[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-80666":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":8,"htmlUrl":8,"language":9,"languages":8,"totalLinesOfCode":8,"stars":10,"forks":11,"watchers":12,"openIssues":13,"contributorsCount":13,"subscribersCount":13,"size":13,"stars1d":13,"stars7d":13,"stars30d":14,"stars90d":13,"forks30d":13,"starsTrendScore":13,"compositeScore":15,"rankGlobal":8,"rankLanguage":8,"license":8,"archived":16,"fork":16,"defaultBranch":17,"hasWiki":16,"hasPages":16,"topics":18,"createdAt":8,"pushedAt":8,"updatedAt":19,"readmeContent":20,"aiSummary":21,"trendingCount":13,"starSnapshotCount":13,"syncStatus":22,"lastSyncTime":23,"discoverSource":24},80666,"PySemBridge","Ris-1kd\u002FPySemBridge","Ris-1kd",null,"Python",189,17,9,0,141,47.77,false,"main",[],"2026-06-12 04:01:29","# PySemBridge\n\nPySemBridge is an experimental framework for representing and compiling\nPython dynamic semantic bridges for static taint analysis.\n\nThe goal is not to let an LLM directly decide whether a vulnerability exists.\nInstead:\n\n```text\nLLM\u002Fcode analysis proposes Semantic Bridge IR\n -> analyzer adapter compiles IR into facts\u002Fmodels\u002Frules\n -> the static analyzer re-runs taint propagation\n -> complete source-to-sink traces validate the bridge\n```\n\nYASA is the primary backend for the first implementation stage. CodeQL, Pysa,\nand Semgrep adapters can be added as projection backends later.\n\n## Repository Layout\n\n```text\npysembridge\u002F\n ir\u002F Semantic Bridge JSON schema and loader\n adapters\u002Fyasa\u002F YASA external facts compiler\n recognizer\u002F Dynamic semantic gap recognizers\n synthesizer\u002F LLM-assisted bridge generation components\n pipeline\u002F End-to-end analyzer runners\n verifier\u002F Trace and safe-variant validation components\nbridges\u002F Per-CVE Semantic Bridge IR files\nbenchmarks\u002Fpy-bench\u002F Six Python CVE benchmark projects\nexperiments\u002F Reproducible scripts and ignored generated outputs\nintegrations\u002Fyasa\u002F Integrated YASA-sembridge engine copy\ndocs\u002F Tool guide, workflow, and repository structure\n```\n\n## Quick Start\n\nInstall in editable mode:\n\n```bash\npython3 -m pip install -e .\n```\n\nScan any Python project for candidate dynamic semantic gaps:\n\n```bash\npython3 -m pysembridge.cli scan-gaps \\\n --project \u002Fpath\u002Fto\u002Fpython\u002Fproject \\\n --project-name my-project \\\n --output experiments\u002Fresults\u002Fmy-project.gap-candidates.json \\\n --include-features\n```\n\nGenerate a generic candidate Semantic Bridge IR directly from source:\n\n```bash\npython3 -m pysembridge.cli synthesize-generic-bridge \\\n --project \u002Fpath\u002Fto\u002Fpython\u002Fproject \\\n --project-name my-project \\\n --output experiments\u002Fresults\u002Fmy-project.generic-bridge.json\n```\n\nThis source-only mode does not require a CVE manifest or a known broken trace.\nIt classifies potential Python dynamic semantics such as receiver dispatch,\ncontainer element propagation, string construction, attribute indirection,\ndynamic calls, descriptors, metaclasses, context managers, iterators,\nregistered dispatch, async\u002Fconcurrency scheduling, dynamic code execution, and\ntyping-model boundaries. The generated bridge is a candidate semantic\nhypothesis; analyzer verification is still required before treating it as an\nexecutable vulnerability chain. See `docs\u002Frecognizer-dynamic-features.md` for\nthe current recognizer coverage.