Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
Md Mujahid Islam Peal
@mipeal
I am new to joern. I was analysing some OO codes in C++. Is there any way to track dataflow in member of a class from main(). Above I am attaching the code snippet and AST^:
Niko Schmidt
@itsacoderepo
Hi and welcome @mipeal! The improvement of the C++ handling is on our todo list :).
Md Mujahid Islam Peal
@mipeal
@itsacoderepo , in that case -> how to handle a member attribute of struct (assuming the above code on C).
Is there any way to check the reachability to an attribute/member from main().!!
Niko Schmidt
@itsacoderepo
You can query structs like classes

The members of this struct

struct Distance
{
    int feet;
    float inch;
} dist1, dist2, sum;

can be queried like

joern> cpg.typeDecl.name("Distance").member.name.p 
res10: List[String] = List("feet", "inch")
Md Mujahid Islam Peal
@mipeal
@itsacoderepo Yes, I am able to query them. What I want to know is that is it possible to track the dataflow.!!
Suppose, I have the following code with student struct, which has been initialized from main() with values through scanf(), whereas we are using another method to get those variable to print in display(). How will you track the reachability matrix here, to be precise I want to create the DDG/PDG for the following snippet.
#include <stdio.h>
struct student {
   char name[50];
   int age;
};

// function prototype
void display(struct student s);

int main() {
   struct student s1;

   printf("Enter name: ");

   // read string input from the user until \n is entered
   // \n is discarded
   scanf("%[^\n]%*c", s1.name);

   printf("Enter age: ");
   scanf("%d", &s1.age);

   display(s1); // passing struct as an argument

   return 0;
}

void display(struct student s) {
   printf("\nDisplaying information\n");
   printf("Name: %s", s.name);
   printf("\nAge: %d", s.age);
}
mecelc
@mecelc

Hi is there a possibility to extract the nodes which have error in the parsing, I need to extract all the lines which were not parsed because not recognize by it, lines which contains strange behaviour like this

xmlBufAdd(buf, BAD_CAST "&quot;", 6);
CHECK_COMPAT(buf) // this is a macro definition

I tried with this query cpg.all.filter(.isEmpty == false).map(.location.lineNumber).dedup.toJson but sometimes it removes more than the errors

int
xmlBufWriteQuotedString(xmlBufPtr buf, const xmlChar *string) {
//-- removed line --     const xmlChar *cur, *base;
    if ((buf == NULL) || (buf->error))
        return(-1);
//-- removed line --     CHECK_COMPAT(buf)
    if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE)
        return(-1);
    if (xmlStrchr(string, '\"')) {
        if (xmlStrchr(string, '\'')) {
//-- removed line -- #ifdef DEBUG_BUFFER
        xmlGenericError(xmlGenericErrorContext,
 "xmlBufWriteQuotedString: string contains quote and double-quotes !\n");
//-- removed line -- #endif
        xmlBufCCat(buf, "\"");
            base = cur = string;
            while(*cur != 0){
                if(*cur == '"'){
                    if (base != cur)
                        xmlBufAdd(buf, base, cur - base);
//-- removed line --                     xmlBufAdd(buf, BAD_CAST "&quot;", 6);
                    cur++;
                    base = cur;
                }
                else {
                    cur++;
                }
            }
            if (base != cur)
                xmlBufAdd(buf, base, cur - base);
        xmlBufCCat(buf, "\"");
    }
        else{
        xmlBufCCat(buf, "\'");
            xmlBufCat(buf, string);
        xmlBufCCat(buf, "\'");
        }
    } else {
        xmlBufCCat(buf, "\"");
        xmlBufCat(buf, string);
        xmlBufCCat(buf, "\"");
    }
    return(0);
}
a preview on a binary front end for joern ^ ;)
Niko Schmidt
@itsacoderepo
@mecelc maybe the pre-processor, which comes with joern, could help you
This is how you would use it:
./joern-parse --preprocessor-executable fuzzyppcli/fuzzyppcli ~/targets/c/hwinfo/
Niko Schmidt
@itsacoderepo
or i have misunderstood your question
i0hex
@iohehe
Hi all, I'm a phpjoern user, and still used the old version joern 5 years ago. I see the new joern has supported php now, but I not sure how to use it. I try to run the codepropertygraph , but I am not very familiar for Scala. I want to know how can I transfer my work to the new joern version, very grateful, thank you~
Niko Schmidt
@itsacoderepo
The reason why you see PHP related PRs is that we are working on a "new" php frontend, it is not public yet. I hope it will be available somewhere around the beginning of Q4, this year.
i0hex
@iohehe
@itsacoderepo well, thanks you~
Niko Schmidt
@itsacoderepo
image.png
@mipeal This should be what you are looking for, right? ^
mecelc
@mecelc

Hi @itsacoderepo I haven't understood very well your answer. I need to extract the line which have problem in the parsing. I have to parse code from general repo which are not written by me.

