Logo

Configuring Analyzers

Most analyzers are distributed with default configurations that allow them to run out of the box. For tools that don’t have suitable defaults, Muse provides its own default configurations that are consistent with its philosophy of producing high confidence / high impact findings. Users can override these defaults by providing their own in-repository configuration files specific to the analysis tool being utilized.

See below for more details on the selection of these default configurations.

Infer Quandary

Infer Quandary is an information flow taint analysis tool that detects unwanted flows of data.

Infer looks for a .inferconfig next to the .muse.toml file or .muse directory. If no file is found we insert our default configuration

Our default configuration can be overridden by committing a .inferconfig file to the root of your repo or at a subproject.

Pyre/Pysa

Pysa is the information flow analysis portion of the pyre python static analysis project.

It uses a .pyre_configuration file to define search paths for taint.config and .pysa files. These define stub models and the source/sink definitions.

Our default .pyre_configuration defines the search path to the taint.config, stubs, and typeshed as included in the pyre-check@0.0.59 project.

To modify the .pyre_configuration you can download it next to the .muse.toml file or .muse directory, and update it according to the pysa documentation.

Note that the search path references a virtual environment, this is activated and requirements.txt is pip installed before your analysis is run in order to exclude pyre-check files from the analysis. This saves considerable time