\n\nCompile the included pyload bridge into YASA external facts:\n\n```bash\npysembridge compile-yasa \\\n --bridge bridges\u002Fcve-2025-55156-pyload\u002Fbridge.json \\\n --output experiments\u002Fresults\u002Fcve-2025-55156-pyload.yasa-facts.json\n```\n\nWithout installing the console script:\n\n```bash\npython3 -m pysembridge.cli compile-yasa \\\n --bridge bridges\u002Fcve-2025-55156-pyload\u002Fbridge.json \\\n --output experiments\u002Fresults\u002Fcve-2025-55156-pyload.yasa-facts.json\n```\n\nEquivalent script:\n\n```bash\nbash experiments\u002Fscripts\u002Fcompile_pyload_yasa.sh\n```\n\nRun the current end-to-end YASA-sembridge pipeline:\n\n```bash\npython3 -m pysembridge.cli run-yasa \\\n --project \u002Fhome\u002Fubuntu\u002Fllm-yasa-repair\u002Fpy-bench\u002Fcve-2025-55156-pyload \\\n --project-name cve-2025-55156-pyload \\\n --output-dir experiments\u002Fresults\u002Ftool-pipeline\u002Fcve-2025-55156-pyload \\\n --yasa-dir \u002Fhome\u002Fubuntu\u002Fllm-yasa-repair\u002FYASA-Engine-sembridge \\\n --rule-config \u002Fhome\u002Fubuntu\u002Fllm-yasa-repair\u002Fpy-result\u002Ftool-rules\u002Fyasa\u002Fcve-2025-55156-pyload-precise.json \\\n --source url \\\n --sink self.c.execute.arg0 \\\n --expected-sink self.c.execute \\\n --expected-trace-contains file_database.py \\\n --expected-trace-contains statuses\n```\n\nThe command performs:\n\n```text\nAST feature recognition\n -> semantic gap classification\n -> bridge synthesis\n -> bridge verification\n -> YASA facts compilation\n -> YASA-sembridge scan\n -> SARIF complete-trace verification\n```\n\n## Current Status\n\nThis repository currently contains:\n\n- Tool-independent Semantic Bridge IR schema.\n- AST-based semantic gap recognizer covering major Python dynamic feature families.\n- Source-only `scan-gaps` candidate generation for arbitrary Python projects.\n- Generic candidate Semantic Bridge IR synthesis for recognized dynamic feature families.\n- Generic auto synthesis pipeline plus one executable pyload-like synthesizer.\n- YASA facts compiler.\n- YASA-sembridge end-to-end pipeline runner.\n- Bridge and SARIF trace verifiers.\n\nThe current recognizer groups feature hits into ten broad semantic gap families;\nsee `docs\u002Frecognizer-dynamic-features.md` for the maintained coverage list.\n\nThe current YASA integration uses report-level completion: YASA emits a baseline\nboundary finding, then PySemBridge facts append an enhanced complete-chain SARIF\nfinding. Analyzer-level propagation injection is the next deeper integration\nstage.\n\n## Test And Validation Snapshot\n\nThe repository includes lightweight regression tests that can be run without\ninstalling the optional YASA backend:\n\n```bash\npython3 -m unittest discover -s tests -v\n```\n\nCurrent expected result:\n\n```text\nRan 5 tests\nOK\n```\n\nThe tests cover Semantic Bridge IR schema validation and AST recognizer\ncoverage for representative dynamic Python features. The CLI entry point can\nalso be checked directly:\n\n```bash\npython3 -m pysembridge.cli --help\n```\n\nFor analyzer-level experiments, `run-yasa` records generated bridge files, YASA\nfacts, SARIF output, and pipeline summaries under `experiments\u002Fresults\u002F`.\nGenerated results are intentionally kept out of version control.\n\n## Development Checks\n\nBefore changing the recognizer, synthesizer, or IR loader, run the regression\nsuite and make sure the CLI still loads:\n\n```bash\npython3 -m unittest discover -s tests -v\npython3 -m pysembridge.cli --help\n```\n\nThe tests are intentionally small and fast. They check the core IR validation\npath and representative AST feature extraction behavior; backend-specific YASA\nruns are kept as reproducible scripts and generated reports under\n`experiments\u002F`.\n\nSee `docs\u002Frepository-structure.md` for the repository layout,\n`docs\u002Frecognizer-dynamic-features.md` for AST recognizer coverage,\n`docs\u002Ftool-development-flow-yasa.md` for the complete PySemBridge workflow,\n`docs\u002Fsecurity-test-report.md` for the security test record, and\n`docs\u002Fyasa-sembridge-tool-guide.md` for the integrated YASA-sembridge usage\nguide. The full modified YASA engine is checked in under\n`integrations\u002Fyasa\u002FYASA-Engine-sembridge\u002F`.\n","PySemBridge 是一个实验性框架,用于表示和编译 Python 动态语义桥接,以支持静态污点分析。其核心功能包括将动态语义转换为中间表示(IR),通过适配器将其编译成事实、模型或规则,并利用静态分析工具进行污点传播和验证。该框架使用 YASA 作为主要后端,未来计划支持 CodeQL、Pysa 和 Semgrep 等其他工具。PySemBridge 适用于需要对 Python 项目中的潜在动态语义漏洞进行深入分析和验证的场景,如安全审计和代码审查。通过提供从源码到汇编的一系列工具,它帮助开发者识别并验证可能存在的复杂动态行为导致的安全问题。",2,"2026-06-11 04:01:35","CREATED_QUERY"]