appthreat / joern-lib Goto Github PK

View Code? Open in Web Editor NEW

11.0 3.0 1.0 4.5 MB

Python library for code analysis with CPG and Joern

Home Page: https://discord.gg/tmmtjCEHNV

License: Apache License 2.0

Dockerfile 0.15% Python 9.25% Jupyter Notebook 90.60%

appsec code-analysis devsecops joern library sast security cpg codepropertygraph

joern-lib's Introduction

Introduction

This project offers a high level python library to perform code analysis with CPG and Joern server. Several API methods including integration with NetworkX and PyTorch Geometric are offered to perform code analysis and research on complex code bases in a pythonic manner from cli and from notebooks.

pip install joern-lib
# To install the optional science pack, clone this repo and use poetry > 1.5 to install the science group
poetry install --with science # cpu
poetry install --with science-cu117 # cuda 11.7
poetry install --with science-cu118 # cuda 11.8

Notebook support

The repository includes docker compose configuration to interactively query the joern server with polynote notebooks.

Usage

Run joern server and polynote locally.

git clone https://github.com/appthreat/joern-lib.git
# Edit docker-compose.yml to set sources directory
docker compose up -d

# podman-compose up --build

Navigate to http://localhost:8192 for an interactive polynote notebook. You could open one of the sample notebooks from the contrib directory to learn about Joern server and this library.

Common steps

Refer to the API documentation for programmatic usage.

python -m asyncio

Execute single query

from joern_lib import client, workspace, utils
from joern_lib.detectors import common as cpg

connection = await client.get("http://localhost:9000", "http://localhost:7072", "admin", "admin")

# connection = await client.get("http://localhost:9000")

res = await client.q(connection, "val a=1");

# {'response': 'a: Int = 1\n'}

Execute bulk query

res = await client.bulk_query(connection, ["val a=1", "val b=2", "val c=a+b"]);
# [{'response': 'a: Int = 1\n'}, {'response': 'b: Int = 2\n'}, {'response': 'c: Int = 3\n'}]

Workspace

List workspaces

res = await workspace.ls(connection)

Get workspace path

res = await workspace.get_path(connection)
# /workspace (Response would be parsed)

Check if cpg exists

await workspace.cpg_exists(connection, "NodeGoat")

Import code for analysis

res = await workspace.import_code(connection, "/app", "NodeGoat")
# True

Import an existing CPG for analysis

res = await workspace.import_cpg(connection, "/app/sandbox/crAPI/cpg_out/crAPI-python-cpg.bin.zip", "crAPI-python")

Create a CPG with a remote cpggen server

res = await workspace.create_cpg(connection, "/app/sandbox/crAPI", out_dir="/app/sandbox/crAPI/cpg_out", languages="python", project_name="crAPI-python")

CPG core

List files

res = await cpg.list_files(connection)
# list of files

Print call tree

res = await cpg.get_call_tree(connection, "com.example.vulnspring.WebController.issue:java.lang.String(org.springframework.ui.Model,java.lang.String)")
utils.print_tree(res)

Java specific

from joern_lib.detectors import java

List http routes

await java.list_http_routes(connection)

JavaScript specific

from joern_lib.detectors import js

List http routes

await js.list_http_routes(connection)

Name of the variable containing express()

await js.get_express_appvar(connection)

List of require statements

await js.list_requires(connection)

List of import statements

await js.list_imports(connection)

List of NoSQL DB collection names

await js.list_nosql_collections(connection)

Get HTTP sources

await js.get_http_sources(connection)
await js.get_http_sinks(connection)

AWS

Requires TypeScript project

await js.list_aws_modules(connection)

Troubleshooting

No response from server

If Joern server stops responding after a while restart docker.

docker compose down
docker compose up -d

Websockets connection closed error

Adding asyncio.sleep(0) seems to fix such errors.

# Workaround to fix websockets.exceptions.ConnectionClosedError
await asyncio.sleep(0)

Alternatively, use the sync api.

pygraphviz refuses to install

pygraphviz/graphviz_wrap.c:2711:10: fatal error: graphviz/cgraph.h: No such file or directory
   2711 | #include "graphviz/cgraph.h"
        |          ^~~~~~~~~~~~~~~~~~~
  compilation terminated.
  error: command '/usr/bin/gcc' failed with exit code 1

Install graphviz-devel or graphviz-dev package for your OS. See here

joern-lib's People

Contributors

Stargazers

Watchers

Forkers

jarvx

joern-lib's Issues

.df api could accept metadata to print

Metadata such as owasp and cwe category etc.

