search

joernio / joern

Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc
https://joern.io/
Apache License 2.0
2.09k stars 286 forks source link

Exception on querying some projects #91

Closed japroc closed 5 years ago

japroc commented 5 years ago

Hello I tried to use joern to analyze a project. ./joern-parse worked successfully but ./joern-query -f scripts/list-funcs.scala and other script raises Exception.

Meanwhile, when i use sbt semanticcpg/console of project https://github.com/ShiftLeftSecurity/codepropertygraph, it works fine

Full Exception stacktrace:

Exception in thread "main" java.lang.RuntimeException: Edge of type REACHING_DEF with direction OUT not supported by class ControlStructureDb
    at io.shiftleft.overflowdb.OdbNode.storeAdjacentNode(OdbNode.java:419)
    at io.shiftleft.overflowdb.OdbNode.storeAdjacentNode(OdbNode.java:401)
    at io.shiftleft.overflowdb.OdbNode.addEdge(OdbNode.java:248)
    at io.shiftleft.overflowdb.NodeRef.addEdge(NodeRef.java:111)
    at io.shiftleft.passes.DiffGraphApplier.tinkerAddEdge$1(CpgPass.scala:212)
    at io.shiftleft.passes.DiffGraphApplier.$anonfun$addEdges$4(CpgPass.scala:208)
    at io.shiftleft.passes.DiffGraphApplier.$anonfun$addEdges$4$adapted(CpgPass.scala:205)
    at scala.collection.immutable.List.foreach(List.scala:388)
    at io.shiftleft.passes.DiffGraphApplier.addEdges(CpgPass.scala:205)
    at io.shiftleft.passes.DiffGraphApplier.applyDiff(CpgPass.scala:159)
    at io.shiftleft.passes.CpgPass.$anonfun$createApplyAndSerialize$1(CpgPass.scala:80)
    at scala.collection.Iterator$$anon$10.next(Iterator.scala:455)
    at scala.collection.Iterator$$anon$20.next(Iterator.scala:882)
    at scala.collection.Iterator$$anon$20.next(Iterator.scala:878)
    at scala.collection.Iterator.foreach(Iterator.scala:937)
    at scala.collection.Iterator.foreach$(Iterator.scala:937)
    at scala.collection.AbstractIterator.foreach(Iterator.scala:1425)
    at io.shiftleft.passes.CpgPass.createApplySerializeAndStore(CpgPass.scala:64)
    at io.shiftleft.layers.DataFlowRunner.$anonfun$run$1(DataFlowRunner.scala:13)
    at io.shiftleft.layers.DataFlowRunner.$anonfun$run$1$adapted(DataFlowRunner.scala:13)
    at scala.collection.immutable.List.foreach(List.scala:388)
    at io.shiftleft.layers.DataFlowRunner.run(DataFlowRunner.scala:13)
    at io.shiftleft.joern.CpgLoader$.load(CpgLoader.scala:22)
    at $line5.$read$$iw$$iw.<init>(<console>:14)
    at $line5.$read$$iw.<init>(<console>:21)
    at $line5.$read.<init>(<console>:23)
    at $line5.$read$.<init>(<console>:27)
    at $line5.$read$.<clinit>(<console>)
    at $line5.$eval$.$result$lzycompute(<console>:5)
    at $line5.$eval$.$result(<console>:5)
    at $line5.$eval.$result(<console>)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at scala.tools.nsc.interpreter.IMain$ReadEvalPrint.call(IMain.scala:735)
    at scala.tools.nsc.interpreter.IMain$ReadEvalPrint.callEither(IMain.scala:739)
    at scala.tools.nsc.interpreter.IMain$ReadEvalPrint.evalEither(IMain.scala:754)
    at scala.tools.nsc.interpreter.Scripted$WrappedRequest.$anonfun$evalEither$3(Scripted.scala:208)
    at scala.util.DynamicVariable.withValue(DynamicVariable.scala:58)
    at scala.Console$.withIn(Console.scala:226)
    at scala.tools.nsc.interpreter.Scripted$WrappedRequest.$anonfun$evalEither$2(Scripted.scala:208)
    at scala.util.DynamicVariable.withValue(DynamicVariable.scala:58)
    at scala.Console$.withErr(Console.scala:192)
    at scala.tools.nsc.interpreter.Scripted$WrappedRequest.$anonfun$evalEither$1(Scripted.scala:207)
    at scala.util.DynamicVariable.withValue(DynamicVariable.scala:58)
    at scala.Console$.withOut(Console.scala:163)
    at scala.tools.nsc.interpreter.Scripted$WrappedRequest.evalEither(Scripted.scala:206)
    at scala.tools.nsc.interpreter.Scripted$WrappedRequest.$anonfun$eval$1(Scripted.scala:226)
    at scala.tools.nsc.interpreter.Scripted.withScriptContext(Scripted.scala:124)
    at scala.tools.nsc.interpreter.Scripted$WrappedRequest.eval(Scripted.scala:225)
    at scala.tools.nsc.interpreter.Scripted.eval(Scripted.scala:181)
    at io.shiftleft.joern.JoernQuery$.$anonfun$new$1(JoernQuery.scala:19)
    at io.shiftleft.joern.JoernQuery$.$anonfun$new$1$adapted(JoernQuery.scala:8)
    at scala.Option.foreach(Option.scala:257)
    at io.shiftleft.joern.JoernQuery$.delayedEndpoint$io$shiftleft$joern$JoernQuery$1(JoernQuery.scala:8)
    at io.shiftleft.joern.JoernQuery$delayedInit$body.apply(JoernQuery.scala:6)
    at scala.Function0.apply$mcV$sp(Function0.scala:34)
    at scala.Function0.apply$mcV$sp$(Function0.scala:34)
    at scala.runtime.AbstractFunction0.apply$mcV$sp(AbstractFunction0.scala:12)
    at scala.App.$anonfun$main$1$adapted(App.scala:76)
    at scala.collection.immutable.List.foreach(List.scala:388)
    at scala.App.main(App.scala:76)
    at scala.App.main$(App.scala:74)
    at io.shiftleft.joern.JoernQuery$.main(JoernQuery.scala:6)
    at io.shiftleft.joern.JoernQuery.main(JoernQuery.scala)
fabsx00 commented 5 years ago

