Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
Claudiu-Vlad Ursache
@ursachec
in case you don't necessarily need to use filter that is...
xiaotianming
@xiaotianming
Why joern can not get the AST from those code? @fabsx00
image.png
image.png
image.png
Ye Zhang
@ZhangYe46023266_twitter
Does joern contain any taint analysis tool inside?
Jai Verma
@jaiverma
@ursachec yeah that works for me, thanks!
but i was just wondering in general why the where function was not taking a traversal. According to https://docs.joern.io/upgrade-guides this should work, and it was working in an earlier release (I tried with 1.1.33)
Niko Schmidt
@itsacoderepo
image.png
please keep in mind that cpg.call.name("malloc").argument.isLiteral .l and cpg.call.name("malloc").where{x=>x.argument.isLiteral}.l is not the same.
@jaiverma yes, it looks like a bug, because it works on ocular. Could be a dependency issue ..
Rasmus Lindqvist
@rasmusli_gitlab

Hi! Trying to plot the cpg as either AST or CPG gives me an error:

joern> cpg.method.name("iw_is_valid_density").plotDotCpg14
Executing image viewer failed. Is it installed? 
java.io.IOException: Cannot run program "xdg-open": error=2, No such file or directory

I am currently running Joern v1.1.42 and JRE 12. I´m running it on a mac and suspect that's where the problem with Java xdg-open arises. I was wondering if someone has had the same issue?

Jai Verma
@jaiverma

@rasmusli_gitlab, you need to install xdg-utils. xdg-open is part of the xdg-utils package and is for use with x11.
i had a similar issue on macOS and did the following. store the dot representation of the graph as a file and use the dot utilities from graphviz to display the graph

joern> cpg.method.name("main").dotCfg.head > "/tmp/cfg.dot"

then

dot -Tsvg /tmp/cfg.dot > /tmp/cfg.svg
Rasmus Lindqvist
@rasmusli_gitlab
@jaiverma , thank you. I´ll try installing xdg-utils and otherwise resort to your other solution. Thanks :)
xiaotianming
@xiaotianming
When I use the command "importCpg " import the cpg from the source code by fuzzyc2scpg,I can get the cpg14,but the cfg disappears I open the project again。Why does this happen?
xiaotianming
@xiaotianming
image.png
image.png
ocean
@_ocean_twitter
hi I have a relatively large/complex code base that I want to load in joern and finding trouble:
  • if I just load the code base with joern-parse or the preprocessor, I miss quite a few type definitions (maybe because of #ifdefs)
  • if I try to include llvm header files I get the following error: Cannot run program "/..../clang": error=7, Argument list too long
  • if I try to preproc the preprocessed .pp emitted with "clang -E (--frewrite-headers cannot be used because of how the code is structured) joern-parse will be able to parse the code base in a couple hours, but the last process (I guess the enhancement pass) is still running after ~12 hours
is it normal that the enhancement pass is taking so long on .pp files? do you have any suggestions on how to proceed? thanks!
ocean
@_ocean_twitter
*I double checked and it got stuck in the noenhance phase :(
Rasmus Lindqvist
@rasmusli_gitlab
Hi there! Does anyone have a "graph-for-funcs.sc" script that works after the migration to ODB Traversal ? I have an old script that uses Vertex which does not exist in ODB Traversal
Fabian Yamaguchi
@fabsx00
You don't need those scripts anymore, and in fact, we should remove them. There's joern-export now :) https://docs.joern.io/exporting
Rasmus Lindqvist
@rasmusli_gitlab
Oh alright, thanks! Is it possible to export it as .json though ? :) Sorry if I missed something in the documentation
xiaotianming
@xiaotianming
How to distinguish whether method is defined in source code or just called?
Fabian Yamaguchi
@fabsx00
@rasmusli_gitlab @jaiverma concerning the plotting functionality: You can also set config.tools.imageViewer to another image viewer on the shell
so joern > config.tools.imageViewer = "/path/to/a/different/viewer"
@rasmusli_gitlab right now, it's just dot, so you'd have to convert.
Might get to json some time, but until then: PRs are welcome ;)
@xiaotianming cpg.method.isExternal
Alessandro Mantovani
@elManto
Hi all! I'm a new Joern user. I'm writing to you because I don't know how to model a problem (speaking about C language). Basically I want to capture off-by-one errors that write in a buffer. The typical scenario could be:
int i; 
int buf[N];
for(i = 0; i <= N; i++){ 
buf[i] = 1;
}
buf[i]= 0;
Alessandro Mantovani
@elManto
To me, it seems that to properly detect this, you need to have some info about the state . I mean, you should know that the i variable is increasing, and that eventually it exceeds the buffer length. But honestly I don't have any ideas about how to implement this in Joern. Maybe is there a better strategy more Joern-oriented?
Niko Schmidt
@itsacoderepo
@elManto you can query for the for condition
eg.
joern> cpg.method.controlStructure.expressionDown.order(2).code.l 
res45: List[String] = List("i <= N")
Niko Schmidt
@itsacoderepo
You could also do something like this:
joern> val loopTo = cpg.method.controlStructure.expressionDown.order(2).isCallTo(Operators.lessEqualsThan).argument.order(2).code.l.head 
loopTo: String = "N"