Exception with the scala 3 version

Use the branch https://github.com/AppThreat/joern-lib/tree/feature/joern3

docker compose up --build --pull always
# Visit http://localhost:8192 and click "Run all cells" in vuln-spring notebook.
# See the exceptions in the logs

Many reachableByFlows queries are failing.

joern-lib-joern-1     | 2023-06-01 12:31:33.613 WARN Engine: SolveTask failed with exception:
joern-lib-joern-1     | java.util.concurrent.ExecutionException: java.lang.ArrayIndexOutOfBoundsException
joern-lib-joern-1     | 	at java.util.concurrent.ForkJoinTask.reportExecutionException(ForkJoinTask.java:605) ~[?:?]
joern-lib-joern-1     | 	at java.util.concurrent.ForkJoinTask.get(ForkJoinTask.java:981) ~[?:?]
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.Engine.$anonfun$solveTasks$5(Engine.scala:99) ~[io.joern.dataflowengineoss-1.1.1740.jar:1.1.1740]
joern-lib-joern-1     | 	at scala.util.Try$.apply(Try.scala:210) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.Engine.runUntilAllTasksAreSolved$1(Engine.scala:99) ~[io.joern.dataflowengineoss-1.1.1740.jar:1.1.1740]
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.Engine.solveTasks(Engine.scala:114) ~[io.joern.dataflowengineoss-1.1.1740.jar:1.1.1740]
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.Engine.backwards(Engine.scala:53) ~[io.joern.dataflowengineoss-1.1.1740.jar:1.1.1740]
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.language.ExtendedCfgNode$.reachableByInternal$extension(ExtendedCfgNode.scala:84) ~[io.joern.dataflowengineoss-1.1.1740.jar:1.1.1740]
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.language.ExtendedCfgNode$.reachableByFlows$extension(ExtendedCfgNode.scala:48) ~[io.joern.dataflowengineoss-1.1.1740.jar:1.1.1740]
joern-lib-joern-1     | 	at ammonite.$sess.cmd181$.<clinit>(cmd181.sc:1) ~[?:?]
joern-lib-joern-1     | 	at ammonite.$sess.cmd181.$main(cmd181.sc) ~[?:?]
joern-lib-joern-1     | 	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
joern-lib-joern-1     | 	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[?:?]
joern-lib-joern-1     | 	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
joern-lib-joern-1     | 	at java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
joern-lib-joern-1     | 	at ammonite.runtime.Evaluator$$anon$1.$anonfun$evalMain$1(Evaluator.scala:108) ~[com.lihaoyi.ammonite-runtime_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.util.Util$.withContextClassloader(Util.scala:24) ~[com.lihaoyi.ammonite-util_2.13-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.runtime.Evaluator$$anon$1.evalMain(Evaluator.scala:90) ~[com.lihaoyi.ammonite-runtime_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.runtime.Evaluator$$anon$1.$anonfun$processLine$2(Evaluator.scala:127) ~[com.lihaoyi.ammonite-runtime_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.util.Catching.map(Res.scala:117) ~[com.lihaoyi.ammonite-util_2.13-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.runtime.Evaluator$$anon$1.$anonfun$processLine$1(Evaluator.scala:121) ~[com.lihaoyi.ammonite-runtime_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.util.Res$Success.flatMap(Res.scala:62) ~[com.lihaoyi.ammonite-util_2.13-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.runtime.Evaluator$$anon$1.processLine(Evaluator.scala:120) ~[com.lihaoyi.ammonite-runtime_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.interp.Interpreter.$anonfun$evaluateLine$5(Interpreter.scala:307) ~[com.lihaoyi.ammonite-interp_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.util.Res$Success.flatMap(Res.scala:62) ~[com.lihaoyi.ammonite-util_2.13-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.interp.Interpreter.$anonfun$evaluateLine$2(Interpreter.scala:290) ~[com.lihaoyi.ammonite-interp_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.util.Catching.flatMap(Res.scala:115) ~[com.lihaoyi.ammonite-util_2.13-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.interp.Interpreter.evaluateLine(Interpreter.scala:289) ~[com.lihaoyi.ammonite-interp_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.interp.Interpreter.