Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
LinShiG0ng
@LinShiG0ng
image.png
Niko Schmidt
@itsacoderepo
it gets stuck?
can you tell me how you build the jar?
I need to follow your steps so that i can identify a potential error :)
LinShiG0ng
@LinShiG0ng
ok I was in the Ububtu to execute the following commands

RUN echo -e 'http://mirrors.ustc.edu.cn/alpine/v3.5/main/\nhttp://mirrors.ustc.edu.cn/alpine/v3.5/community/' > /etc/apk/repositories
RUN apk update && apk upgrade && apk add --no-cache openjdk8-jre-base python3 git curl gnupg bash nss ncurses
RUN ln -sf python3 /usr/bin/python

sbt

ENV SBT_VERSION 1.3.13
ENV SBT_HOME /usr/local/sbt
ENV PATH ${PATH}:${SBT_HOME}/bin
RUN curl -sL "https://github.com/sbt/sbt/releases/download/v$SBT_VERSION/sbt-$SBT_VERSION.tgz" -o ./sbt-$SBT_VERSION.tgz | gunzip | tar -x -C /usr/local

building joern

RUN git clone https://github.com/ShiftLeftSecurity/joern.git && cd joern && sbt stage
WORKDIR /joern

these command is in the Dockerfile
image.png
image.png
I also use the Dockerfile to build a docker container
image.png
but it's also stuck in here
LinShiG0ng
@LinShiG0ng
In Ubuntu it's can't apt-get install nss ncurses
LinShiG0ng
@LinShiG0ng
image.png
LinShiG0ng
@LinShiG0ng
@itsacoderepo
Niko Schmidt
@itsacoderepo
it seems to be docker related
LinShiG0ng
@LinShiG0ng
docker,Ubunbu all like this
how to set _JAVA_OPTS?
Niko Schmidt
@itsacoderepo
https://docs.joern.io/installation#configuring-the-jvm-for-optimal-performance
LinShiG0ng
@LinShiG0ng
image.png
I set but it doesn't work ....
Niko Schmidt
@itsacoderepo
Could you try an other jar? :)
I was able to load an analyze a random jar from github. Maybe we have a problem with X42.jar only
Niko Schmidt
@itsacoderepo
We are moving away from gitter to discord, please join: https://discord.gg/zeHXQksy
Noam5
@Noam5

Hey @Noam5! Do you have an example code snippet by any chance? That would make answering your question much easier

That is weird, when running it on a single file everything works flawlessly, but on a whole codebase (1.5 GB) it doesn't find anything. I did run run.ossdataflow

Niko Schmidt
@itsacoderepo
Please join our discord server https://discord.gg/zeHXQksy :)
argp
@argp
damn i don't like discord ;)
i'm joining, just saying
markryg49fv
@markryg49fv

Hello, everyone. I want to ask a question. In the old version, I entered this command for slicing:

echo 'getFunctionsByName("mov_read_hdlr").id' | joern-lookup -g | tail -n 1 | joern-plot-proggraph -ddg -cfg | joern-plot-slice 4602986 'title_str' -s backwards > slice_backwards.dot

So in the new version of the Joern, what kind of code should I input to achieve slicing operation?

There is another question, how can I output a JSON file?(I need a PDG json file.) Because I finally need to get a JSON file to continue my project. Thanks!

Very anxious, thank you for your help
Jai Verma
@jaiverma
@itsacoderepo the discord invite link has expired
xiaotianming
@xiaotianming
How to get the calling relation from the joern? how to distinguish which function is called when there are multiple functions with the same name? @itsacoderepo
Niko Schmidt
@itsacoderepo
please join :) discord.gg/vv4MH284Hc
ilwoof
@ilwoof
Hi, guys. I am new to joern
I just used joern-parser to parse a c file. Why both the resulting nodes.csv and edges.csv are empty?
Could anyone tell me what the reason might be?
Niko Schmidt
@itsacoderepo
@ilwoof we switched to discord and don't provide to support gitter anymore. Please join discord.gg/vv4MH284Hc :)
sML-90
@sML-90
Hi there! Is there a way to obtain joern CPG of a code snippet, without proper function start and end ? or can we get subgraph corresponding to code portion of a function on which the actual CPG was created ? thanks in advance :)
nashid
@nashid
For anyone who's been struggling with exporting AST/CFG/DDG/CDG: https://docs.joern.io/exporting
Will it work for java as well?
mecelc
@mecelc

Hi guys, recently I tried to execute joern on this code

static size_t
xmlBufGrowInternal(xmlBufPtr buf, size_t len) {
     size_t size;
     xmlChar *newbuf;

    if ((buf == NULL) || (buf->error != 0)) return(0);
     CHECK_COMPAT(buf)

    if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
    if (buf->use + len < buf->size)
        return(BAD_CAST buf->size - buf->use);
    else
    return(1);


    switch(o){
        case TEST_CODE_1: 
    print("test")
    break;

        case TEST_CODE_2: 
    break;

        case "5": 
    print("test")
    break;

    default:
    print("asd")
    } 
    return(buf->size - buf->use);
}

After the parsing I have extrapolated all the lines parsed by joern and i regenerated the code. I have notice that some C words like else (without brackets) and the case have been deleted from the regenerated file

static size_t
xmlBufGrowInternal(xmlBufPtr buf, size_t len) {



    if ((buf == NULL) || (buf->error != 0)) return(0);


    if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
    if (buf->use + len < buf->size)


    return(1);


    switch(o){













    } 
    return(buf->size - buf->use);
}

Is this a bug?

for the line extraction I used this script
cpg.all.map(_.location.lineNumber).dedup.toJson |> "%s/lines_%s.dump".format(path, suffix)

netuser1234
@netuser1234
1.png
2.png
hello everyone! very new to this tool and just going through basics to export graph, but got few errors; LIST is empty. However, according to documentation should return values. Just to add; used the example given in the doc. Somebody plz look into....thanks in advance
Will Leeson
@will-leeson
Hi everyone. New to the tool. I was wondering if there is a way to dump a human readable version of the cpg generated by llvm2cpg, like a pretty printer. The dump method listed in the documentation appears to just dump the raw code, and I want the cpg. Thanks
Jai Verma
@jaiverma
this forum is not active anymore. please ask on the discord instead https://discord.gg/QMd6UM7Q
revivalfx
@revivalfx
Hello, is it possible to get another invite link? The one you posted has expired, unfortunately.
Thanks
Jai Verma
@jaiverma
https://discord.gg/mjPqDTYA2y
revivalfx
@revivalfx
cheers!
Y1nYan
@Y1nYan
Hi guys. I saw in Github that Joern supports JavaScript... JS static code analysis is hard. Is that true? If so, how can I use that feature?