Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
SicongCao
@SicongCao
I've got this problem,cou u explain what is the reason for this?
Ye Zhang
@ZhangYe46023266_twitter

Just checked tab completion and it works for me. Can you try updating?

But I gited and installed it just now...I will try reinstall then. Do you have any idea about the errors in cpg.call.filter(_.argument.code("stderr")).l?

Jai Verma
@jaiverma
@fabsx00 filter didn't work for me either...
joern> cpg.call.name("malloc").filter(call => call.argument(1).isIdentifier)
cmd9.sc:1: type mismatch;
 found   : io.shiftleft.codepropertygraph.generated.nodes.Expression
 required: ?{def isIdentifier: ?}
Note that implicit conversions are not applicable because they are ambiguous:
 both method trackingPointToAstNodeMethods in package language of type (node: io.shiftleft.codepropertygraph.generated.nodes.TrackingPoint)io.shiftleft.semanticcpg.language.nodemethods.AstNodeMethods
 and method cfgNodeToAsNode in package language of type (node: io.shiftleft.codepropertygraph.generated.nodes.CfgNode)io.shiftleft.semanticcpg.language.nodemethods.AstNodeMethods
 are possible conversion functions from io.shiftleft.codepropertygraph.generated.nodes.Expression to ?{def isIdentifier: ?}
val res9 = cpg.call.name("malloc").filter(call => call.argument(1).isIdentifier)
                                                               ^
cmd9.sc:1: value isIdentifier is not a member of io.shiftleft.codepropertygraph.generated.nodes.Expression
val res9 = cpg.call.name("malloc").filter(call => call.argument(1).isIdentifier)
                                                                   ^
Compilation Failed
Jai Verma
@jaiverma
i'm pretty sure that there is a bug in v1.1.42. isIdentifier returns a traversal so it should work with where. because i tried it with a slightly older version (v1.1.33) and it worked fine.
Claudiu-Vlad Ursache
@ursachec
@jaiverma the following tweak to your query might get you the results you want:
cpg.call.name("malloc").argument.argumentIndex(1).isIdentifier
in case you don't necessarily need to use filter that is...
xiaotianming
@xiaotianming
Why joern can not get the AST from those code? @fabsx00
image.png
image.png
image.png
Ye Zhang
@ZhangYe46023266_twitter
Does joern contain any taint analysis tool inside?
Jai Verma
@jaiverma
@ursachec yeah that works for me, thanks!
but i was just wondering in general why the where function was not taking a traversal. According to https://docs.joern.io/upgrade-guides this should work, and it was working in an earlier release (I tried with 1.1.33)
Niko Schmidt
@itsacoderepo
image.png
please keep in mind that cpg.call.name("malloc").argument.isLiteral .l and cpg.call.name("malloc").where{x=>x.argument.isLiteral}.l is not the same.
@jaiverma yes, it looks like a bug, because it works on ocular. Could be a dependency issue ..
Rasmus Lindqvist
@rasmusli_gitlab

Hi! Trying to plot the cpg as either AST or CPG gives me an error:

joern> cpg.method.name("iw_is_valid_density").plotDotCpg14
Executing image viewer failed. Is it installed? 
java.io.IOException: Cannot run program "xdg-open": error=2, No such file or directory

I am currently running Joern v1.1.42 and JRE 12. I´m running it on a mac and suspect that's where the problem with Java xdg-open arises. I was wondering if someone has had the same issue?

Jai Verma
@jaiverma

@rasmusli_gitlab, you need to install xdg-utils. xdg-open is part of the xdg-utils package and is for use with x11.
i had a similar issue on macOS and did the following. store the dot representation of the graph as a file and use the dot utilities from graphviz to display the graph

joern> cpg.method.name("main").dotCfg.head > "/tmp/cfg.dot"

