Comments (7)
DavidBakerEffendi
commented on June 2, 2024
1
@HJX-zhanS Yes I noticed it's run on the arguments instead of the call itself. I'm looking at fixing this too in the patch for the above
from joern.
DavidBakerEffendi
commented on June 2, 2024
Upon investigating, it seems that there are .code properties with null values inside. Confirming now the locations of these and if it's the frontend or something with ODB
from joern.
DavidBakerEffendi
commented on June 2, 2024
At the point of the exception, I've obtained the culprit with
c.argument.filter(_.code == null).foreach { n =>
println(s"${n.id}:${n.method.fullName}:${n.lineNumber.getOrElse(-1)}")
}Looks like this is the open method declaration:
Node ID: 151
Parent Method Full Name: foo.js::program
Line Number: 20
However, when jumping into Joern, the code property is non-null
joern> cpg.graph.node(151)
val res1: overflowdb.Node = MethodRef(
id = 151L,
argumentIndex = 2,
argumentName = None,
code = "open",
columnNumber = Some(value = 0),
dynamicTypeHintFullName = ArraySeq(),
lineNumber = Some(value = 20),
methodFullName = "foo.js::program:open",
order = 2,
possibleTypes = ArraySeq(),
typeFullName = "foo.js::program:open"
)Bizzare. Let me try with more memory, as this may be a ODB issue.
from joern.
DavidBakerEffendi
commented on June 2, 2024
Another culprit
joern> cpg.graph.node(154)
val res1: overflowdb.Node = MethodRef(
id = 154L,
argumentIndex = 2,
argumentName = None,
code = "escape",
columnNumber = Some(value = 0),
dynamicTypeHintFullName = ArraySeq(),
lineNumber = Some(value = 61),
methodFullName = "foo.js::program:escape",
order = 2,
possibleTypes = ArraySeq(),
typeFullName = "foo.js::program:escape"
)from joern.
DavidBakerEffendi
commented on June 2, 2024
Ok, seems like it comes down to a concurrency issue when reading code from MethodRef nodes when they're instances of Expression nodes. @HJX-zhanS a workaround for now would be adding -p 1 to set parallelism to 1.
from joern.
HJX-zhanS
commented on June 2, 2024
Ok, seems like it comes down to a concurrency issue when reading code from
MethodRefnodes when they're instances ofExpressionnodes. @HJX-zhanS a workaround for now would be adding-p 1to set parallelism to 1.
Thank you, @DavidBakerEffendi . When I use -p 1, the above error no longer appear. However, I think there may be some issues. Because when I set --sink-filter "exec\([\S\s]+?\)" to try to get the slice of exec(opener + ' "' + escape(target) + '"', callback), the result is empty. When I set --sink-filter "exec", I can get a slice. However, the slice is only related to var exec = require('child_process').exec.
from joern.
DavidBakerEffendi
commented on June 2, 2024
@HJX-zhanS Fix is up: #4463 I also recommend lowering the --slice-depth since it seems to take a while to finish on 20 hops
from joern.
Related Issues (20)
- [ruby] Could not represent expression `Unknown` HOT 1
- [Bug] `.method` on `Annotation*` Cast as `Expression` throws `NoSuchElementException`
- Type Stub Schema For Overloadable & Dynamic Languages
- [ruby] Parenthesis-less Calls with `&.` Parser Rule Missing
- [ruby] Data flow through array assignments
- [python] incoherent flow when using a literal vs identifier argument
- [C#]:The number of lines in the node matches the number of lines in the actual code.
- [python] unable to resolve full names for `foo.bar()[0]`
- How to Perform Backward Slicing with Joern for Java Code Without Compiling the Project? HOT 5
- [ruby] Correctly Handle `.` versus `::` Syntax
- [javascript] export neo4jcsv error HOT 5
- [Bug][pysrc2cpg] `Invalid Code` parsing issues HOT 3
- [Bug][pysrc2cpg] Dangling node in method DDG
- [ruby] Method Bindings
- [Bug][pysrc2cpg] Type inferrence of class attributes does not propagate from nested field accesses
- [Bug] random warnings/exceptions on reachableBy operation over C source code HOT 6
- [ruby] HereDoc in Function Argument HOT 1
- [python] over-tainting dictionary literal arguments
- [Bug] The same version of joern behaves differently on different machines. HOT 7
- [Bug] Joern tab completion can freeze joern and print "exception caught when loading module class module-info$: java.lang.AssertionError: assertion failed: attempt to parse java.lang.Object from classfile"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from joern.