things in the workflow that were optimized for Facebook's internal build system so finding an open source workaround to them took us some time as well.

What is the current status of development?

As of now, we have updated the documentation to include several issues we ran into while building Pyre from source and setting up the development environment. We have also established a base template for the Pysa extension and started working on adding Pysa specific features.

What have you learned about the project, development, or open source thus far?

More than anything else, I feel like I have learnt to use Version Control and virtual environments in Python a lot better than before. Working on Pysa has taught me how to create and manage VSCode extensions, what the Language Server Model is all about and how utilizing the power of Pyre's type-checking and the concept of taint flow analysis tool like Pysa can be used to statically analysis code for potential vulnerabilities, thus, automating the process of securing code and making it safe for production.

What advice would you give future contributors to the open source project?

It's a bit tricky to get acquainted with Pysa at first, but follow the updated docs to get set up. Don't be afraid to make PRs related to small things like correcting documentation or finding a fix for a bug. The maintainers are very encouraging and helpful and opening issues and/or directly keeping in touch will help you get around any roadblocks you might face.

We’d like to thank Sarthak for their continuous contributions to the Facebook Open Source ecosystem. You can follow Sarthak’s work through GitHub.

If you’d like to learn more about Facebook Open Source, follow us on Twitter, Facebook, and YouTube for relevant updates, and check out the Pysa website for how to get started.