search

cs-au-dk / jelly

JavaScript/TypeScript static analyzer for call graph construction, library usage pattern matching, and vulnerability exposure analysis
MIT License
317 stars 22 forks source link

Bug report: redundant method call edge in the generated callgraph #7

Closed werifu closed 1 year ago

werifu commented 1 year ago

I have 3 files: index.js, mylib1.js and mylib2.js

// index.js
const mylib1 = require('./mylib1');
const mylib2 = require('./mylib2');

const lib1 = new mylib1.MyLib1();
lib1.method();
// mylib1.js
class MyLib1 {
  constructor() { }
  method() { 
    console.log('my lib1');
  }
}

module.exports = {
  MyLib1,
}
// mylib2.js
class MyLib2 {
  constructor() { }
  method() { 
    console.log('my lib2');
  }
}

module.exports = {
  MyLib2,
  method() {
    console.log('isolate')
  }
}

After analyzing the index.js with jelly --callgraph-html cg.html index.js There is a redundant edge [index.js => MyLib2.method] which is not called. This may only happen when exporting a class, while another function method exported in mylib2.js is ignored correctly.

image

werifu commented 1 year ago

Btw, if there are multiple methods with the same name like method() in both class MyLib1_1 and class MyLib1_2 in mylib1.js, this bug still occurs.

amoeller commented 1 year ago

This is not a bug but an imprecise result. Some objects, including class instances, are modeled using field-based analysis, which means that methods with the same name in neighboring packages are mixed together in the abstraction.