then

dot -Tsvg /tmp/cfg.dot > /tmp/cfg.svg
Rasmus Lindqvist
@rasmusli_gitlab
@jaiverma , thank you. I´ll try installing xdg-utils and otherwise resort to your other solution. Thanks :)
xiaotianming
@xiaotianming
When I use the command "importCpg " import the cpg from the source code by fuzzyc2scpg,I can get the cpg14,but the cfg disappears I open the project again。Why does this happen?
xiaotianming
@xiaotianming
image.png
image.png
ocean
@_ocean_twitter
hi I have a relatively large/complex code base that I want to load in joern and finding trouble:
  • if I just load the code base with joern-parse or the preprocessor, I miss quite a few type definitions (maybe because of #ifdefs)
  • if I try to include llvm header files I get the following error: Cannot run program "/..../clang": error=7, Argument list too long
  • if I try to preproc the preprocessed .pp emitted with "clang -E (--frewrite-headers cannot be used because of how the code is structured) joern-parse will be able to parse the code base in a couple hours, but the last process (I guess the enhancement pass) is still running after ~12 hours
is it normal that the enhancement pass is taking so long on .pp files? do you have any suggestions on how to proceed? thanks!
ocean
@_ocean_twitter
*I double checked and it got stuck in the noenhance phase :(
Rasmus Lindqvist
@rasmusli_gitlab
Hi there! Does anyone have a "graph-for-funcs.sc" script that works after the migration to ODB Traversal ? I have an old script that uses Vertex which does not exist in ODB Traversal
Fabian Yamaguchi
@fabsx00
You don't need those scripts anymore, and in fact, we should remove them. There's joern-export now :) https://docs.joern.io/exporting
Rasmus Lindqvist
@rasmusli_gitlab
Oh alright, thanks! Is it possible to export it as .json though ? :) Sorry if I missed something in the documentation
xiaotianming
@xiaotianming
How to distinguish whether method is defined in source code or just called?
Fabian Yamaguchi
@fabsx00
@rasmusli_gitlab @jaiverma concerning the plotting functionality: You can also set config.tools.imageViewer to another image viewer on the shell
so joern > config.tools.imageViewer = "/path/to/a/different/viewer"
@rasmusli_gitlab right now, it's just dot, so you'd have to convert.
Might get to json some time, but until then: PRs are welcome ;)
@xiaotianming cpg.method.isExternal
Alessandro Mantovani
@elManto
Hi all! I'm a new Joern user. I'm writing to you because I don't know how to model a problem (speaking about C language). Basically I want to capture off-by-one errors that write in a buffer. The typical scenario could be:
int i; 
int buf[N];
for(i = 0; i <= N; i++){ 
buf[i] = 1;
}
buf[i]= 0;
Alessandro Mantovani
@elManto
To me, it seems that to properly detect this, you need to have some info about the state . I mean, you should know that the i variable is increasing, and that eventually it exceeds the buffer length. But honestly I don't have any ideas about how to implement this in Joern. Maybe is there a better strategy more Joern-oriented?
Niko Schmidt
@itsacoderepo
@elManto you can query for the for condition
eg.
joern> cpg.method.controlStructure.expressionDown.order(2).code.l 
res45: List[String] = List("i <= N")
Niko Schmidt
@itsacoderepo
You could also do something like this:
joern> val loopTo = cpg.method.controlStructure.expressionDown.order(2).isCallTo(Operators.lessEqualsThan).argument.order(2).code.l.head 
loopTo: String = "N"

joern> cpg.method.local.typeFullNameExact(s"""int [ $loopTo ]""").code.l 
res60: List[String] = List("buf")
Niko Schmidt
@itsacoderepo
cpg.method                                        // query all methods
   .controlStructure                              // filter for control structures
   .parserTypeName("ForStatement")                // only for statements
   .expressionDown                                // "going one layer down"
   .order(2)                                      // choosing the second argument of the expression => for(i = 0; i <= N; i++){  
   .isCallTo(Operators.lessEqualsThan)            // it has to be a call to "<="   
   .argument                                      // going to the arguments of the call to "<="
   .order(2)                                      // second argument is the "N"
   .code                                          // get the code of the second argument
   .l                                             // as list (in this case it is only argument but could be more)
   .head                                          // get the first entry in the list
i guess we need to add a "howto find off-by-one errors" example, with comments and everything
Alessandro Mantovani
@elManto
I see, cool! Thanks
Alessandro Mantovani
@elManto

Hey, sorry guys, I cannot model this UAF:

struct a_type * a;
...
free(a);
a->field--;

My idea was to track the flows between the free args and the <operator>.indirectFieldAccess calls. But I'm getting en empty list for now

Rasmus Lindqvist
@rasmusli_gitlab

@rasmusli_gitlab right now, it's just dot, so you'd have to convert.

I re-wrote the old 'graph_for_funcs.sc' script to make it convert to json in that way. But I guess you'd want a more long-term solution that is not a script as a PR

Viktor Bard
@viktorbard_gitlab
Hi everyone! I'm using python subprocess to write commands into the Joern interactive shell. As my dataset is quite large i decided to split the process into many subsets. This is working fine for a small number of splits but for >3 splits the Joern interactive shell freezes and doesn't process. Is there a limit of calls that can be processed after each other in the interactive shell or should this be possible without closing it in between the calls?
Fabian Yamaguchi
@fabsx00
No intended limit, at least. Can you provide exact steps to reproduce?
@rasmusli_gitlab if you could share the script, that would be great. We can base a long term solution on it.
Viktor Bard
@viktorbard_gitlab
@fabsx00 After some consideration I think the problem lies in the size of the functions to be parsed. I tried filtering out large functions and then it works fine.
shan
@shan12138
@rasmusli_gitlab Hello, are you also reproducing the devign paper? I encountered the same problem as you during this process. After the revision, joern does not seem to support vertex node traversal, so that the "graph-for-funcs.sc" script does not run successfully. Do you have a solution to this problem now, and if yes, can you share it?Thank you very much.