joernio
[Bug] [Java] Joern query not able to detect flow and on expanding scope waits forever with errors.
Describe the bug Joern query couldn't find a flow while CodeQL finds it. When i try expanding source beyond cpg.method.parameter, waits forever with errors.
Note: I'm pretty new to joern, so do let me know if my queries are incorrect as well as if you need additional info.
To Reproduce
Steps to reproduce the behavior:
- Clone the https://github.com/dotCMS/core
- joern -J-Xmx110G (Actually got a machine for this)
- importCode.java(inputPath="./dotCMS/", projectName="dotcms-joern")
-
def sink = cpg.call(".*executeQuery.*").lineNumber(95)
joern> def sink = cpg.call(".*executeQuery.*").lineNumber(95)
def sink: Iterator[io.shiftleft.codepropertygraph.generated.nodes.Call]
joern> sink.l
val res1: List[io.shiftleft.codepropertygraph.generated.nodes.Call] = List(
Call(
argumentIndex = 2,
argumentName = None,
code = "st.executeQuery(sql)",
columnNumber = Some(value = 23),
dispatchType = "DYNAMIC_DISPATCH",
dynamicTypeHintFullName = IndexedSeq(),
lineNumber = Some(value = 95),
methodFullName = "java.sql.Statement.executeQuery:java.sql.ResultSet(java.lang.String)",
name = "executeQuery",
order = 2,
possibleTypes = IndexedSeq(),
signature = "java.sql.ResultSet(java.lang.String)",
typeFullName = "java.sql.ResultSet"
)
)
-
def source = cpg.method.parameter ++ cpg.identifier ++ cpg.call.argument -
sink.reachableByFlows(source).p
Error Output: https://gist.github.com/torque59/c01a1268522cf9adf106ab5a28c6d390 and this waits forever (waited for an hour) and then manually killed it.
Expected behavior Able to detect a flow. The flow was verified with CodeQL.
Note: The flow in CodeQL is limited to this particular resource, but i'm trying to find all sources flowing to the sink, hence the broader source.
Screenshots N/A
Desktop (please complete the following information):
- OS:
Ubuntu-2404-noble-amd64-base - Joern Version:
Version: 4.0.227 - Java version:
openjdk version "17.0.13" 2024-10-15
Additional context N/A
