profile
viewpoint

raymontag/keepassc 311

KeePassC is a curses-based password manager compatible to KeePass v.1.x and KeePassX

raymontag/rust-keepass 138

Crate to use KeePass databases in Rust

raymontag/kppy 29

A Python-module to provide an API to KeePass 1.x files commonly used by KeePassX.

raymontag/cve-2021-29627 11

Trigger-only for CVE-2021-29627

raymontag/Linked-Lists-in-C 4

An implementation of linked lists in C. The behavior is based on the one of linked lists in PureBasic and easy to handle.

raymontag/indextree 3

Arena based tree 🌲 structure by using indices instead of reference counted pointers

raymontag/cuteRenamer 1

A simple renamer written in Python with some nice options.

raymontag/dcron 1

simple cron

raymontag/hash-extension 1

Length extension attack (just for SHA1 at the moment)

pull request commentjoernio/joern

use newc frontend instead of oldc in CQueryTestSuite

I added a fix in the PR

raymontag

comment created time in 2 days

push eventraymontag/joern

grayfox

commit sha 83f2ede7d8f7f81c48806463843313ee8fd53ef0

fix for failing tests due to fake global method in the newc frontend

view details

push time in 2 days

issue commentjoernio/joern

c2cpg: Code inside disabled preprocessor directive not parsed

That should do the trick but is the define option exposed to joern-scan or the joern shell? Can't find a way to use it :(

raymontag

comment created time in 6 days

issue openedjoernio/joern

oldc vs newc Parsing-Difference for fixed size arrays

I noticed that in some cases the type of a fixed size array is not correctly parsed and the type of the identifier/local is set to ANY instead in the newc frontend.

joern> val code = """
                 |void bad1(size_t a) {
                 | uint8_t src[1], dst[1];
                 | memcpy(dst, src, a);
                 |}
                 |""".stripMargin 

joern> importCode.c.fromString(code) 
...

joern> cpg.call("memcpy").argument(1).evalType.l 
res36: List[String] = List("ANY")

joern> importCode.oldc.fromString(code) 
...

joern> cpg.call("memcpy").argument(1).evalType.l 
res38: List[String] = List("uint8_t [ 1 ]")

Probably related to #585

created time in 6 days

pull request commentjoernio/joern

use newc frontend instead of oldc in CQueryTestSuite

I noticed, that for the failing tests a .whereNot(_.name("<global>")) in the query does fix it but I guess it would be better to modify the test cases?

raymontag

comment created time in 6 days

issue openedjoernio/joern

oldc vs newc Parsing-Difference

I noticed that the oldc and newc frontend parse the type of identifiers differently if the type is a struct. In particular, the oldc frontend writes struct ... while the newc frontend leaves the struct keyword from the type. That makes it difficult, e.g., to query if a struct was freed.

joern> val code = """
                 |
                 |struct test {
                 |int a;
                 |};
                 |
                 |void free_struct() {
                 | struct test *ptr;
                 | ptr = kzalloc(sizeof(struct test), GFP_KERNEL);
                 | free(ptr);
                 |}
                 | 
                 |void kfree_struct() {
                 | struct test *ptr;
                 | ptr = kzalloc(sizeof(struct test), GFP_KERNEL);
                 | kfree(ptr);
                 |}          
                 |""".stripMargin 


joern> importCode.oldc.fromString(code) 
...

joern> cpg.call("free").argument(1).evalType.l 
res15: List[String] = List("struct test *")

joern> importCode.c.fromString(code) 
...

joern> cpg.call("free").argument(1).evalType.l 
res17: List[String] = List("test*")

Probably related to #585

created time in 7 days

issue commentjoernio/joern

joern-scan: Global structs in tests not parsed correctly

You're right, this PR should fix it :)

raymontag

comment created time in 9 days

PR opened joernio/joern

use newc frontend instead of oldc in CQueryTestSuite

Fix for #758

+1 -1

0 comment

1 changed file

pr created time in 9 days

create barnchraymontag/joern

branch : fix_cquerytestsuite

created branch time in 9 days

fork raymontag/joern

Open-source code analysis platform for C/C++/Java/Binary/Javascript based on code property graphs

https://joern.io/

fork in 9 days

issue openedjoernio/joern

c2cpg: Code inside disabled preprocessor directive not parsed

While the code at https://github.com/joernio/joern/blob/master/joern-cli/frontends/c2cpg/src/main/scala/io/joern/c2cpg/parser/CdtParser.scala#L40 reads as if code inside disabled preprocessor directives should be parsed, this doesn't work for me.

