codepropertygraph icon indicating copy to clipboard operation
codepropertygraph copied to clipboard

Published 20 hours ago verified publisher icon ShiftLeftSecurity

Global variables are not detected

Open m1cm1c opened this issue 4 years ago • 0 comments

The documentation says:

Variable declaration nodes (type: DeclStmt). Finally, declarations of global variables are saved in declaration statement nodes and connected to the source file they are contained in usingIS_FILE_OFedges.

This does not seem to be the case.

When creating a CPG for

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int foo = 0;

int main(int argc, char *argv[]) {
  foo = argc;
  exit(0);
}

, joern finds thees nodes: https://gist.github.com/m1cm1c/da34d0cb559cf8fba7360ce51b3de0ed If you search for "foo", you will only find:

  Call(
    id -> 1000106L,
    code -> "foo = argc",
    name -> "<operator>.assignment",
    order -> 1,
    methodInstFullName -> None,
    methodFullName -> "<operator>.assignment",
    argumentIndex -> 1,
    dispatchType -> "STATIC_DISPATCH",
    signature -> "TODO assignment signature",
    typeFullName -> "ANY",
    dynamicTypeHintFullName -> List(),
    lineNumber -> Some(8),
    columnNumber -> Some(2),
    resolved -> None,
    depthFirstOrder -> None,
    internalFlags -> None
  ),
  Identifier(
    id -> 1000107L,
    code -> "foo",
    name -> "foo",
    order -> 1,
    argumentIndex -> 1,
    typeFullName -> "ANY",
    dynamicTypeHintFullName -> List(),
    lineNumber -> Some(8),
    columnNumber -> Some(2),
    depthFirstOrder -> None,
    internalFlags -> None
  )

Both of these are in line 8, meaning that they are about the assignment foo = argc;, not about the declaration and definition int foo = 0;.

The problem seems to be in this repo. The AST created by the code in this repo for the above-mention code is: https://gist.github.com/m1cm1c/4392d54c19e927b998bdf1462fa41573 foo only occurs in two AST nodes:

summary: io.shiftleft.codepropertygraph.generated.nodes.Call[label=CALL; id=1000106]
id: 1000106
label: CALL
propertyKeys: [RESOLVED, DISPATCH_TYPE, DYNAMIC_TYPE_HINT_FULL_NAME, INTERNAL_FLAGS, METHOD_FULL_NAME, SIGNATURE, TYPE_FULL_NAME, COLUMN_NUMBER, ARGUMENT_INDEX, ORDER, DEPTH_FIRST_ORDER, METHOD_INST_FULL_NAME, NAME, CODE, LINE_NUMBER]
propertyMap: {ORDER=1, ARGUMENT_INDEX=1, CODE=foo = argc, COLUMN_NUMBER=2, METHOD_FULL_NAME=<operator>.assignment, TYPE_FULL_NAME=ANY, LINE_NUMBER=8, DISPATCH_TYPE=STATIC_DISPATCH, SIGNATURE=TODO assignment signature, DYNAMIC_TYPE_HINT_FULL_NAME=List(), NAME=<operator>.assignment}

summary: io.shiftleft.codepropertygraph.generated.nodes.Identifier[label=IDENTIFIER; id=1000107]
id: 1000107
label: IDENTIFIER
propertyKeys: [DYNAMIC_TYPE_HINT_FULL_NAME, NAME, INTERNAL_FLAGS, TYPE_FULL_NAME, COLUMN_NUMBER, ARGUMENT_INDEX, ORDER, DEPTH_FIRST_ORDER, CODE, LINE_NUMBER]
propertyMap: {ORDER=1, ARGUMENT_INDEX=1, CODE=foo, COLUMN_NUMBER=2, TYPE_FULL_NAME=ANY, LINE_NUMBER=8, DYNAMIC_TYPE_HINT_FULL_NAME=List(), NAME=foo}

Again, both of these reference line 8, meaning that they are about foo's use, not about foo's declaration or definition.

m1cm1c avatar Dec 07 '20 13:12 m1cm1c