Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
Niko Schmidt
@itsacoderepo
and maybe you want to follow https://twitter.com/joernio :)
Fabian Yamaguchi
@fabsx00
After running joern-parse <directory>, you can now run ./joern-export and it will dump 2014 style intra-procedural code property graphs for all functions into the directory out. Tested it on the VLC code base. Export takes about 2.5 minutes. Those graphs can the be processed with pygraphviz, for example.
I'll be adding a few flags now to export only PDGs or only ASTs. That should close some of the tickets we've been seeing and enable people in their CPG-based research.
Fabian Yamaguchi
@fabsx00
It's ready (joern-export): ShiftLeftSecurity/joern#356
xiaotianming
@xiaotianming
How can Joern handle source code stored in. H5 or other files?
xiaotianming
@xiaotianming
How do I know which file dot belongs to when I use 'run.dump.cpg14'?
xiaotianming
@xiaotianming
Why can't Joern generate data dependency graph and program dependency graph?
image.png
image.png
Phan Dinh Cong
@DinhCongPhan_gitlab
Sorry for my interruption, but Is there anyone curious about ShiftLeft OverflowDB which is the graph database to store nodes in CPG? I want to use it in my project but its documentation in Github is out of date!
xiaotianming
@xiaotianming
How can I use fuzzc2cpg? when I used fuzzzy2cpg there is a error.
image.png
Claudiu-Vlad Ursache
@ursachec
@xiaotianming did you go through the basic documentation first? If not, that might help clear up some of the issues you've been encountering: https://docs.joern.io/quickstart
xiaotianming
@xiaotianming
@ursachec Yes,I did it.The problem is that fuzzyppcil is not in fuzzypp/ bin/, but in bin/. So I created a folder of fuzzypp to solve this problem.Thank you for your answer.
Hui Peng
@benquike
Hi, how can i get the astParent of a call node with joern?
Jai Verma
@jaiverma
I recently updated to the latest version and many things broke for me. I read that filter and where were swapped. But I don't seem to understand how to use where now.
For example:
joern> cpg.call.name("malloc").where(call => call.argument.order(1).isIdentifier)
cmd9.sc:1: type mismatch;
 found   : overflowdb.traversal.Traversal[io.shiftleft.codepropertygraph.generated.nodes.Expression]
 required: ?{def isIdentifier: ?}
Note that implicit conversions are not applicable because they are ambiguous:
 both method trackingPointToAstBase in package language of type [A](a: A)(implicit f: A => overflowdb.traversal.Traversal[io.shiftleft.codepropertygraph.generated.nodes.TrackingPoint])io.shiftleft.semanticcpg.language.types.expressions.generalizations.AstNode[io.shiftleft.codepropertygraph.generated.nodes.AstNode]
 and method toAstNode in trait LowLowPrioImplicits of type [A, NodeType <: io.shiftleft.codepropertygraph.generated.nodes.AstNode](a: A)(implicit f: A => overflowdb.traversal.Traversal[NodeType])io.shiftleft.semanticcpg.language.types.expressions.generalizations.AstNode[NodeType]
 are possible conversion functions from overflowdb.traversal.Traversal[io.shiftleft.codepropertygraph.generated.nodes.Expression] to ?{def isIdentifier: ?}
val res9 = cpg.call.name("malloc").where(call => call.argument.order(1).isIdentifier)
                                                                    ^
cmd9.sc:1: value isIdentifier is not a member of overflowdb.traversal.Traversal[io.shiftleft.codepropertygraph.generated.nodes.Expression]
val res9 = cpg.call.name("malloc").where(call => call.argument.order(1).isIdentifier)
                                                                        ^
Compilation Failed
any tips?
Ye Zhang
@ZhangYe46023266_twitter
Hi everyone, I am new to this tool and installed it today. But I met with an error when I follow the tutorial in Quickstart line by line. Anyone knows why it happens:
joern> cpg 
res7: Cpg = io.shiftleft.codepropertygraph.Cpg@7c81fec0

joern> cpg.call.filter(_.argument.code("stderr")).l 
cmd8.sc:1: missing argument list for method argument in class CallMethods
Unapplied methods are only converted to functions when a function type is expected.
You can make this conversion explicit by writing `argument _` or `argument(_)` instead of `argument`.
val res8 = cpg.call.filter(_.argument.code("stderr")).l
                             ^
Compilation Failed
Ye Zhang
@ZhangYe46023266_twitter
Also, there is no TAB-complete...I don't know what happens..
Fabian Yamaguchi
@fabsx00
Just checked tab completion and it works for me. Can you try updating?
@jaiverma instead of where, just write filter now. filter operates on nodes (just like map does) while where operates on traversals.
SicongCao
@SicongCao
微信图片_20201105152410.png
I've got this problem,cou u explain what is the reason for this?
Ye Zhang
@ZhangYe46023266_twitter

Just checked tab completion and it works for me. Can you try updating?

But I gited and installed it just now...I will try reinstall then. Do you have any idea about the errors in cpg.call.filter(_.argument.code("stderr")).l?