Take, e.g., https://github.com/LibVNC/libvncserver - the code in libvncclient/zrle.c is not parsed when importing the directory with importCode().

I would understand that this is the case if there is an #else directive but that's not the case for that example.

Even better would be if we were able to define our own preprocessor directores like with the -D option for gcc/clang.

created time in 10 days

issue openedjoernio/joern

joern-scan: Global structs in tests not parsed correctly

I wanted to create a test case for a joern-scan query that contains a global struct definition which is not parsed. Something like

static const struct test test = {
  .test = some_func,
};

It follows the query file, the test file, and at the end a joern session to show that it works correctly in the interactive shell. The joern query prints the locals list to show that it the struct's local node is not created

package io.joern.scanners.c

import io.joern.scanners._
import io.shiftleft.semanticcpg.language._
import io.joern.console._
import io.shiftleft.console._
import io.shiftleft.macros.QueryMacros._
import io.joern.dataflowengineoss.language._
import io.joern.dataflowengineoss.queryengine.EngineContext
import io.joern.dataflowengineoss.semanticsloader.Semantics

object Test extends QueryBundle {

  @q
  def test(): Query =
    Query.make(
      name = "test",
      author = "me",
      title = "test",
      description = """
        |test
        |""".stripMargin,
      score = 2,
      withStrRep({ cpg =>
        def locals = cpg.local
        println(locals.l)
        locals
      }),
      tags = List(),
      codeExamples = CodeExamples( // Examples are modified excerpts from the Linux kernel
        List("""
          |	static const struct test test = {
          |		.test		= some_func,
          |	};       
          """.stripMargin),
        List("""
          """.stripMargin)
      )
    )
}
package io.joern.scanners.c

import io.joern.suites.CQueryTestSuite
import io.shiftleft.codepropertygraph.generated.nodes
import io.shiftleft.semanticcpg.language._
import overflowdb.traversal._
import io.shiftleft.semanticcpg.language._
import io.joern.console.scan._
import io.shiftleft.console.Query

class TestTests extends CQueryTestSuite {

  override def queryBundle = Test

  "test" in {
    val query = queryBundle.test()
      query(cpg)
      .flatMap(_.evidence)
      .cast[nodes.Local]
      .name
      .toSet shouldBe Set("test")
  }
}
joern> val code = """
                 |static const struct test test = {
                 |.test= some_func,
                 |}                
                 """.stripMargin 
code: String = """
static const struct test test = {
.test= some_func,
}                
          """

joern> importCode.c.fromString(code) 
[...]
joern> cpg.local.l 
res43: List[Local] = List(
  Local(
    id -> 3074457345618258674L,
    closureBindingId -> None,
    code -> "test",
    columnNumber -> None,
    dynamicTypeHintFullName -> ArraySeq(),
    lineNumber -> None,
    name -> "test",
    order -> 2,
    typeFullName -> "static const test"
  )
)

Running the test gives

[info] TestTests:
List()
[info] - test *** FAILED ***
[info]   HashSet() was not equal to Set("test") (Test.scala:21)

created time in 11 days

issue openedjoernio/joern

joern-scan: Two queries doing the same but one does not compile

Hello,

I created two queries for joern-scan which should do the same. But one does compile while the other throws an error. Both queries work on the joern shell, though.

