Is there any way to check the reachability to an attribute/member from main().!!
The members of this struct
struct Distance
{
int feet;
float inch;
} dist1, dist2, sum;can be queried like
joern> cpg.typeDecl.name("Distance").member.name.p
res10: List[String] = List("feet", "inch")
@itsacoderepo Yes, I am able to query them. What I want to know is that is it possible to track the dataflow.!!
Suppose, I have the following code with student struct, which has been initialized from main() with values through scanf(), whereas we are using another method to get those variable to print in display(). How will you track the reachability matrix here, to be precise I want to create the DDG/PDG for the following snippet.
Suppose, I have the following code with student struct, which has been initialized from main() with values through scanf(), whereas we are using another method to get those variable to print in display(). How will you track the reachability matrix here, to be precise I want to create the DDG/PDG for the following snippet.
#include <stdio.h>
struct student {
char name[50];
int age;
};
// function prototype
void display(struct student s);
int main() {
struct student s1;
printf("Enter name: ");
// read string input from the user until \n is entered
// \n is discarded
scanf("%[^\n]%*c", s1.name);
printf("Enter age: ");
scanf("%d", &s1.age);
display(s1); // passing struct as an argument
return 0;
}
void display(struct student s) {
printf("\nDisplaying information\n");
printf("Name: %s", s.name);
printf("\nAge: %d", s.age);
}
Hi is there a possibility to extract the nodes which have error in the parsing, I need to extract all the lines which were not parsed because not recognize by it, lines which contains strange behaviour like this
xmlBufAdd(buf, BAD_CAST """, 6);
CHECK_COMPAT(buf) // this is a macro definitionI tried with this query cpg.all.filter(.isEmpty == false).map(.location.lineNumber).dedup.toJson but sometimes it removes more than the errors
int
xmlBufWriteQuotedString(xmlBufPtr buf, const xmlChar *string) {
//-- removed line -- const xmlChar *cur, *base;
if ((buf == NULL) || (buf->error))
return(-1);
//-- removed line -- CHECK_COMPAT(buf)
if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE)
return(-1);
if (xmlStrchr(string, '\"')) {
if (xmlStrchr(string, '\'')) {
//-- removed line -- #ifdef DEBUG_BUFFER
xmlGenericError(xmlGenericErrorContext,
"xmlBufWriteQuotedString: string contains quote and double-quotes !\n");
//-- removed line -- #endif
xmlBufCCat(buf, "\"");
base = cur = string;
while(*cur != 0){
if(*cur == '"'){
if (base != cur)
xmlBufAdd(buf, base, cur - base);
//-- removed line -- xmlBufAdd(buf, BAD_CAST """, 6);
cur++;
base = cur;
}
else {
cur++;
}
}
if (base != cur)
xmlBufAdd(buf, base, cur - base);
xmlBufCCat(buf, "\"");
}
else{
xmlBufCCat(buf, "\'");
xmlBufCat(buf, string);
xmlBufCCat(buf, "\'");
}
} else {
xmlBufCCat(buf, "\"");
xmlBufCat(buf, string);
xmlBufCCat(buf, "\"");
}
return(0);
}
a preview on a binary front end for joern ^ ;)
This is how you would use it:
./joern-parse --preprocessor-executable fuzzyppcli/fuzzyppcli ~/targets/c/hwinfo/
Hi all, I'm a phpjoern user, and still used the old version joern 5 years ago. I see the new joern has supported php now, but I not sure how to use it. I try to run the codepropertygraph , but I am not very familiar for Scala. I want to know how can I transfer my work to the new joern version, very grateful, thank you~
@mipeal This should be what you are looking for, right? ^
Hm... still stuck with the same issue on the new version
def source = cpg.method.name("outerFunc").parameter
def sink = cpg.call.argument.inCall.nameExact(Operators.indirection)
sink.reachableByFlows(source).p
is there any way to verify on which version I currently run?
But, now that I kept fiddling with that, I can tell that ShiftLeftSecurity/codepropertygraph#1172 is not the issue since I now use a much shorter flow
instead of looking for parameters into the innerFunc, I am using the arguments from inner func -> to indirection operation on these parameters and it finds no path
I would still like to know what version I am running just to verify
importCode("/tmp/testcode")
run.ossdataflow
def source = cpg.method.name("outerFunc").parameter
def sink = cpg.call.argument.inCall.nameExact(Operators.indirection)
sink.reachableByFlows(source).p
Maybe you have missed
run.ossdataflow ?
The screenshot is from a fresh joern install doing
wget https://github.com/ShiftLeftSecurity/joern/releases/latest/download/joern-install.sh
chmod +x ./joern-install.sh
./joern-install.sh
Ok, I think I understood the mistake
at least there was no use case for this for us
but you can wrap it like:
def searchAll(sourceName:String, sinkName:String) = {
val method = cpg.method.name(sourceName)
val params = method.parameter
val locals = method.local.referencingIdentifiers
def sink = cpg.method.name(sinkName).parameter
sink.reachableByFlows(params).p
sink.reachableByFlows(locals).p
}
That's weird.
def path0 = cpg.method.name("outerOuterFunc").local.referencingIdentifiers
def path1 = cpg.method.name("outerFunc").parameter
def path2 = cpg.call.argument.inCall.nameExact(Operators.indirection)
path2.reachableByFlows(path1).p # Returns paths
path0.reachableByFlows(path1).p # Returns paths
path2.reachableByFlows(path0).p # Doesn't return paths
are you still using this code:
void outerFunc(const uint8 *bitString,
const uint32 lengthOfParentElement,
uint16* bitStringLength,
uint16* bitStringStartPtr,
uint8* numberOfPaddingBits)
{
if ((bitString[0] & 0x1Fu) != 0x03u) {
return CRYPTO_E_NOK;
}
innerFunc(bitString, lengthOfParentElement, bitStringLength, bitStringStartPtr);
*numberOfPaddingBits =(uint8) (bitString[*bitStringStartPtr] & 7u);
(*bitStringStartPtr)++;
(*bitStringLength)--;
return CRYPTO_E_OK;
}
the method does not have any locals