Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
mecelc
@mecelc

Hi guys, recently I tried to execute joern on this code

static size_t
xmlBufGrowInternal(xmlBufPtr buf, size_t len) {
     size_t size;
     xmlChar *newbuf;

    if ((buf == NULL) || (buf->error != 0)) return(0);
     CHECK_COMPAT(buf)

    if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
    if (buf->use + len < buf->size)
        return(BAD_CAST buf->size - buf->use);
    else
    return(1);


    switch(o){
        case TEST_CODE_1: 
    print("test")
    break;

        case TEST_CODE_2: 
    break;

        case "5": 
    print("test")
    break;

    default:
    print("asd")
    } 
    return(buf->size - buf->use);
}

After the parsing I have extrapolated all the lines parsed by joern and i regenerated the code. I have notice that some C words like else (without brackets) and the case have been deleted from the regenerated file

static size_t
xmlBufGrowInternal(xmlBufPtr buf, size_t len) {



    if ((buf == NULL) || (buf->error != 0)) return(0);


    if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
    if (buf->use + len < buf->size)


    return(1);


    switch(o){













    } 
    return(buf->size - buf->use);
}

Is this a bug?

for the line extraction I used this script
cpg.all.map(_.location.lineNumber).dedup.toJson |> "%s/lines_%s.dump".format(path, suffix)

