Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
Niko Schmidt
@itsacoderepo
or
joern> val myOperators = List("<operator>.preDecrement", "<operator>.assignment") 
myOperators: List[String] = List("<operator>.preDecrement", "<operator>.assignment")

joern> cpg.method.name(myOperators:_*).name.p 
res18: List[String] = List("<operator>.preDecrement", "<operator>.assignment")
I personally like to create a list of interesting methods at the beginning of a script and use it as "var arg" later on, like myOperators:_*
Juilia F
@FJuilia_twitter
okay, i'll try that :) thank you
Niko Schmidt
@itsacoderepo
np
hyunji-Hong
@hyunji-Hong

hi! I'm a starter of Joern, and I have difficulty connecting Joern server mode. (./joern --server).
I want to connect my VM server(Ubuntu) with my local pc(MacOs). 

(I turn on the joern server in my vm server and try to access the server through python in local PC,MacOS)
But, when I ran my python program, the program failed due to a connection error.

Here are some of the details:

[ip info]
vmware ubuntu(NAT): 172.16.191.2

[error message]
File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/asyncio/selector_events.py", line 526, in _sock_connect_cb
raise OSError(err, f'Connect call failed {address}')
ConnectionRefusedError: [Errno 61] Connect call failed ('172.16.191.2', 8080)

[in my python program code]
server_endpoint = "172.16.191.2:8080" //following github(cpgqls-client) example

[More info]
1) I checked vm netstat when I turned on Joern server, and I saw that port 8080 port is open.
2) I checked connection between vm and local PC, and it’s ok(checking through ping)
3) I checked tcpdump in local PC, when local PC access to VM Joern server Port, it returns RST packet, so the connection failed.

So… is there a solution about this issue?

xshub
@xshub
Hi, I want to run a script to extract PDG/AST/CFG and save it to a JSON file by using Joern . I fine-tuning the "graph-for-funcs.sc" of the old version Joern, and it can work. But the result missing a lot of information compared to the result which extracting by Joern Shell Command (e.g. "cpg.method(xx).dotPdg.l").
  val cfgChildren = method.out(EdgeTypes.CFG).asScala.collect { case node: nodes.CfgNode => node }.toList

  // val local = new NodeSteps(
  val local = new Traversal(
    //methodVertex
    method
      .out(EdgeTypes.CONTAINS)
      .hasLabel(NodeTypes.BLOCK)
      .out(EdgeTypes.AST)
      .hasLabel(NodeTypes.LOCAL)
      .cast[nodes.Local])
  val sink = local.evalType(".*").referencingIdentifiers.dedup
  //val source = new NodeSteps(methodVertex.out(EdgeTypes.CONTAINS).hasLabel(NodeTypes.CALL).cast[nodes.Call]).nameNot("<operator>.*").dedup
  val source = new Traversal(method.out(EdgeTypes.CONTAINS).hasLabel(NodeTypes.CALL).cast[nodes.Call]).nameNot("<operator>.*").dedup

  val pdgChildren = sink
    .reachableByFlows(source)
    .l
    .flatMap { path =>
      path.elements
        .map {
          case trackingPoint @ (_: MethodParameterIn) => trackingPoint.start.method.head
          case trackingPoint                          => trackingPoint.cfgNode
        }
    }
    .filter(_.toString != methodId)

  GraphForFuncsFunction(methodName, methodFile, methodId, astChildren, cfgChildren, pdgChildren.distinct)
xshub
@xshub
Why the result is different? Who can provide a new script to extract AST/CFG/PDG and save it to a JSON file . Thanks very much.
xshub
@xshub
@rasmusli_gitlab Hi, I also find the new "graph-for-funcs.sc". Can you share it?
Niko Schmidt
@itsacoderepo
@xshub please check the docs for exporting graphs https://docs.joern.io/exporting
vedkpl
@vedkpl
Hi, al
i have the following snippet:
int 
main(int argc, char *argv[]) {
        int eaten = atoi(argv[1]);
        int value ;

        if (!strcmp(argv[1]), "drink") {
                eaten += 1;
                value = eaten * 3;
        } else {
                value = eaten;
        }   

