Code2Graph
Code2Graph copied to clipboard
Symbolk
Towards converting multilingual source code into one language-agnostic graph representation.
## CVE-2020-9493 - Critical Severity Vulnerability Vulnerable Library - log4j-1.2.17.jar Apache Log4j 1.2 Path to dependency file: /gen.kotlin/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar Dependency Hierarchy: - slf4j-log4j12-2.0.0-alpha2.jar (Root Library) -...
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot] avatar"){kind=avatar}
## CVE-2020-36518 - High Severity Vulnerability Vulnerable Library - jackson-databind-2.12.2.jar General data-binding functionality for Jackson: works on core streaming API Library home page: http://github.com/FasterXML/jackson Path to dependency file: /mining/build.gradle Path...
## WS-2021-0616 - Medium Severity Vulnerability Vulnerable Library - jackson-databind-2.12.2.jar General data-binding functionality for Jackson: works on core streaming API Library home page: http://github.com/FasterXML/jackson Path to dependency file: /mining/build.gradle Path...
## CVE-2022-24329 - Medium Severity Vulnerability Vulnerable Library - kotlin-stdlib-1.4.31.jar Kotlin Standard Library for JVM Library home page: https://kotlinlang.org/ Path to dependency file: /gen.kotlin/build.gradle Path to vulnerable library: /dle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.31/a58e0fb9812a6a93ca24b5da75e4b5a0cb89c957/kotlin-stdlib-1.4.31.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.31/a58e0fb9812a6a93ca24b5da75e4b5a0cb89c957/kotlin-stdlib-1.4.31.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.31/a58e0fb9812a6a93ca24b5da75e4b5a0cb89c957/kotlin-stdlib-1.4.31.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.31/a58e0fb9812a6a93ca24b5da75e4b5a0cb89c957/kotlin-stdlib-1.4.31.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.31/a58e0fb9812a6a93ca24b5da75e4b5a0cb89c957/kotlin-stdlib-1.4.31.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.31/a58e0fb9812a6a93ca24b5da75e4b5a0cb89c957/kotlin-stdlib-1.4.31.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.31/a58e0fb9812a6a93ca24b5da75e4b5a0cb89c957/kotlin-stdlib-1.4.31.jar Dependency...
对于以下声明,解析失败: ```java int x=0, y, z; ``` 只能解析 `x`, 无法解析 `y` `z`
对于数组调用,不能解析: ```java String[] digits = new String[3]; digits[0] = "hello"; digits[1] = "world"; digits[2] = "."; int a = 1; System.out.println(digits[a]); ``` 会解析成 `OTHER()`
对于一下的情况,data_type 类型边连接出错: ```java public static void scan1() { char x1 = 'a'; char x2 = 'b'; int x_val = digits[x1] * 16 + digits[x2]; char x_char = (char) x_val; }...
在以下的代码中,code2graph 会报错 ```java int[] test = new int[3]; test[0] = 1; test[1] = 2; test[2] = 3; System.out.println(test.length); ``` 原因是 `test.length` 的 *length* 找不到它的 Class ``` 实际上,数组的 length 属性是 Java...
对于以下情况 gen.java 不能处理: `src/Main.java` ```java public static void main(String[] args) { ... Global.LOGS.add("TEST"); } ``` `src/Global.java` ```java public class Global { public static List LOGS = new ArrayList(Arrays.asList("", "--------------")); ......
对于 a + b + c 这种表达式 jdt 为了减少树的深度,不会将它拆开 `extendedOperands` 方法 jdt 官方描述: ``` 扩展操作数是表示 L op R op R2 op R3... 形式的深度嵌套表达式的首选方式, 其中相同的运算符出现在所有操作数之间(最常见的情况是冗长的字符串连接 表达式)。 使用扩展的操作数可以防止树变得太深; 这降低了遍历此类树时 在运行时耗尽线程堆栈空间的风险。 ((a +...