joern> cpg.method.local.typeFullNameExact(s"""int [ $loopTo ]""").code.l 
res60: List[String] = List("buf")
Niko Schmidt
@itsacoderepo
cpg.method                                        // query all methods
   .controlStructure                              // filter for control structures
   .parserTypeName("ForStatement")                // only for statements
   .expressionDown                                // "going one layer down"
   .order(2)                                      // choosing the second argument of the expression => for(i = 0; i <= N; i++){  
   .isCallTo(Operators.lessEqualsThan)            // it has to be a call to "<="   
   .argument                                      // going to the arguments of the call to "<="
   .order(2)                                      // second argument is the "N"
   .code                                          // get the code of the second argument
   .l                                             // as list (in this case it is only argument but could be more)
   .head                                          // get the first entry in the list
i guess we need to add a "howto find off-by-one errors" example, with comments and everything
Alessandro Mantovani
@elManto
I see, cool! Thanks
Alessandro Mantovani
@elManto

Hey, sorry guys, I cannot model this UAF:

struct a_type * a;
...
free(a);
a->field--;

My idea was to track the flows between the free args and the <operator>.indirectFieldAccess calls. But I'm getting en empty list for now

Rasmus Lindqvist
@rasmusli_gitlab

@rasmusli_gitlab right now, it's just dot, so you'd have to convert.

I re-wrote the old 'graph_for_funcs.sc' script to make it convert to json in that way. But I guess you'd want a more long-term solution that is not a script as a PR

Viktor Bard
@viktorbard_gitlab
Hi everyone! I'm using python subprocess to write commands into the Joern interactive shell. As my dataset is quite large i decided to split the process into many subsets. This is working fine for a small number of splits but for >3 splits the Joern interactive shell freezes and doesn't process. Is there a limit of calls that can be processed after each other in the interactive shell or should this be possible without closing it in between the calls?
Fabian Yamaguchi
@fabsx00
No intended limit, at least. Can you provide exact steps to reproduce?
@rasmusli_gitlab if you could share the script, that would be great. We can base a long term solution on it.
Viktor Bard
@viktorbard_gitlab
@fabsx00 After some consideration I think the problem lies in the size of the functions to be parsed. I tried filtering out large functions and then it works fine.
shan
@shan12138
@rasmusli_gitlab Hello, are you also reproducing the devign paper? I encountered the same problem as you during this process. After the revision, joern does not seem to support vertex node traversal, so that the "graph-for-funcs.sc" script does not run successfully. Do you have a solution to this problem now, and if yes, can you share it?Thank you very much.
Rasmus Lindqvist
@rasmusli_gitlab
@shan12138 , @fabsx00 , Yeah sure, I can share the script. I´ll be able to do it tomorrow afternoon :)
2 replies
scolleyuk3
@scolleyuk3
just a quick question: what algorithm do Joern/Ocular use to carry out taint tracking? taint tracking in Joern is interprocedural these days right?
xiaotianming
@xiaotianming
Does Joern support variable renaming?
@fabsx00 What is the way to call Joern in Python to analyze the source code of string format, not to generate files in workspace? There are so many files generated in this way that it is very slow.
m1cm1c
@m1cm1c
what is the difference between ORDER and ARGUMENT_INDEX? if present, ARGUMENT_INDEX always seems to be the same as ORDER
colorlight
@colorlight
hi everyone, I'm a starter of joern, I'm following the document of quick start, but when I import code in the joern-cli, I get a response of
joern> importCode(inputPath="./x42/c", projectName="x42-c")
Creating project x42-c for code at ./x42/c
Project with name x42-c already exists - overwriting
Support for this language is only available in ShiftLeft Ocular with an appropriate license
res0: Option[Cpg] = None