joern icon indicating copy to clipboard operation
joern copied to clipboard

Published 20 hours ago verified publisher icon joernio

[java] Loss of Type Information Granularity

Open pr0me opened this issue 11 months ago • 0 comments

Problem/Question: The newest Joern versions do not show the same level of type information granularity in typeFullName fields of Calls (and elsewhere) as older versions did. Recent changes seem like this is being worked on (ANY tag disappearing from the code field in favor of the actual type again). But the information is not always propagated to typeFullName.

Minimal Reproducible Example:

public class Swagger2SpringBoot {
    List<SecurityReference> defaultAuth() {
        AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
        AuthorizationScope[] authorizationScopes = new AuthorizationScope[]{authorizationScope};
        return Lists.newArrayList((Object[])new SecurityReference[]{new SecurityReference("mykey", authorizationScopes)});
    }
}

cpg.assignment.filter(_.lineNumber.equals(Some(4))).l results in:

  • joern version: 2.0.294 - javasrc2cpg 
    Call(
id = 245L,
argumentIndex = -1,
argumentName = None,
code = "AuthorizationScope[] authorizationScopes = new AuthorizationScope[] { authorizationScope }",
columnNumber = Some(value = 30),
dispatchType = "STATIC_DISPATCH",
dynamicTypeHintFullName = ArraySeq(),
lineNumber = Some(value = 4),
methodFullName = "<operator>.assignment",
name = "<operator>.assignment",
order = 5,
possibleTypes = ArraySeq(),
signature = "",
typeFullName = "ANY"
)
  • joern version: 2.0.220 - javasrc2cpg 
    Call(
id = 242L,
argumentIndex = -1,
argumentName = None,
code = "ANY authorizationScopes = new AuthorizationScope[] { authorizationScope }",
columnNumber = Some(value = 30),
dispatchType = "STATIC_DISPATCH",
dynamicTypeHintFullName = ArraySeq(),
lineNumber = Some(value = 4),
methodFullName = "<operator>.assignment",
name = "<operator>.assignment",
order = 5,
possibleTypes = ArraySeq(),
signature = "",
typeFullName = "ANY"
)
  • joern v1.1.378 - java2cpg (very old) 
    Call(
id -> 4611686018427887964L,
argumentIndex -> 4,
argumentName -> None,
code -> "authorizationScopes = new AuthorizationScope[] { authorizationScope }",
columnNumber -> Some(value = 9),
dispatchType -> "STATIC_DISPATCH",
dynamicTypeHintFullName -> ArraySeq(),
lineNumber -> Some(value = 4),
methodFullName -> "<operator>.assignment",
name -> "<operator>.assignment",
order -> 4,
signature -> "",
typeFullName -> "<unresolved>.AuthorizationScope[]"
)

Expected behavior: Type information in the typeFullName (something like the old frontend did is arguably more helpful than ANY).

So, maybe this issue is unnecessary but just wanted to ask what the status here is. Thanks.

pr0me avatar Mar 14 '24 16:03 pr0me