This one works:

def calls = cpg.call.argument(1).reachableBy(cpg.call.argument(1))
calls

This one works not:

cpg.call.argument(1).reachableBy(cpg.call.argument(1))
->
[error] Note: io.shiftleft.codepropertygraph.generated.nodes.StoredNode >: NodeType, but class Traversal is invariant in type A.
[error] You may wish to define A as -A instead. (SLS 4.5)
[error]         cpg.call.argument(1).reachableBy(cpg.call.argument(1))
[error]               

Complete file for reference, maybe there's a problem with imports:

package io.joern.scanners.c

import io.joern.scanners._
import io.joern.console._
import io.shiftleft.console._
import io.joern.dataflowengineoss.language._
import io.shiftleft.semanticcpg.language._
import io.shiftleft.macros.QueryMacros._
import io.joern.dataflowengineoss.queryengine.EngineContext
import io.joern.dataflowengineoss.semanticsloader.Semantics
import io.shiftleft.codepropertygraph.generated.Operators
import io.shiftleft.codepropertygraph.generated.nodes._

object Test extends QueryBundle {

  @q
  def test()(implicit context: EngineContext): Query =
    Query.make(
      name = "test,
      author = "me",
      title = "test",
      description =
        """
        |test
        |""".stripMargin,
      score = 2,
      withStrRep({ cpg =>
        cpg.call.argument(1).reachableBy(cpg.call.argument(1))
      }),
      tags = List(QueryTags.default)
    )
}

created time in 12 days

CommitCommentEvent

issue openedjoernio/joern

C2Cpg: Failed to generate CPG

I tried to parse https://github.com/LibVNC/libvncserver with joern-parse and importCode in the console and got the following error:

$ xxx/joern-parse xxx/libvncserver/ --out ./foo
Parsing code at: xxx/libvncserver/ - language: `NEWC`
[+] Running language frontend
2021-11-11 14:31:42.175 ERROR C2Cpg: Failed to generate CPG.
scala.MatchError: org.eclipse.cdt.internal.core.dom.parser.c.CASTSimpleDeclSpecifier@6a933be2 (of class org.eclipse.cdt.internal.core.dom.parser.c.CASTSimpleDeclSpecifier)
	at io.joern.c2cpg.astcreation.AstForTypesCreator.astsForDeclaration(AstForTypesCreator.scala:229) ~[io.joern.c2cpg-1.1.308+1-10489b3d+20211111-1206.jar:1.1.308+1-10489b3d+20211111-1206]
	at io.joern.c2cpg.astcreation.AstForTypesCreator.astsForDeclaration$(AstForTypesCreator.scala:225) ~[io.joern.c2cpg-1.1.308+1-10489b3d+20211111-1206.jar:1.1.308+1-10489b3d+20211111-1206]
	at io.joern.c2cpg.astcreation.AstCreator.astsForDeclaration(AstCreator.scala:17) ~[io.joern.c2cpg-1.1.308+1-10489b3d+20211111-1206.jar:1.1.308+1-10489b3d+20211111-1206]
	at io.joern.c2cpg.astcreation.AstCreator.$anonfun$createFakeMethod$2(AstCreator.scala:87) ~[io.joern.c2cpg-1.1.308+1-10489b3d+20211111-1206.jar:1.1.308+1-10489b3d+20211111-1206]
	at io.joern.c2cpg.datastructures.Global$.getAstsFromAstCache(Global.scala:54) ~[io.joern.c2cpg-1.1.308+1-10489b3d+20211111-1206.jar:1.1.308+1-10489b3d+20211111-1206]
	at io.joern.c2cpg.astcreation.AstCreator.$anonfun$createFakeMethod$1(AstCreator.scala:87) ~[io.joern.c2cpg-1.1.308+1-10489b3d+20211111-1206.jar:1.1.308+1-10489b3d+20211111-1206]
	at scala.collection.ArrayOps$.flatMap$extension(ArrayOps.scala:959) ~[org.scala-lang.scala-library-2.13.5.jar:?]
	at io.joern.c2cpg.astcreation.AstCreator.createFakeMethod(AstCreator.scala:80) ~[io.joern.c2cpg-1.1.308+1-10489b3d+20211111-1206.jar:1.1.308+1-10489b3d+20211111-1206]
	at io.joern.c2cpg.astcreation.AstCreator.astForTranslationUnit(AstCreator.scala:113) ~[io.joern.c2cpg-1.1.308+1-10489b3d+20211111-1206.jar:1.1.308+1-10489b3d+20211111-1206]
	at io.joern.c2cpg.astcreation.AstCreator.astForFile(AstCreator.scala:47) ~[io.joern.c2cpg-1.1.308+1-10489b3d+20211111-1206.jar:1.1.308+1-10489b3d+20211111-1206]
	at io.joern.c2cpg.astcreation.AstCreator.createAst(AstCreator.scala:43) ~[io.joern.c2cpg-1.1.308+1-10489b3d+20211111-1206.jar:1.1.308+1-10489b3d+20211111-1206]
	at io.joern.c2cpg.passes.AstCreationPass.$anonfun$runOnPart$1(AstCreationPass.scala:50) ~[io.joern.c2cpg-1.1.308+1-10489b3d+20211111-1206.jar:1.1.308+1-10489b3d+20211111-1206]
	at scala.Option.foreach(Option.scala:437) ~[org.scala-lang.scala-library-2.13.5.jar:?]
	at io.joern.c2cpg.passes.AstCreationPass.runOnPart(AstCreationPass.scala:48) ~[io.joern.c2cpg-1.1.308+1-10489b3d+20211111-1206.jar:1.1.308+1-10489b3d+20211111-1206]
	at io.joern.c2cpg.passes.AstCreationPass.runOnPart(AstCreationPass.scala:21) ~[io.joern.c2cpg-1.1.308+1-10489b3d+20211111-1206.jar:1.1.308+1-10489b3d+20211111-1206]
	at io.shiftleft.passes.ConcurrentWriterCpgPass.$anonfun$createApplySerializeAndStore$2(ParallelCpgPass.scala:208) ~[io.shiftleft.codepropertygraph_2.13-1.3.428.jar:1.3.428]
	at scala.concurrent.Future$.$anonfun$apply$1(Future.scala:672) ~[org.scala-lang.scala-library-2.13.5.jar:?]
	at scala.concurrent.impl.Promise$Transformation.run(Promise.scala:431) ~[org.scala-lang.scala-library-2.13.5.jar:?]
	at java.util.concurrent.ForkJoinTask$RunnableExecuteAction.exec(ForkJoinTask.java:1426) ~[?:?]
	at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290) ~[?:?]
	at java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1020) ~[?:?]
	at java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1656) ~[?:?]
	at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1594) ~[?:?]
	at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183) ~[?:?]
Error running shell command: List(xxx/joern/joern-cli/target/universal/stage/c2cpg.sh, xxx/libvncserver/, --output, ./foo)
Failure: Could not generate CPG with language = NEWC and input = xxx/libvncserver/