        return value;
}
i ran the following query:
cpg.returns.l(0).reachableByFlows(cpg.call("atoi")).l
to check the possible flows from atoi() to the return of the function
but the query only lists one path ("if " case flow)
and not the other ("else" case flow)
i expected it to list 2 flows (i.e 2 Paths)
is my query correct?
Niko Schmidt
@itsacoderepo
@vedkpl it seems that we have a bug here
Karan Panjabi
@karanpanjabi
Hello, new to Joern community. I had a doubt and I was wondering if anyone could help
I tried running Joern on a toy C++ project with a class which has public and private members. However, while running a query to figure out whether the members are public or private, it just gives an empty List()
hac425xxx
@hac425xxx
image.png
the code
void array_oob()
{
    int user = read_byte();
    global_array[user] = 1;
}
It seem the user (read_byte) flow to global_array (ArrayAccess) is ignore?
which lead to follow query return nothing
def F() = {
    val src = cpg.call.name("read_byte")
    val sink = cpg.call.name("<operator>.indirectIndexAccess").argument.order(2)
    sink.reachableByFlows(src)
}
F.l
Anyway to fix this?
shengqun fang
@fangshengqun_gitlab
hello, new to Joern community. i'm wondering if joern can read .bc file to generate cpg
Xue
@zhengfeitian
Hello, I am wondering what schema the generated cpg conforms to. Is it base.json or also includes enhacemnet.json?
Niko Schmidt
@itsacoderepo

hello, new to Joern community. i'm wondering if joern can read .bc file to generate cpg

Hi @fangshengqun_gitlab, i guess you are looking for https://docs.joern.io/llvm2cpg/getting-bitcode :)

Michael Pollmeier
@mpollmeier
@zhengfeitian it combines all .json files in the schema directory into one large json.
you can actually see it in the codepropertygraph build: schema/target/scala-2.13/src_managed/main/cpg.json - after you ran sbt compile
shengqun fang
@fangshengqun_gitlab
@itsacoderepo thank you very much!!!
Xue
@zhengfeitian
@mpollmeier Thank you! I also wonder if there's a way to dump all the edges from the cpg. I tried cpg.dumpcpg14. But in the dot files, only the label DDG is given. Is there a way to output edges with their specific types (e.g. CALL, REF, BINDS_TO)?
shengqun fang
@fangshengqun_gitlab
Hello, i'm wondering if joern creates cpg for a method or it creates cpg for a whole file?
Muoi Tran
@muoitranduc
Hi guys, I am totally a newbie and need help in using Joern.
Basically, joern doesn't work with my c++ files but work perfectly fine with my c files.
What could be the problem? I am using OSX
Muoi Tran
@muoitranduc
Works fine with test.c
muoi@Muois-MacBook-Pro test % cat test.c 
void foo() {
  int x = source();
  if (x < MAX) {
    int y = 2 * x;
    sink(y);
  }
}%
importCode(inputPath="/Users/muoi/test", projectName="test") 
Using generator for language: C
Creating project `test` for code at `/Users/muoi/test`
moving cpg.bin.zip to cpg.bin because it is already a database file
Creating working copy of CPG to be safe
Loading base CPG from: /Users/muoi/workspace/test/cpg.bin.tmp
Adding default overlays to base CPG
2021-03-15 17:12:28.000 WARN Linker: Could not create edge. Destination lookup failed. edgeType=EVAL_TYPE, srcNodeType=CALL, srcNodeId=1000104, dstNodeType=TYPE, dstFullName=
2021-03-15 17:12:28.001 WARN Linker: Could not create edge. Destination lookup failed. edgeType=EVAL_TYPE, srcNodeType=CALL, srcNodeId=1000106, dstNodeType=TYPE, dstFullName=
2021-03-15 17:12:28.001 WARN Linker: Could not create edge. Destination lookup failed. edgeType=EVAL_TYPE, srcNodeType=CALL, srcNodeId=1000108, dstNodeType=TYPE, dstFullName=
2021-03-15 17:12:28.001 WARN Linker: Could not create edge. Destination lookup failed. edgeType=EVAL_TYPE, srcNodeType=CALL, srcNodeId=1000113, dstNodeType=TYPE, dstFullName=
2021-03-15 17:12:28.001 WARN Linker: Could not create edge. Destination lookup failed. edgeType=EVAL_TYPE, srcNodeType=CALL, srcNodeId=1000115, dstNodeType=TYPE, dstFullName=
2021-03-15 17:12:28.002 WARN Linker: Could not create edge. Destination lookup failed. edgeType=EVAL_TYPE, srcNodeType=CALL, srcNodeId=1000118, dstNodeType=TYPE, dstFullName=
The graph has been modified. You may want to use the `save` command to persist changes to disk.  All changes will also be saved collectively on exit
Code successfully imported. You can now query it using `cpg`.
For an overview of all imported code, type `workspace`.
res7: Option[Cpg] = Some(value = io.shiftleft.codepropertygraph.Cpg@6a1eef38)