$anonfun$processLine$6(Interpreter.scala:277) ~[com.lihaoyi.ammonite-interp_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.util.Res$Success.flatMap(Res.scala:62) ~[com.lihaoyi.ammonite-util_2.13-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.interp.Interpreter.$anonfun$processLine$4(Interpreter.scala:260) ~[com.lihaoyi.ammonite-interp_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.util.Res$Success.flatMap(Res.scala:62) ~[com.lihaoyi.ammonite-util_2.13-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.interp.Interpreter.$anonfun$processLine$2(Interpreter.scala:253) ~[com.lihaoyi.ammonite-interp_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.util.Catching.flatMap(Res.scala:115) ~[com.lihaoyi.ammonite-util_2.13-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.interp.Interpreter.processLine(Interpreter.scala:252) ~[com.lihaoyi.ammonite-interp_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.repl.Repl.$anonfun$action$8(Repl.scala:199) ~[com.lihaoyi.ammonite-repl_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.util.Res$Success.flatMap(Res.scala:62) ~[com.lihaoyi.ammonite-util_2.13-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.repl.Repl.$anonfun$action$4(Repl.scala:186) ~[com.lihaoyi.ammonite-repl_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.repl.Scoped.$anonfun$flatMap$1(Signaller.scala:45) ~[com.lihaoyi.ammonite-repl_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.repl.Signaller.apply(Signaller.scala:28) ~[com.lihaoyi.ammonite-repl_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.repl.Scoped.flatMap(Signaller.scala:45) ~[com.lihaoyi.ammonite-repl_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.repl.Scoped.flatMap$(Signaller.scala:45) ~[com.lihaoyi.ammonite-repl_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.repl.Signaller.flatMap(Signaller.scala:16) ~[com.lihaoyi.ammonite-repl_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.repl.Repl.$anonfun$action$2(Repl.scala:178) ~[com.lihaoyi.ammonite-repl_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.util.Catching.flatMap(Res.scala:115) ~[com.lihaoyi.ammonite-util_2.13-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.repl.Repl.action(Repl.scala:170) ~[com.lihaoyi.ammonite-repl_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.repl.Repl.loop$1(Repl.scala:212) ~[com.lihaoyi.ammonite-repl_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.repl.Repl.run(Repl.scala:227) ~[com.lihaoyi.ammonite-repl_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at ammonite.Main.$anonfun$run$1(Main.scala:236) ~[com.lihaoyi.ammonite_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at scala.Option.getOrElse(Option.scala:201) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at ammonite.Main.run(Main.scala:224) ~[com.lihaoyi.ammonite_2.13.8-2.5.8.jar:2.5.8]
joern-lib-joern-1     | 	at io.joern.console.embammonite.EmbeddedAmmonite.$anonfun$shellThread$1(EmbeddedAmmonite.scala:48) ~[io.joern.console-1.1.1740.jar:1.1.1740]
joern-lib-joern-1     | 	at java.lang.Thread.run(Thread.java:833) [?:?]
joern-lib-joern-1     | Caused by: java.lang.ArrayIndexOutOfBoundsException
joern-lib-joern-1     | 	at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
joern-lib-joern-1     | 	at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77) ~[?:?]
joern-lib-joern-1     | 	at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
joern-lib-joern-1     | 	at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499) ~[?:?]
joern-lib-joern-1     | 	at java.lang.reflect.Constructor.newInstance(Constructor.java:480) ~[?:?]
joern-lib-joern-1     | 	at java.util.concurrent.ForkJoinTask.getThrowableException(ForkJoinTask.java:564) ~[?:?]
joern-lib-joern-1     | 	at java.util.concurrent.ForkJoinTask.reportExecutionException(ForkJoinTask.java:604) ~[?:?]
joern-lib-joern-1     | 	... 52 more
joern-lib-joern-1     | Caused by: java.lang.ArrayIndexOutOfBoundsException: Index 8 out of bounds for length 8
joern-lib-joern-1     | 	at overflowdb.util.ArrayOffsetIterator.peekNext(ArrayOffsetIterator.java:36) ~[io.shiftleft.overflowdb-core-1.171.jar:1.171]
joern-lib-joern-1     | 	at overflowdb.util.ArrayOffsetIterator.hasNext(ArrayOffsetIterator.java:24) ~[io.shiftleft.overflowdb-core-1.171.jar:1.171]
