[Discovery] Discrepancy between query results in joern shell and tp-framework

testable-eu / sast-tp-framework

TP-Framework: Testability Pattern Framework for SAST

https://owasp.org/www-project-testability-patterns-for-web-applications/

Apache License 2.0

11 stars 3 forks source link

[Discovery] Discrepancy between query results in joern shell and tp-framework #34

Open SoheilKhodayari opened 1 year ago

SoheilKhodayari commented 1 year ago

When running the discovery rule for JS pattern 76 in joern console, all compulsory fields including the lineNumber are included in the output. However, when running the same query with the tp-framework, the query results are different, e.g., lineNumber is missing.

joern console output

tp-framework output:

pr0me commented 1 year ago

Oh, that's not nice. Are you on the refactoring branch?

First guess is, that the standalone ./js2cpg behaves differently than the (relatively new) jssrc default frontend in joern. Not sure about js2cpg's dependencies.

SoheilKhodayari commented 1 year ago

Are you on the refactoring branch?

Yes, I am testing that one!