created time in 17 days

issue openedjoernio/joern

Global Struct Initialisation Parsed Incomplete

Hello,

I think that I discovered a bug in parsing global initialised structs. Please use the following code as an example:

`struct filesystem { void (*open)(int a); };

void my_open(int a) { int b; b = a; return; }

static const struct filesystem my_fs = { .open = &my_open, };

int main(int argc, char *argv[]) { static int i; static const struct filesystem my_other_fs = { .open = &my_open, }; struct filesystem real_fs; real_fs.open = &my_open; i = 0; } `

The call for the initialisation of my_other_fs is parsed correctly:

`joern> cpg.method("main").local.name("my_other_fs").referencingIdentifiers.astParent.isCall.argument(2).astChildren.astChildren.code.l res13: List[String] = List(".open = &my_open")

`

However, that's not the case for the global struct my_fs, e.g., no Identifier node is created:

`joern> cpg.local("my_fs").l res15: List[Local] = List( Local( id -> 3074457345618260637L, closureBindingId -> None, code -> "my_fs", columnNumber -> None, dynamicTypeHintFullName -> ArraySeq(), lineNumber -> None, name -> "my_fs", order -> 4, typeFullName -> "static const filesystem" ) )

joern> cpg.local("my_fs").referencingIdentifiers.l res16: List[Identifier] = List()

joern> cpg.identifier("my_fs").l res17: List[Identifier] = List() `

Maybe related to #405

created time in 18 days

push eventraymontag/raymontag.github.io

Karsten König

commit sha e6ef9dea3c9bccb45f7f47ecfa427abfb31de307

add exploit for cve-2019-2215

view details

push time in a month

more