joern-lib-joern-1     | 	at scala.collection.convert.JavaCollectionWrappers$JIteratorWrapper.hasNext(JavaCollectionWrappers.scala:37) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at scala.collection.Iterator$$anon$7.hasNext(Iterator.scala:516) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at scala.collection.Iterator$$anon$10.hasNext(Iterator.scala:593) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at scala.collection.immutable.List.prependedAll(List.scala:152) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at scala.collection.IterableOnceOps.toList(IterableOnce.scala:1251) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at scala.collection.IterableOnceOps.toList$(IterableOnce.scala:1251) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at scala.collection.AbstractIterator.toList(Iterator.scala:1293) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at overflowdb.traversal.Traversal.l(Traversal.scala:27) ~[io.shiftleft.overflowdb-traversal_2.13-1.171.jar:1.171]
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.TaskCreator.paramToArgsOfCallers(TaskCreator.scala:77) ~[io.joern.dataflowengineoss-1.1.1740.jar:1.1.1740]
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.TaskCreator.paramToArgs(TaskCreator.scala:70) ~[io.joern.dataflowengineoss-1.1.1740.jar:1.1.1740]
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.TaskCreator.$anonfun$tasksForParams$1(TaskCreator.scala:54) ~[io.joern.dataflowengineoss-1.1.1740.jar:1.1.1740]
joern-lib-joern-1     | 	at scala.collection.StrictOptimizedIterableOps.flatMap(StrictOptimizedIterableOps.scala:118) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at scala.collection.StrictOptimizedIterableOps.flatMap$(StrictOptimizedIterableOps.scala:105) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at scala.collection.immutable.Vector.flatMap(Vector.scala:113) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.TaskCreator.tasksForParams(TaskCreator.scala:44) ~[io.joern.dataflowengineoss-1.1.1740.jar:1.1.1740]
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.TaskCreator.createFromResults(TaskCreator.scala:17) ~[io.joern.dataflowengineoss-1.1.1740.jar:1.1.1740]
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.TaskSolver.call(TaskSolver.scala:43) ~[io.joern.dataflowengineoss-1.1.1740.jar:1.1.1740]
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.TaskSolver.call(TaskSolver.scala:23) ~[io.joern.dataflowengineoss-1.1.1740.jar:1.1.1740]
joern-lib-joern-1     | 	at java.util.concurrent.ForkJoinTask$AdaptedCallable.exec(ForkJoinTask.java:1428) ~[?:?]
joern-lib-joern-1     | 	at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373) ~[?:?]
joern-lib-joern-1     | 	at java.util.concurrent.ForkJoinTask.invoke(ForkJoinTask.java:686) ~[?:?]
joern-lib-joern-1     | 	at java.util.concurrent.ForkJoinTask$AdaptedCallable.run(ForkJoinTask.java:1436) ~[?:?]
joern-lib-joern-1     | 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) ~[?:?]
joern-lib-joern-1     | 	at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
joern-lib-joern-1     | 	at java.util.concurrent.ForkJoinTask$RunnableExecuteAction.exec(ForkJoinTask.java:1395) ~[?:?]
joern-lib-joern-1     | 	at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373) ~[?:?]
joern-lib-joern-1     | 	at java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1182) ~[?:?]
joern-lib-joern-1     | 	at java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1655) ~[?:?]
joern-lib-joern-1     | 	at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1622) ~[?:?]
joern-lib-joern-1     | 	at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:165) ~[?:?]
joern-lib-joern-1     | java.util.concurrent.ExecutionException: java.lang.ArrayIndexOutOfBoundsException
joern-lib-joern-1     | 	at java.base/java.util.concurrent.ForkJoinTask.reportExecutionException(ForkJoinTask.java:605)
joern-lib-joern-1     | 	at java.base/java.util.concurrent.ForkJoinTask.get(ForkJoinTask.java:981)
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.Engine.$anonfun$solveTasks$5(Engine.scala:99)
joern-lib-joern-1     | 	at scala.util.Try$.apply(Try.scala:210)
