Python Pygoat靶场漏洞检出能力问题

[dogourd]

对 pygoat 靶场(master分支)无法检出

• OS: Windows 10
• 分支: main

直接克隆YASA-Engine工程，以 main 分支代码进行本地运行，参数如下：

--sourcePath D:/docs/sast/product/2604/pygoat-master
--checkerIds taint_flow_python_input,taint_flow_python_input_inner,taint_flow_python_django_input
--language python
--ruleConfigFile D:/developer/projects/webstorm/YASA-Engine/resource/example-rule-config/rule_config_python.json
--uastSDKPath D:/developer/projects/webstorm/YASA-UAST/parser-Python/dist/uast4py-windows-amd64.exe

uast4py-windows-amd64.exe 文件为根据 YAST-UAST 工程下，release.yml 中被注释的一个 job (build_python_windows)构建得来。

本地变更
因为 Windows 环境下路径分割符问题，本地代码做了一个改动 (file-util.ts)

function loadAllFileTextGlobby(srcFilter: string[], cwd: string): FileContent[] {
    ...
    - res.push({ file: filepath, content })
    + res.push({ file: filepath.replace(/\\/g, '/'), content })
    ...
}

其他无变更，运行后无 report.sarif 文件生成。

部分控制台输入如下：

[YASA] Executing symbolInterpret
EntryPoint [/manage.main] is executing
EntryPoint [/uninstaller.main] is executing
EntryPoint [D:/docs/sast/product/2604/pygoat-master/manage.py] is executing 
EntryPoint [D:/docs/sast/product/2604/pygoat-master/PyGoatBot.py] is executing 
EntryPoint [D:/docs/sast/product/2604/pygoat-master/setup.py] is executing 
EntryPoint [D:/docs/sast/product/2604/pygoat-master/uninstaller.py] is executing 
[YASA] Completed symbolInterpret, cost: 324ms, heap: 46.82/101.9 MB, rss: 165.26 MB, arrayBuffers: 2.06 MB
Found 4 potential output strategy files
Registered strategy: callchain from callchain-output-strategy.ts
Registered strategy: callgraph from callgraph-output-strategy.ts
Registered strategy: interactive from interactive-output-strategy.ts
Registered strategy: taintflow from taint-output-strategy.ts
Successfully registered 4 output strategies

=======================  outputFindings  =======================
================================================================

analyze done

请问这个是需要用户主动扩充规则吗？还是工具没有覆盖到该靶场检出能力