@mpollmeier can you look into this one? Looks overflowdb related.

mpollmeier commented 5 years ago

Looks more like a schema issue. As per the generated cpg.json, CONTROL_STRUCTURE nodes do not allow outgoing edges of type REACHING_DEF. Currently only AST, CONDITION and CONTAINS_NODE are allowed.

@ml86 should I add that out edge? If so, what are the allowed inNodes? ["CALL", "RETURN", "BLOCK"]? They are created in https://github.com/ShiftLeftSecurity/codepropertygraph/blob/027d374/semanticcpg/src/main/scala/io/shiftleft/passes/reachingdef/ReachingDefPass.scala#L74

ml86 commented 5 years ago

@mpollmeier No, the problem is in the algorithm which creates the REACHING_DEF edges. @japroc It would be helpful if you can provide us with a code snippet which triggers this exception.

japroc commented 5 years ago

@ml86 unfortunately i cant share code. It is kinda proprietary

bbrehm commented 5 years ago

Using a small public codebase:

$ git checkout e904e6be52b9b569d9ea9f290eca7d71686df6c8
$ sbt stage
$ git clone https://github.com/armon/libart.git
$ ./joern-parse ./libart/src/
$ ./joern-query -f ./scripts/list-funcs.scala

produces the stacktrace

LF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/home/bruhns/foo_sl/joern_dbg/joern/joern-cli/target/universal/stage/lib/org.apache.logging.log4j.log4j-slf4j-impl-2.11.2.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/home/bruhns/foo_sl/joern_dbg/joern/joern-cli/target/universal/stage/lib/org.slf4j.slf4j-simple-1.7.25.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
Exception in thread "main" java.lang.RuntimeException: Edge of type REACHING_DEF with direction OUT not supported by class ControlStructureDb
    at io.shiftleft.overflowdb.OdbNode.storeAdjacentNode(OdbNode.java:419)
    at io.shiftleft.overflowdb.OdbNode.storeAdjacentNode(OdbNode.java:401)
    at io.shiftleft.overflowdb.OdbNode.addEdge(OdbNode.java:248)
    at io.shiftleft.overflowdb.NodeRef.addEdge(NodeRef.java:111)
    at io.shiftleft.passes.DiffGraphApplier.tinkerAddEdge$1(CpgPass.scala:212)
    at io.shiftleft.passes.DiffGraphApplier.$anonfun$addEdges$4(CpgPass.scala:208)
    at io.shiftleft.passes.DiffGraphApplier.$anonfun$addEdges$4$adapted(CpgPass.scala:205)
    at scala.collection.immutable.List.foreach(List.scala:388)
    at io.shiftleft.passes.DiffGraphApplier.addEdges(CpgPass.scala:205)
    at io.shiftleft.passes.DiffGraphApplier.applyDiff(CpgPass.scala:159)
    at io.shiftleft.passes.CpgPass.$anonfun$createApplyAndSerialize$1(CpgPass.scala:80)
    at scala.collection.Iterator$$anon$10.next(Iterator.scala:455)
    at scala.collection.Iterator$$anon$20.next(Iterator.scala:882)
    at scala.collection.Iterator$$anon$20.next(Iterator.scala:878)
    at scala.collection.Iterator.foreach(Iterator.scala:937)
    at scala.collection.Iterator.foreach$(Iterator.scala:937)
    at scala.collection.AbstractIterator.foreach(Iterator.scala:1425)
    at io.shiftleft.passes.CpgPass.createApplySerializeAndStore(CpgPass.scala:64)
    at io.shiftleft.layers.DataFlowRunner.$anonfun$run$1(DataFlowRunner.scala:13)
    at io.shiftleft.layers.DataFlowRunner.$anonfun$run$1$adapted(DataFlowRunner.scala:13)
    at scala.collection.immutable.List.foreach(List.scala:388)