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.Engine.runUntilAllTasksAreSolved$1(Engine.scala:99)
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.Engine.solveTasks(Engine.scala:114)
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.Engine.backwards(Engine.scala:53)
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.language.ExtendedCfgNode$.reachableByInternal$extension(ExtendedCfgNode.scala:84)
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.language.ExtendedCfgNode$.reachableByFlows$extension(ExtendedCfgNode.scala:48)
joern-lib-joern-1     | 	at ammonite.$sess.cmd181$.<clinit>(cmd181.sc:1)
joern-lib-joern-1     | 	at ammonite.$sess.cmd181.$main(cmd181.sc)
joern-lib-joern-1     | 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
joern-lib-joern-1     | 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
joern-lib-joern-1     | 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
joern-lib-joern-1     | 	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
joern-lib-joern-1     | 	at ammonite.runtime.Evaluator$$anon$1.$anonfun$evalMain$1(Evaluator.scala:108)
joern-lib-joern-1     | 	at ammonite.util.Util$.withContextClassloader(Util.scala:24)
joern-lib-joern-1     | 	at ammonite.runtime.Evaluator$$anon$1.evalMain(Evaluator.scala:90)
joern-lib-joern-1     | 	at ammonite.runtime.Evaluator$$anon$1.$anonfun$processLine$2(Evaluator.scala:127)
joern-lib-joern-1     | 	at ammonite.util.Catching.map(Res.scala:117)
joern-lib-joern-1     | 	at ammonite.runtime.Evaluator$$anon$1.$anonfun$processLine$1(Evaluator.scala:121)
joern-lib-joern-1     | 	at ammonite.util.Res$Success.flatMap(Res.scala:62)
joern-lib-joern-1     | 	at ammonite.runtime.Evaluator$$anon$1.processLine(Evaluator.scala:120)
joern-lib-joern-1     | 	at ammonite.interp.Interpreter.$anonfun$evaluateLine$5(Interpreter.scala:307)
joern-lib-joern-1     | 	at ammonite.util.Res$Success.flatMap(Res.scala:62)
joern-lib-joern-1     | 	at ammonite.interp.Interpreter.$anonfun$evaluateLine$2(Interpreter.scala:290)
joern-lib-joern-1     | 	at ammonite.util.Catching.flatMap(Res.scala:115)
joern-lib-joern-1     | 	at ammonite.interp.Interpreter.evaluateLine(Interpreter.scala:289)
joern-lib-joern-1     | 	at ammonite.interp.Interpreter.$anonfun$processLine$6(Interpreter.scala:277)
joern-lib-joern-1     | 	at ammonite.util.Res$Success.flatMap(Res.scala:62)
joern-lib-joern-1     | 	at ammonite.interp.Interpreter.$anonfun$processLine$4(Interpreter.scala:260)
joern-lib-joern-1     | 	at ammonite.util.Res$Success.flatMap(Res.scala:62)
joern-lib-joern-1     | 	at ammonite.interp.Interpreter.$anonfun$processLine$2(Interpreter.scala:253)
joern-lib-joern-1     | 	at ammonite.util.Catching.flatMap(Res.scala:115)
joern-lib-joern-1     | 	at ammonite.interp.Interpreter.processLine(Interpreter.scala:252)
joern-lib-joern-1     | 	at ammonite.repl.Repl.$anonfun$action$8(Repl.scala:199)
joern-lib-joern-1     | 	at ammonite.util.Res$Success.flatMap(Res.scala:62)
joern-lib-joern-1     | 	at ammonite.repl.Repl.$anonfun$action$4(Repl.scala:186)
joern-lib-joern-1     | 	at ammonite.repl.Scoped.$anonfun$flatMap$1(Signaller.scala:45)
joern-lib-joern-1     | 	at ammonite.repl.Signaller.apply(Signaller.scala:28)
joern-lib-joern-1     | 	at ammonite.repl.Scoped.flatMap(Signaller.scala:45)
joern-lib-joern-1     | 	at ammonite.repl.Scoped.flatMap$(Signaller.scala:45)
joern-lib-joern-1     | 	at ammonite.repl.Signaller.flatMap(Signaller.scala:16)
joern-lib-joern-1     | 	at ammonite.repl.Repl.$anonfun$action$2(Repl.scala:178)
joern-lib-joern-1     | 	at ammonite.util.Catching.flatMap(Res.scala:115)
joern-lib-joern-1     | 	at ammonite.repl.Repl.action(Repl.scala:170)
joern-lib-joern-1     | 	at ammonite.repl.Repl.loop$1(Repl.scala:212)
joern-lib-joern-1     | 	at ammonite.repl.Repl.run(Repl.scala:227)
joern-lib-joern-1     | 	at ammonite.Main.$anonfun$run$1(Main.scala:236)
joern-lib-joern-1     | 	at scala.Option.getOrElse(Option.scala:201)
joern-lib-joern-1     | 	at ammonite.Main.run(Main.scala:224)
joern-lib-joern-1     | 	at io.joern.console.embammonite.EmbeddedAmmonite.$anonfun$shellThread$1(EmbeddedAmmonite.scala:48)