netuser1234
@netuser1234
1.png
2.png
hello everyone! very new to this tool and just going through basics to export graph, but got few errors; LIST is empty. However, according to documentation should return values. Just to add; used the example given in the doc. Somebody plz look into....thanks in advance
Will Leeson
@will-leeson
Hi everyone. New to the tool. I was wondering if there is a way to dump a human readable version of the cpg generated by llvm2cpg, like a pretty printer. The dump method listed in the documentation appears to just dump the raw code, and I want the cpg. Thanks
Jai Verma
@jaiverma
this forum is not active anymore. please ask on the discord instead https://discord.gg/QMd6UM7Q
revivalfx
@revivalfx
Hello, is it possible to get another invite link? The one you posted has expired, unfortunately.
Thanks
Jai Verma
@jaiverma
https://discord.gg/mjPqDTYA2y
revivalfx
@revivalfx
cheers!
Y1nYan
@Y1nYan
Hi guys. I saw in Github that Joern supports JavaScript... JS static code analysis is hard. Is that true? If so, how can I use that feature?
Tom
@anon767
Hey Guys,
is there any current implementation available for interprocedural CPGs?
E.g. as described in here: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7163061
Huaming
@Huaming-Chen
Hi all. Thanks for the great tool. Just got a question about the efficiency of Joern. I am using it to generate over 20k graphs for the project (there are over 20k files, each one will need a graph). I have added the memory to 48G, and now thinking about the multi thread kind of thing to boost it. Is there any suggestions on this? It appears to take so long to finish the job so far.
nimashiri
@nimashiri
Hi, how can I use joern to generate PDG of multiple C/C++ files using a bash script? I was wondering if you help me with this case.
savvyX
@secsavvyX
when i try to install php-ast i get this error https://i.imgur.com/iu5hqD7.png while running make command
MrSynAckSter
@MrSynAckSter
Has anyone implemented poists-to style UAF detection in Joern?
(I'm looking for examples of working security static analysis passes with Joern)
ForAllOnes
@ForAllOnes
Hi, I am new bee to joern and I wonder that is there are some other tutorials except office site here for me to learn some scala interface usages? I got problems to run plugins dumpast. It sents me error info like this after executing command: joern --run dumpast --src test.c
error info:
Exception in thread "main" java.lang.AssertionError: script errored:
at io.joern.console.BridgeBase.runScript(BridgeBase.scala:332)
at io.joern.console.BridgeBase.$anonfun$runPlugin$4(BridgeBase.scala:234)
at io.joern.console.BridgeBase.$anonfun$runPlugin$4$adapted(BridgeBase.scala:233)
at io.joern.console.BridgeBase.$anonfun$withTemporaryScript$1(BridgeBase.scala:187)
at io.joern.console.BridgeBase.$anonfun$withTemporaryScript$1$adapted(BridgeBase.scala:184)
at better.files.Dispose.apply(Dispose.scala:82)
at better.files.Dispose.foreach(Dispose.scala:104)
at better.files.File$.usingTemporaryDirectory(File.scala:1371)
at io.joern.console.BridgeBase.withTemporaryScript(BridgeBase.scala:184)
at io.joern.console.BridgeBase.runPlugin(BridgeBase.scala:233)
at io.joern.console.BridgeBase.runAmmonite(BridgeBase.scala:157)
at io.joern.console.BridgeBase.runAmmonite$(BridgeBase.scala:144)
at io.joern.console.AmmoniteBridge$.runAmmonite(AmmoniteBridge.scala:3)
at io.joern.console.AmmoniteBridge$.delayedEndpoint$io$joern$console$AmmoniteBridge$1(AmmoniteBridge.scala:5)
at io.joern.console.AmmoniteBridge$delayedInit$body.apply(AmmoniteBridge.scala:3)
at scala.Function0.apply$mcV$sp(Function0.scala:39)
at scala.Function0.apply$mcV$sp$(Function0.scala:39)
at scala.runtime.AbstractFunction0.apply$mcV$sp(AbstractFunction0.scala:17)
at scala.App.$anonfun$main$1(App.scala:76)
at scala.App.$anonfun$main$1$adapted(App.scala:76)
at scala.collection.IterableOnceOps.foreach(IterableOnce.scala:563)
at scala.collection.IterableOnceOps.foreach$(IterableOnce.scala:561)
at scala.collection.AbstractIterable.foreach(Iterable.scala:926)
at scala.App.main(App.scala:76)
at scala.App.main$(App.scala:74)
at io.joern.console.AmmoniteBridge$.main(AmmoniteBridge.scala:3)
at io.joern.console.AmmoniteBridge.main(AmmoniteBridge.scala)
Caused by: java.nio.file.NoSuchFileException: /home/cjw/out/0-ast.dot
at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116)
at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:219)
at java.base/java.nio.file.spi.FileSystemProvider.newOutputStream(FileSystemProvider.java:478)
at java.base/java.nio.file.Files.newOutputStream(Files.java:222)
at java.base/java.nio.file.Files.write(Files.java:3497)
at better.files.File.writeByteArray(File.scala:367)
at better.files.File.write(File.scala:386)
at io.shiftleft.semanticcpg.layers.DumpAst.$anonfun$create$1(DumpAst.scala:26)
at scala.collection.IterableOnceOps.foreach(IterableOnce.scala:563)
at scala.collection.IterableOnceOps.foreach$(IterableOnce.scala:561)
at overflowdb.traversal.Traversal.foreach(Traversal.scala:17)
at io.shiftleft.semanticcpg.layers.DumpAst.create(DumpAst.scala:23)
at io.shiftleft.semanticcpg.layers.LayerCreator.run(LayerCreator.scala:33)
at io.joern.console.Console.runCreator(Console.scala:452)
at io.joern.console.Console.$anonfun$_runAnalyzer$1(Console.scala:442)
at io.joern.console.Console.$anonfun$_runAnalyzer$1$adapted(Console.scala:429)
at scala.collection.IterableOnceOps.foreach(IterableOnce.scala:563)
at scala.collection.IterableOnceOps.foreach$(IterableOnce.scala:561)
at scala.collection.AbstractIterable.foreach(Iterable.scala:926)
at io.joern.console.Console._runAnalyzer(Console.scala:429)
at ammonite.predef.CodePredef$OverlaysDynamic.dumpast(CodePredef.sc:54)
at ammonite.$file.$up.$up.tmp.joern$minusbundle1311644814816545822.script$.<clinit>(script.sc:13)
at ammonite.$file.$up.$up.tmp.joern$minusbundle1311644814816545822
Thans for every response! :)
lzlzhuang
@lzlzhuang
image.png After use ./joern-parse and ./joern-export --repr cpg14 --out out, I get the .dot file, which includes the nodes and the edges, the edges type in the {AST,CFG,DDG,...}, as above. I want to get file which contains the detailed edge types such as 'controls' 'controlledBy' 'dominates' 'postDominatedBy' 'reachableBy' 'IS_AST_PARENT': 1, 'FLOWS_TO'
'DEF' 'USE' 'REACHES' 'CONTROLS' 'DECLARES' . thenks for every response!
smallfivehh
@smallfivehh
Hi, does joern support parsing .i files?
clccc
@clccc
Hello @fabsx00, Can I update querydb of joern-scan offline? Thanks~
clccc
@clccc
I have downloaded querydb.json and querydb.zip.
smartXspark
@smartXspark
Hi, Hello. I can use data-flow steps and other steps normally in interactive and non-interactive (Scala script) mode, such as reachableBy, reachableByFlows, etc. Why data-flow steps cannot be used when integrated into Intellij IDEA programming?
faysalhossain2007
@faysalhossain2007
how to run the latest joern with the python 3.7+ and neo4j v4.4.4+ ?
faysalhossain2007
@faysalhossain2007
can I use Joern 0.3 (https://github.com/octopus-platform/joern) to create PDG for java language?
faysalhossain2007
@faysalhossain2007