joern> cpg.method.name("foo").dotCfg.l 
res8: List[String] = List(
  """digraph foo {  
"1000104" [label = "(<operator>.assignment,x = source())" ]
"1000106" [label = "(source,source())" ]
"1000108" [label = "(<operator>.lessThan,x < MAX)" ]
"1000113" [label = "(<operator>.assignment,y = 2 * x)" ]
"1000115" [label = "(<operator>.multiplication,2 * x)" ]
"1000118" [label = "(sink,sink(y))" ]
"1000101" [label = "(METHOD,foo)" ]
"1000120" [label = "(METHOD_RETURN,void)" ]
  "1000104" -> "1000108" 
  "1000106" -> "1000104" 
  "1000108" -> "1000120" 
  "1000108" -> "1000115" 
  "1000113" -> "1000118" 
  "1000115" -> "1000113" 
  "1000118" -> "1000120" 
  "1000101" -> "1000106" 
}
"""
)
Does NOT work with test.cpp
muoi@Muois-MacBook-Pro test % mv test.c test.cpp
joern> importCode(inputPath="/Users/muoi/test", projectName="test") 
Using generator for language: C
Creating project `test` for code at `/Users/muoi/test`
Project with name test already exists - overwriting
Turning working copy into new persistent CPG
moving cpg.bin.zip to cpg.bin because it is already a database file
Creating working copy of CPG to be safe
Loading base CPG from: /Users/muoi/workspace/test/cpg.bin.tmp
Adding default overlays to base CPG
The graph has been modified. You may want to use the `save` command to persist changes to disk.  All changes will also be saved collectively on exit
Code successfully imported. You can now query it using `cpg`.
For an overview of all imported code, type `workspace`.
res9: Option[Cpg] = Some(value = io.shiftleft.codepropertygraph.Cpg@fd42b93)

joern> cpg.method.name("foo").dotCfg.l 
res10: List[String] = List()
KRP R
@crashies_gitlab
Hi all, is there any way to get the file path from a Block object? I can only see a lineNumberfield in it.
maltek
@maltek
@crashies_gitlab Hi, it's at block.file.name
KRP R
@crashies_gitlab
@maltek Thanks a lot! That was incredibly helpful!
Noam5
@Noam5
Can anyone help me translate this Gremlin code into modern day Joern?
echo 'getcallsro("malloc").ithArguments("0")
.sideEffect{cnt = it.code}
.match{ it.type ="AdditiveExpression"}.statements()
.out("REACHES")
.match{ it.type = "callExpression" &&
it.code.startswith("memcpy")}.1thArguments("2")
.filter{it.code != cnt }.
matchfit.type = "AdditiveExpression"}.id'
It is taken from the Fabian Yamaguchi presentation from here: https://youtu.be/lGjc3kl1zXo?t=1459
mecelc
@mecelc
Hi I have a problem, I need to extract from the parsed graph the node.csv and the edge.csv, I have seen that it was possible to extract them with a previous version (https://joern.readthedocs.io/en/dev/import.html#importing-code).
How it's possible to do that with the last version?
Claudiu-Vlad Ursache
@ursachec
@mecelc the easiest way is probably to use the DOT exports and then parse that out to csv using a custom script https://docs.joern.io/exporting#plotting-and-exporting-on-the-joern-console