Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] [Java] Joern query not able to detect flow and on expanding scope waits forever with errors. #5266

Open
torque59 opened this issue Jan 28, 2025 · 0 comments
Open

[Bug] [Java] Joern query not able to detect flow and on expanding scope waits forever with errors. #5266

torque59 opened this issue Jan 28, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@torque59
Copy link

torque59 commented Jan 28, 2025
edited
Loading

Describe the bug
Joern query couldn't find a flow while CodeQL finds it. When i try expanding source beyond cpg.method.parameter, waits forever with errors.

Note: I'm pretty new to joern, so do let me know if my queries are incorrect as well as if you need additional info.

To Reproduce

Steps to reproduce the behavior:

  1. Clone the https://github.com/dotCMS/core
  2. joern -J-Xmx110G (Actually got a machine for this)
  3. importCode.java(inputPath="./dotCMS/", projectName="dotcms-joern")
  4. def sink = cpg.call(".*executeQuery.*").lineNumber(95)
joern> def sink = cpg.call(".*executeQuery.*").lineNumber(95)
def sink: Iterator[io.shiftleft.codepropertygraph.generated.nodes.Call]

joern> sink.l
val res1: List[io.shiftleft.codepropertygraph.generated.nodes.Call] = List(
  Call(
    argumentIndex = 2,
    argumentName = None,
    code = "st.executeQuery(sql)",
    columnNumber = Some(value = 23),
    dispatchType = "DYNAMIC_DISPATCH",
    dynamicTypeHintFullName = IndexedSeq(),
    lineNumber = Some(value = 95),
    methodFullName = "java.sql.Statement.executeQuery:java.sql.ResultSet(java.lang.String)",
    name = "executeQuery",
    order = 2,
    possibleTypes = IndexedSeq(),
    signature = "java.sql.ResultSet(java.lang.String)",
    typeFullName = "java.sql.ResultSet"
  )
)
  1. def source = cpg.method.parameter ++ cpg.identifier ++ cpg.call.argument
  2. sink.reachableByFlows(source).p

Error Output: https://gist.github.com/torque59/c01a1268522cf9adf106ab5a28c6d390 and this waits forever (waited for an hour) and then manually killed it.

Expected behavior
Able to detect a flow. The flow was verified with CodeQL.

Note: The flow in CodeQL is limited to this particular resource, but i'm trying to find all sources flowing to the sink, hence the broader source.

Image

Screenshots
N/A

Desktop (please complete the following information):

  • OS: Ubuntu-2404-noble-amd64-base
  • Joern Version: Version: 4.0.227
  • Java version: openjdk version "17.0.13" 2024-10-15

Additional context
N/A
@torque59 torque59 added the bug Something isn't working label Jan 28, 2025
@torque59 torque59 changed the title [Bug] Joern query not able to detect flow and on expanding scope waits forever with errors. [Bug] [Java] Joern query not able to detect flow and on expanding scope waits forever with errors. Jan 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@torque59