I am not able to run joern --server. I am using the latest Joern. All the time it shows the following error:

Unrecognized option: --server
usage: joern [SOURCE_DIR1] ...
-outdir <outdir> specifies where the neo4j database will be written

Can anyone please help me? Is this channel deprecated?

KristoferHansson
@KristoferHansson
@faysalhossain2007 : I think it has been moved to discord sometime in 2021(https://twitter.com/joernio/status/1382991772150853632). This invite seems to work: https://discord.com/invite/ff3ahcFrJq, taken from the description part of youtube shiftleft sponsored joern video: https://www.youtube.com/watch?v=qtGRNb_2Khs (OWASP DevSlop: How to Analyze Code for Vulnerabilities using Joern)
faysalhossain2007
@faysalhossain2007
Thanks a lot! @KristoferHansson
Much appreciated!
daisy0522
@daisy0522
Hi all! Indeed I have been using the early versions of joern-cli for months and it works well. But when I update joern-cli to the latest version with a NEWC frontend, I fail to start the joern console and have some problems with the joern-parse tools. The error message is as follow:
1 reply
Snipaste_2022-03-19_16-44-59.png
daisy0522
@daisy0522
Snipaste_2.png
daisy0522
@daisy0522
What's more, the joern console can not start, it just exits without any output:
Snipaste_3.png
daisy0522
@daisy0522
Do anyone know possible reasons for this error? Thanks! @fabsx00
周稳 ZHOU WEN
@zhouwen6666
@daisy0522 Your java version is not right, the java version must be 11
周稳 ZHOU WEN
@zhouwen6666
@KristoferHansson Hello friends, I would like to ask if you has tried to run joern server on WSL, why joern server does not work on WSL. I use ./joern -server,but it is always in this on state, and there is no information about the next step
image.png
mahmoudzam
@mahmoudzam:matrix.org
[m]
Hello Friends, did you face the below error before? Your helps are appreciated! Thanks
image.png
wujianyu
@rrycbar
hello frieds!Have you used joern to analyze global variables? When joern generates the CPG of the function, how to represent the global variables outside the function?
周稳 ZHOU WEN
@zhouwen6666
@mahmoudzam:matrix.orgCan you tell me which part of joern is it?, is it part of the new version of joern?, I don't seem to see this module. However,Judging from the error message, the value behind the factor dictionary is required to be of string type instead of any type.
rebel-ly
@rebel-ly
image.png
I cannot use plotDotXXX to obtain a graph , I have install the newest xdg-utils . Please help me , thanks.
@itsacoderepo :)
wujianyu
@rrycbar
Do anyone know How to cut some edges or nodes of a CFG graph?
xiamuqiong
@xiamuqiong
how to use joern to analysis python code?
Harshil Avlani
@eggooo1054:matrix.org
[m]
How can you extract the number of variables declared from a CPG?