joern-lib-joern-1     | 	at java.base/java.lang.Thread.run(Thread.java:833)
joern-lib-joern-1     | Caused by: java.lang.ArrayIndexOutOfBoundsException
joern-lib-joern-1     | 	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
joern-lib-joern-1     | 	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
joern-lib-joern-1     | 	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
joern-lib-joern-1     | 	at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
joern-lib-joern-1     | 	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480)
joern-lib-joern-1     | 	at java.base/java.util.concurrent.ForkJoinTask.getThrowableException(ForkJoinTask.java:564)
joern-lib-joern-1     | 	at java.base/java.util.concurrent.ForkJoinTask.reportExecutionException(ForkJoinTask.java:604)
joern-lib-joern-1     | 	... 52 more
joern-lib-joern-1     | Caused by: java.lang.ArrayIndexOutOfBoundsException: Index 8 out of bounds for length 8
joern-lib-joern-1     | 	at overflowdb.util.ArrayOffsetIterator.peekNext(ArrayOffsetIterator.java:36)
joern-lib-joern-1     | 	at overflowdb.util.ArrayOffsetIterator.hasNext(ArrayOffsetIterator.java:24)
joern-lib-joern-1     | 	at scala.collection.convert.JavaCollectionWrappers$JIteratorWrapper.hasNext(JavaCollectionWrappers.scala:37)
joern-lib-joern-1     | 	at scala.collection.Iterator$$anon$7.hasNext(Iterator.scala:516)
joern-lib-joern-1     | 	at scala.collection.Iterator$$anon$10.hasNext(Iterator.scala:593)
joern-lib-joern-1     | 	at scala.collection.immutable.List.prependedAll(List.scala:152)
joern-lib-joern-1     | 	at scala.collection.IterableOnceOps.toList(IterableOnce.scala:1251)
joern-lib-joern-1     | 	at scala.collection.IterableOnceOps.toList$(IterableOnce.scala:1251)
joern-lib-joern-1     | 	at scala.collection.AbstractIterator.toList(Iterator.scala:1293)
joern-lib-joern-1     | 	at overflowdb.traversal.Traversal.l(Traversal.scala:27)
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.TaskCreator.paramToArgsOfCallers(TaskCreator.scala:77)
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.TaskCreator.paramToArgs(TaskCreator.scala:70)
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.TaskCreator.$anonfun$tasksForParams$1(TaskCreator.scala:54)
joern-lib-joern-1     | 	at scala.collection.StrictOptimizedIterableOps.flatMap(StrictOptimizedIterableOps.scala:118)
joern-lib-joern-1     | 	at scala.collection.StrictOptimizedIterableOps.flatMap$(StrictOptimizedIterableOps.scala:105)
joern-lib-joern-1     | 	at scala.collection.immutable.Vector.flatMap(Vector.scala:113)
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.TaskCreator.tasksForParams(TaskCreator.scala:44)
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.TaskCreator.createFromResults(TaskCreator.scala:17)
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.TaskSolver.call(TaskSolver.scala:43)
joern-lib-joern-1     | 	at io.joern.dataflowengineoss.queryengine.TaskSolver.call(TaskSolver.scala:23)
joern-lib-joern-1     | 	at java.base/java.util.concurrent.ForkJoinTask$AdaptedCallable.exec(ForkJoinTask.java:1428)
joern-lib-joern-1     | 	at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373)
joern-lib-joern-1     | 	at java.base/java.util.concurrent.ForkJoinTask.invoke(ForkJoinTask.java:686)
joern-lib-joern-1     | 	at java.base/java.util.concurrent.ForkJoinTask$AdaptedCallable.run(ForkJoinTask.java:1436)
joern-lib-joern-1     | 	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
joern-lib-joern-1     | 	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
joern-lib-joern-1     | 	at java.base/java.util.concurrent.ForkJoinTask$RunnableExecuteAction.exec(ForkJoinTask.java:1395)
joern-lib-joern-1     | 	at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373)
joern-lib-joern-1     | 	at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1182)
joern-lib-joern-1     | 	at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1655)
joern-lib-joern-1     | 	at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1622)
joern-lib-joern-1     | 	at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:165)
joern-lib-joern-1     | Connection closed.
joern-lib-joern-1     | Connection closed.