Jai Verma
@jaiverma
@fabsx00 filter didn't work for me either...
joern> cpg.call.name("malloc").filter(call => call.argument(1).isIdentifier)
cmd9.sc:1: type mismatch;
 found   : io.shiftleft.codepropertygraph.generated.nodes.Expression
 required: ?{def isIdentifier: ?}
Note that implicit conversions are not applicable because they are ambiguous:
 both method trackingPointToAstNodeMethods in package language of type (node: io.shiftleft.codepropertygraph.generated.nodes.TrackingPoint)io.shiftleft.semanticcpg.language.nodemethods.AstNodeMethods
 and method cfgNodeToAsNode in package language of type (node: io.shiftleft.codepropertygraph.generated.nodes.CfgNode)io.shiftleft.semanticcpg.language.nodemethods.AstNodeMethods
 are possible conversion functions from io.shiftleft.codepropertygraph.generated.nodes.Expression to ?{def isIdentifier: ?}
val res9 = cpg.call.name("malloc").filter(call => call.argument(1).isIdentifier)
                                                               ^
cmd9.sc:1: value isIdentifier is not a member of io.shiftleft.codepropertygraph.generated.nodes.Expression
val res9 = cpg.call.name("malloc").filter(call => call.argument(1).isIdentifier)
                                                                   ^
Compilation Failed
Jai Verma
@jaiverma
i'm pretty sure that there is a bug in v1.1.42. isIdentifier returns a traversal so it should work with where. because i tried it with a slightly older version (v1.1.33) and it worked fine.
Claudiu-Vlad Ursache
@ursachec
@jaiverma the following tweak to your query might get you the results you want:
cpg.call.name("malloc").argument.argumentIndex(1).isIdentifier
in case you don't necessarily need to use filter that is...
xiaotianming
@xiaotianming
Why joern can not get the AST from those code? @fabsx00
image.png
image.png
image.png
Ye Zhang
@ZhangYe46023266_twitter
Does joern contain any taint analysis tool inside?
Jai Verma
@jaiverma
@ursachec yeah that works for me, thanks!
but i was just wondering in general why the where function was not taking a traversal. According to https://docs.joern.io/upgrade-guides this should work, and it was working in an earlier release (I tried with 1.1.33)
Niko Schmidt
@itsacoderepo
image.png
please keep in mind that cpg.call.name("malloc").argument.isLiteral .l and cpg.call.name("malloc").where{x=>x.argument.isLiteral}.l is not the same.
@jaiverma yes, it looks like a bug, because it works on ocular. Could be a dependency issue ..
Rasmus Lindqvist
@rasmusli_gitlab

Hi! Trying to plot the cpg as either AST or CPG gives me an error:

joern> cpg.method.name("iw_is_valid_density").plotDotCpg14
Executing image viewer failed. Is it installed? 
java.io.IOException: Cannot run program "xdg-open": error=2, No such file or directory

I am currently running Joern v1.1.42 and JRE 12. I´m running it on a mac and suspect that's where the problem with Java xdg-open arises. I was wondering if someone has had the same issue?

Jai Verma
@jaiverma

@rasmusli_gitlab, you need to install xdg-utils. xdg-open is part of the xdg-utils package and is for use with x11.
i had a similar issue on macOS and did the following. store the dot representation of the graph as a file and use the dot utilities from graphviz to display the graph

joern> cpg.method.name("main").dotCfg.head > "/tmp/cfg.dot"

then

dot -Tsvg /tmp/cfg.dot > /tmp/cfg.svg
Rasmus Lindqvist
@rasmusli_gitlab
@jaiverma , thank you. I´ll try installing xdg-utils and otherwise resort to your other solution. Thanks :)
xiaotianming
@xiaotianming
When I use the command "importCpg " import the cpg from the source code by fuzzyc2scpg,I can get the cpg14,but the cfg disappears I open the project again。Why does this happen?
xiaotianming
@xiaotianming
image.png
image.png
ocean
@_ocean_twitter
hi I have a relatively large/complex code base that I want to load in joern and finding trouble:
  • if I just load the code base with joern-parse or the preprocessor, I miss quite a few type definitions (maybe because of #ifdefs)
  • if I try to include llvm header files I get the following error: Cannot run program "/..../clang": error=7, Argument list too long
  • if I try to preproc the preprocessed .pp emitted with "clang -E (--frewrite-headers cannot be used because of how the code is structured) joern-parse will be able to parse the code base in a couple hours, but the last process (I guess the enhancement pass) is still running after ~12 hours
is it normal that the enhancement pass is taking so long on .pp files? do you have any suggestions on how to proceed? thanks!
ocean
@_ocean_twitter
*I double checked and it got stuck in the noenhance phase :(
Rasmus Lindqvist
@rasmusli_gitlab
Hi there! Does anyone have a "graph-for-funcs.sc" script that works after the migration to ODB Traversal ? I have an old script that uses Vertex which does not exist in ODB Traversal