Where can I find the documentation of the preprocessor-executable parameter?

Noam5
@Noam5

ShiftLeftSecurity/codepropertygraph#1172 @Noam5

Hm... still stuck with the same issue on the new version

def source = cpg.method.name("outerFunc").parameter
def sink = cpg.call.argument.inCall.nameExact(Operators.indirection)
sink.reachableByFlows(source).p
This was my initial code I tried
is there any way to verify on which version I currently run?
Niko Schmidt
@itsacoderepo
are you compiling from source or are you using the joern-cli?
Noam5
@Noam5
I used the installation from here: https://github.com/ShiftLeftSecurity/joern/
But, now that I kept fiddling with that, I can tell that ShiftLeftSecurity/codepropertygraph#1172 is not the issue since I now use a much shorter flow
instead of looking for parameters into the innerFunc, I am using the arguments from inner func -> to indirection operation on these parameters and it finds no path
I would still like to know what version I am running just to verify
Niko Schmidt
@itsacoderepo
what do you get if you type version in the joern REPL?
Noam5
@Noam5
joern> version
res52: String = ""
Niko Schmidt
@itsacoderepo
#1172 should be in master now, it think it was part of the 1.1.149 release
Noam5
@Noam5
Yeah I installed today in the morning
Niko Schmidt
@itsacoderepo
hm.. works for me
importCode("/tmp/testcode")
run.ossdataflow 
def source = cpg.method.name("outerFunc").parameter
def sink = cpg.call.argument.inCall.nameExact(Operators.indirection) 
 sink.reachableByFlows(source).p
Maybe you have missed run.ossdataflow ?
image.png
The screenshot is from a fresh joern install doing
wget https://github.com/ShiftLeftSecurity/joern/releases/latest/download/joern-install.sh
chmod +x ./joern-install.sh
./joern-install.sh
Noam5
@Noam5
That is weird, it doesn't work for me
Ok, I think I understood the mistake
Niko Schmidt
@itsacoderepo
does it work now? :)
Noam5
@Noam5
Yes, brilliant :)
Niko Schmidt
@itsacoderepo
awesome!
Noam5
@Noam5
Is there a way of using source as cpg.method.name("outerOuterFunc"), without telling it to search for parameters? it could be anything (inner variables, parameters, globals. etc)
Niko Schmidt
@itsacoderepo
We haven't considered it yet
at least there was no use case for this for us
Niko Schmidt
@itsacoderepo
but you can wrap it like:
def searchAll(sourceName:String, sinkName:String) = {
    val method = cpg.method.name(sourceName)
    val params = method.parameter
    val locals = method.local.referencingIdentifiers

    def sink = cpg.method.name(sinkName).parameter

    sink.reachableByFlows(params).p
    sink.reachableByFlows(locals).p
}
Noam5
@Noam5
That's weird.
def path0 = cpg.method.name("outerOuterFunc").local.referencingIdentifiers
def path1 = cpg.method.name("outerFunc").parameter
def path2 = cpg.call.argument.inCall.nameExact(Operators.indirection) 
path2.reachableByFlows(path1).p # Returns paths
path0.reachableByFlows(path1).p # Returns paths
path2.reachableByFlows(path0).p # Doesn't return paths
Niko Schmidt
@itsacoderepo
are you still using this code:
void outerFunc(const uint8 *bitString,
                                           const uint32 lengthOfParentElement,
                                           uint16*      bitStringLength,
                                           uint16*      bitStringStartPtr,
                                           uint8*       numberOfPaddingBits)
{

  if ((bitString[0] & 0x1Fu) != 0x03u) {
    return CRYPTO_E_NOK;
  }
  innerFunc(bitString, lengthOfParentElement, bitStringLength, bitStringStartPtr);
  *numberOfPaddingBits =(uint8) (bitString[*bitStringStartPtr] & 7u);
  (*bitStringStartPtr)++;
  (*bitStringLength)--;

  return CRYPTO_E_OK;
}
the method does not have any locals
Noam5
@Noam5
outerOuterFunc does have