Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
xiaotianming
@xiaotianming
image.png
Claudiu-Vlad Ursache
@ursachec
@xiaotianming did you go through the basic documentation first? If not, that might help clear up some of the issues you've been encountering: https://docs.joern.io/quickstart
xiaotianming
@xiaotianming
@ursachec Yes,I did it.The problem is that fuzzyppcil is not in fuzzypp/ bin/, but in bin/. So I created a folder of fuzzypp to solve this problem.Thank you for your answer.
Hui Peng
@benquike
Hi, how can i get the astParent of a call node with joern?
Jai Verma
@jaiverma
I recently updated to the latest version and many things broke for me. I read that filter and where were swapped. But I don't seem to understand how to use where now.
For example:
joern> cpg.call.name("malloc").where(call => call.argument.order(1).isIdentifier)
cmd9.sc:1: type mismatch;
 found   : overflowdb.traversal.Traversal[io.shiftleft.codepropertygraph.generated.nodes.Expression]
 required: ?{def isIdentifier: ?}
Note that implicit conversions are not applicable because they are ambiguous:
 both method trackingPointToAstBase in package language of type [A](a: A)(implicit f: A => overflowdb.traversal.Traversal[io.shiftleft.codepropertygraph.generated.nodes.TrackingPoint])io.shiftleft.semanticcpg.language.types.expressions.generalizations.AstNode[io.shiftleft.codepropertygraph.generated.nodes.AstNode]
 and method toAstNode in trait LowLowPrioImplicits of type [A, NodeType <: io.shiftleft.codepropertygraph.generated.nodes.AstNode](a: A)(implicit f: A => overflowdb.traversal.Traversal[NodeType])io.shiftleft.semanticcpg.language.types.expressions.generalizations.AstNode[NodeType]
 are possible conversion functions from overflowdb.traversal.Traversal[io.shiftleft.codepropertygraph.generated.nodes.Expression] to ?{def isIdentifier: ?}
val res9 = cpg.call.name("malloc").where(call => call.argument.order(1).isIdentifier)
                                                                    ^
cmd9.sc:1: value isIdentifier is not a member of overflowdb.traversal.Traversal[io.shiftleft.codepropertygraph.generated.nodes.Expression]
val res9 = cpg.call.name("malloc").where(call => call.argument.order(1).isIdentifier)
                                                                        ^
Compilation Failed
any tips?
Ye Zhang
@ZhangYe46023266_twitter
Hi everyone, I am new to this tool and installed it today. But I met with an error when I follow the tutorial in Quickstart line by line. Anyone knows why it happens:
joern> cpg 
res7: Cpg = io.shiftleft.codepropertygraph.Cpg@7c81fec0

joern> cpg.call.filter(_.argument.code("stderr")).l 
cmd8.sc:1: missing argument list for method argument in class CallMethods
Unapplied methods are only converted to functions when a function type is expected.
You can make this conversion explicit by writing `argument _` or `argument(_)` instead of `argument`.
val res8 = cpg.call.filter(_.argument.code("stderr")).l
                             ^
Compilation Failed
Ye Zhang
@ZhangYe46023266_twitter
Also, there is no TAB-complete...I don't know what happens..
Fabian Yamaguchi
@fabsx00
Just checked tab completion and it works for me. Can you try updating?
@jaiverma instead of where, just write filter now. filter operates on nodes (just like map does) while where operates on traversals.
SicongCao
@SicongCao
微信图片_20201105152410.png
I've got this problem,cou u explain what is the reason for this?
Ye Zhang
@ZhangYe46023266_twitter

Just checked tab completion and it works for me. Can you try updating?

But I gited and installed it just now...I will try reinstall then. Do you have any idea about the errors in cpg.call.filter(_.argument.code("stderr")).l?

Jai Verma
@jaiverma
@fabsx00 filter didn't work for me either...
joern> cpg.call.name("malloc").filter(call => call.argument(1).isIdentifier)
cmd9.sc:1: type mismatch;
 found   : io.shiftleft.codepropertygraph.generated.nodes.Expression
 required: ?{def isIdentifier: ?}
Note that implicit conversions are not applicable because they are ambiguous:
 both method trackingPointToAstNodeMethods in package language of type (node: io.shiftleft.codepropertygraph.generated.nodes.TrackingPoint)io.shiftleft.semanticcpg.language.nodemethods.AstNodeMethods
 and method cfgNodeToAsNode in package language of type (node: io.shiftleft.codepropertygraph.generated.nodes.CfgNode)io.shiftleft.semanticcpg.language.nodemethods.AstNodeMethods
 are possible conversion functions from io.shiftleft.codepropertygraph.generated.nodes.Expression to ?{def isIdentifier: ?}
val res9 = cpg.call.name("malloc").filter(call => call.argument(1).isIdentifier)
                                                               ^
cmd9.sc:1: value isIdentifier is not a member of io.shiftleft.codepropertygraph.generated.nodes.Expression
val res9 = cpg.call.name("malloc").filter(call => call.argument(1).isIdentifier)
                                                                   ^
Compilation Failed
Jai Verma
@jaiverma
i'm pretty sure that there is a bug in v1.1.42. isIdentifier returns a traversal so it should work with where. because i tried it with a slightly older version (v1.1.33) and it worked fine.
Claudiu-Vlad Ursache
@ursachec
@jaiverma the following tweak to your query might get you the results you want:
cpg.call.name("malloc").argument.argumentIndex(1).isIdentifier
in case you don't necessarily need to use filter that is...
xiaotianming
@xiaotianming
Why joern can not get the AST from those code? @fabsx00
image.png
image.png
image.png
Ye Zhang
@ZhangYe46023266_twitter
Does joern contain any taint analysis tool inside?
Jai Verma
@jaiverma
@ursachec yeah that works for me, thanks!
but i was just wondering in general why the where function was not taking a traversal. According to https://docs.joern.io/upgrade-guides this should work, and it was working in an earlier release (I tried with 1.1.33)
Niko Schmidt
@itsacoderepo
image.png
please keep in mind that cpg.call.name("malloc").argument.isLiteral .l and cpg.call.name("malloc").where{x=>x.argument.isLiteral}.l is not the same.
@jaiverma yes, it looks like a bug, because it works on ocular. Could be a dependency issue ..
Rasmus Lindqvist
@rasmusli_gitlab