    at io.shiftleft.layers.DataFlowRunner.run(DataFlowRunner.scala:13)
    at io.shiftleft.joern.CpgLoader$.load(CpgLoader.scala:22)
    at $line5.$read$$iw$$iw.<init>(<console>:14)
    at $line5.$read$$iw.<init>(<console>:21)
    at $line5.$read.<init>(<console>:23)
    at $line5.$read$.<init>(<console>:27)
    at $line5.$read$.<clinit>(<console>)
    at $line5.$eval$.$result$lzycompute(<console>:5)
    at $line5.$eval$.$result(<console>:5)
    at $line5.$eval.$result(<console>)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at scala.tools.nsc.interpreter.IMain$ReadEvalPrint.call(IMain.scala:735)
    at scala.tools.nsc.interpreter.IMain$ReadEvalPrint.callEither(IMain.scala:739)
    at scala.tools.nsc.interpreter.IMain$ReadEvalPrint.evalEither(IMain.scala:754)
    at scala.tools.nsc.interpreter.Scripted$WrappedRequest.$anonfun$evalEither$3(Scripted.scala:208)
    at scala.util.DynamicVariable.withValue(DynamicVariable.scala:58)
    at scala.Console$.withIn(Console.scala:226)
    at scala.tools.nsc.interpreter.Scripted$WrappedRequest.$anonfun$evalEither$2(Scripted.scala:208)
    at scala.util.DynamicVariable.withValue(DynamicVariable.scala:58)
    at scala.Console$.withErr(Console.scala:192)
    at scala.tools.nsc.interpreter.Scripted$WrappedRequest.$anonfun$evalEither$1(Scripted.scala:207)
    at scala.util.DynamicVariable.withValue(DynamicVariable.scala:58)
    at scala.Console$.withOut(Console.scala:163)
    at scala.tools.nsc.interpreter.Scripted$WrappedRequest.evalEither(Scripted.scala:206)
    at scala.tools.nsc.interpreter.Scripted$WrappedRequest.$anonfun$eval$1(Scripted.scala:226)
    at scala.tools.nsc.interpreter.Scripted.withScriptContext(Scripted.scala:124)
    at scala.tools.nsc.interpreter.Scripted$WrappedRequest.eval(Scripted.scala:225)
    at scala.tools.nsc.interpreter.Scripted.eval(Scripted.scala:181)
    at io.shiftleft.joern.JoernQuery$.$anonfun$new$1(JoernQuery.scala:19)
    at io.shiftleft.joern.JoernQuery$.$anonfun$new$1$adapted(JoernQuery.scala:8)
    at scala.Option.foreach(Option.scala:257)
    at io.shiftleft.joern.JoernQuery$.delayedEndpoint$io$shiftleft$joern$JoernQuery$1(JoernQuery.scala:8)
    at io.shiftleft.joern.JoernQuery$delayedInit$body.apply(JoernQuery.scala:6)
    at scala.Function0.apply$mcV$sp(Function0.scala:34)
    at scala.Function0.apply$mcV$sp$(Function0.scala:34)
    at scala.runtime.AbstractFunction0.apply$mcV$sp(AbstractFunction0.scala:12)
    at scala.App.$anonfun$main$1$adapted(App.scala:76)
    at scala.collection.immutable.List.foreach(List.scala:388)
    at scala.App.main(App.scala:76)
    at scala.App.main$(App.scala:74)
    at io.shiftleft.joern.JoernQuery$.main(JoernQuery.scala:6)
    at io.shiftleft.joern.JoernQuery.main(JoernQuery.scala)

I quickly tested through the history:

cbca30d2631a48aed47be1ba46c6d8b5aa23c103 #works
8cd451099b6b866a850166daf966f388741a3a8b #fail in joern-parse
67f973c670f339cd72481b30eaf9120b3c595272 #fail in joern-parse
a55590ddfe27c3cb5458348ac3592b632fd21662 #fail in joern-parse
9b821a15ef6e159a73c9eb67fb78fca76ef65e55 #this issue
e904e6be52b9b569d9ea9f290eca7d71686df6c8 #still this issue
fabsx00 commented 5 years ago

Fixed on master.