Latest cpggen-oss is built from here - https://github.com/AppThreat/joern/blob/master/.github/workflows/release3.yml

Uses a fork of codepropertygraph based on the scala 3 branch - https://github.com/AppThreat/codepropertygraph

Exceptions with flask-webgoat notebook

Seeing many exceptions like below for python

joern-lib-joern-1     | Connection closed.
joern-lib-joern-1     | 2023-06-02 20:08:58.189 ERROR LocationCreator$: Cannot determine location for METHOD_REF due to broken CPG
joern-lib-joern-1     | java.util.NoSuchElementException: next on empty iterator
joern-lib-joern-1     | 	at scala.collection.Iterator$$anon$19.next(Iterator.scala:966) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at scala.collection.Iterator$$anon$19.next(Iterator.scala:964) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at scala.collection.Iterator$$anon$7.next(Iterator.scala:528) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at overflowdb.traversal.Traversal.next(Traversal.scala:22) ~[io.shiftleft.overflowdb-traversal_2.13-1.171.jar:1.171]
joern-lib-joern-1     | 	at io.shiftleft.semanticcpg.language.nodemethods.MethodRefMethods$.location$extension(MethodRefMethods.scala:14) ~[io.joern.semanticcpg-1.1.1742.jar:1.1.1742]
joern-lib-joern-1     | 	at io.shiftleft.semanticcpg.language.nodemethods.MethodRefMethods.location(MethodRefMethods.scala:9) ~[io.joern.semanticcpg-1.1.1742.jar:1.1.1742]
joern-lib-joern-1     | 	at io.shiftleft.semanticcpg.language.LocationCreator$.location(LocationCreator.scala:27) ~[io.joern.semanticcpg-1.1.1742.jar:1.1.1742]
joern-lib-joern-1     | 	at io.shiftleft.semanticcpg.language.LocationCreator$.apply(LocationCreator.scala:17) ~[io.joern.semanticcpg-1.1.1742.jar:1.1.1742]
joern-lib-joern-1     | 	at io.shiftleft.semanticcpg.language.nodemethods.NodeMethods$.location$extension(NodeMethods.scala:12) ~[io.joern.semanticcpg-1.1.1742.jar:1.1.1742]
joern-lib-joern-1     | 	at io.shiftleft.semanticcpg.language.NodeSteps$.$anonfun$location$1(NodeSteps.scala:49) ~[io.joern.semanticcpg-1.1.1742.jar:1.1.1742]
joern-lib-joern-1     | 	at scala.collection.Iterator$$anon$9.next(Iterator.scala:577) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at scala.collection.immutable.List.prependedAll(List.scala:153) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at scala.collection.IterableOnceOps.toList(IterableOnce.scala:1251) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at scala.collection.IterableOnceOps.toList$(IterableOnce.scala:1251) ~[org.scala-lang.scala-library-2.13.8.jar:?]
joern-lib-joern-1     | 	at overflowdb.traversal.Traversal.toList(Traversal.scala:16) ~[io.shiftleft.overflowdb-traversal_2.13-1.171.jar:1.171]
joern-lib-joern-1     | 	at io.shiftleft.semanticcpg.language.Steps$.toJson$extension(Steps.scala:67) ~[io.joern.semanticcpg-1.1.1742.jar:1.1.1742]
joern-lib-joern-1     | 	at io.shiftleft.semanticcpg.language.Steps$.toJsonPretty$extension(Steps.scala:62) ~[io.joern.semanticcpg-1.1.1742.jar:1.1.1742]

detect custom validation and sanitization function

Come up with a logic to detect whether a given function is a good quality validation function or not. The input should not be returned as-is for a sanitization method. Validation method should have sufficient complexity and control structures present.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.