Hi! Trying to plot the cpg as either AST or CPG gives me an error:

joern> cpg.method.name("iw_is_valid_density").plotDotCpg14
Executing image viewer failed. Is it installed? 
java.io.IOException: Cannot run program "xdg-open": error=2, No such file or directory

I am currently running Joern v1.1.42 and JRE 12. I´m running it on a mac and suspect that's where the problem with Java xdg-open arises. I was wondering if someone has had the same issue?

Jai Verma
@jaiverma

@rasmusli_gitlab, you need to install xdg-utils. xdg-open is part of the xdg-utils package and is for use with x11.
i had a similar issue on macOS and did the following. store the dot representation of the graph as a file and use the dot utilities from graphviz to display the graph

joern> cpg.method.name("main").dotCfg.head > "/tmp/cfg.dot"

then

dot -Tsvg /tmp/cfg.dot > /tmp/cfg.svg
Rasmus Lindqvist
@rasmusli_gitlab
@jaiverma , thank you. I´ll try installing xdg-utils and otherwise resort to your other solution. Thanks :)
xiaotianming
@xiaotianming
When I use the command "importCpg " import the cpg from the source code by fuzzyc2scpg,I can get the cpg14,but the cfg disappears I open the project again。Why does this happen?
xiaotianming
@xiaotianming
image.png
image.png
ocean
@_ocean_twitter
hi I have a relatively large/complex code base that I want to load in joern and finding trouble:
  • if I just load the code base with joern-parse or the preprocessor, I miss quite a few type definitions (maybe because of #ifdefs)
  • if I try to include llvm header files I get the following error: Cannot run program "/..../clang": error=7, Argument list too long
  • if I try to preproc the preprocessed .pp emitted with "clang -E (--frewrite-headers cannot be used because of how the code is structured) joern-parse will be able to parse the code base in a couple hours, but the last process (I guess the enhancement pass) is still running after ~12 hours
is it normal that the enhancement pass is taking so long on .pp files? do you have any suggestions on how to proceed? thanks!
ocean
@_ocean_twitter
*I double checked and it got stuck in the noenhance phase :(
Rasmus Lindqvist
@rasmusli_gitlab
Hi there! Does anyone have a "graph-for-funcs.sc" script that works after the migration to ODB Traversal ? I have an old script that uses Vertex which does not exist in ODB Traversal
Fabian Yamaguchi
@fabsx00
You don't need those scripts anymore, and in fact, we should remove them. There's joern-export now :) https://docs.joern.io/exporting
Rasmus Lindqvist
@rasmusli_gitlab
Oh alright, thanks! Is it possible to export it as .json though ? :) Sorry if I missed something in the documentation
xiaotianming
@xiaotianming
How to distinguish whether method is defined in source code or just called?
Fabian Yamaguchi
@fabsx00
@rasmusli_gitlab @jaiverma concerning the plotting functionality: You can also set config.tools.imageViewer to another image viewer on the shell
so joern > config.tools.imageViewer = "/path/to/a/different/viewer"
@rasmusli_gitlab right now, it's just dot, so you'd have to convert.
Might get to json some time, but until then: PRs are welcome ;)
@xiaotianming cpg.method.isExternal
Alessandro Mantovani
@elManto
Hi all! I'm a new Joern user. I'm writing to you because I don't know how to model a problem (speaking about C language). Basically I want to capture off-by-one errors that write in a buffer. The typical scenario could be:
int i; 
int buf[N];
for(i = 0; i <= N; i++){ 
buf[i] = 1;
}
buf[i]= 0;
Alessandro Mantovani
@elManto
To me, it seems that to properly detect this, you need to have some info about the state . I mean, you should know that the i variable is increasing, and that eventually it exceeds the buffer length. But honestly I don't have any ideas about how to implement this in Joern. Maybe is there a better strategy more Joern-oriented?
Niko Schmidt
@itsacoderepo
@elManto you can query for the for condition