Jimple improvements for non-java languages such as scala

[prabhu]

No description provided.

[gemini-code-assist]

Hello @prabhu, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

This pull request focuses on improving the Jimple to CPG conversion process, particularly for non-Java languages like Scala. The changes include updating dependencies, adding a decompiler to handle Java class files, and modifying the code to improve the handling of class files and archive extraction. The pull request also introduces new configuration options for controlling recursion depth and filtering class files.

Highlights

• Dependency Updates: The pull request updates the versions of slf4j-api and slf4j-nop in build.sbt and updates the version in codemeta.json and meta.yaml.
• Decompiler Integration: The pull request integrates a decompiler (cfr) to handle Java class files, enabling the processing of non-Java languages like Scala. This involves adding org.benf % cfr as a dependency and using it to decompile class files.
• Class File Handling: The pull request modifies the class file handling logic to improve archive extraction, including adding recursion depth control and filtering options. It introduces changes to the loadClassFiles and sootLoad methods in Jimple2Cpg.scala.
• Configuration Options: The pull request introduces new configuration options for controlling recursion depth (depth) and filtering class files (onlyClasses). These options are added to the Config class in Main.scala and exposed as command-line arguments.
• Exception Handling: The pull request adds exception handling to keep exceptions and omit excepting unit edges.

Changelog

Click here to see the changelog

• build.sbt
  • Updated slf4j-api and slf4j-nop dependencies from version 2.0.16 to 2.0.17.
  • Updated chen version from 2.3.3 to 2.3.4
  • Added org.benf % cfr dependency for decompilation.
• codemeta.json
  • Updated chen version from 2.3.3 to 2.3.4
• meta.yaml
  • Updated chen version from 2.3.3 to 2.3.4
• platform/frontends/jimple2cpg/build.sbt
  • Added org.benf % cfr dependency for decompilation.
• platform/frontends/jimple2cpg/src/main/scala/io/appthreat/jimple2cpg/Jimple2Cpg.scala
  • Modified sootLoadApk to accept Path instead of File.
  • Modified loadClassFiles to include parameters for onlyClasses, recurse, and depth.
  • Modified sootLoad to include scalaSdk, onlyClasses, recurse, and depth parameters.
  • Modified cpgApplyPasses to include scalaSdk, onlyClasses, recurse, and depth parameters.
  • Added decompileClassFiles to decompile class files.
  • Removed DeclarationRefPass
  • Removed logger debug statements
  • Modified configureSoot to accept Path instead of File and set output directory.
• platform/frontends/jimple2cpg/src/main/scala/io/appthreat/jimple2cpg/Main.scala
  • Added scalaSdk, depth, and onlyClasses configuration options to the Config class.
  • Added command-line arguments for scalaSdk, depth, and onlyClasses.
• platform/frontends/jimple2cpg/src/main/scala/io/appthreat/jimple2cpg/passes/AstCreationPass.scala
  • Modified to use absolute path instead of canonical path
  • Removed logger debug statements
• platform/frontends/jimple2cpg/src/main/scala/io/appthreat/jimple2cpg/passes/AstCreator.scala
  • Added parseAsJavaType to handle exceptions
• platform/frontends/jimple2cpg/src/main/scala/io/appthreat/jimple2cpg/passes/DeclarationRefPass.scala
  • Removed file
• platform/frontends/jimple2cpg/src/main/scala/io/appthreat/jimple2cpg/passes/SootAstCreationPass.scala
  • Removed logger debug statements
• platform/frontends/jimple2cpg/src/main/scala/io/appthreat/jimple2cpg/util/Decompiler.scala
  • Added new file to decompile class files
• platform/frontends/jimple2cpg/src/main/scala/io/appthreat/jimple2cpg/util/ProgramHandlingUtil.scala
  • Modified extractClassesToTmp to include parameters for isConfigFile, onlyClasses, recurse, and depth.
  • Modified extractClassesInPackageLayout to include parameters for isConfigFile, onlyClasses, recurse, and depth.
• platform/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/utils/FileUtil.scala
  • Added new file to handle file operations
• project/Versions.scala
  • Added cfr version
• pyproject.toml
  • Updated chen version from 2.3.3 to 2.3.4

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

In realms of code, where languages entwine,
Jimple's essence, a structure defined.
From Java's heart to Scala's grace,
Transforming bytecode, finding its place.
With each conversion, a clearer view,
Of programs complex, both old and new.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces several improvements to the jimple2cpg tool, including version updates, the addition of the CFR decompiler, enhanced configuration options, and migration to java.nio.file.Path for file system operations. The changes appear well-structured and contribute to the tool's versatility and maintainability.

Summary of Findings

• Version updates: The pull request updates the version of the project and its dependencies. It's important to ensure that these updates are thoroughly tested and compatible with the existing codebase.
• Addition of CFR decompiler: The pull request introduces the CFR decompiler to the jimple2cpg toolchain. This addition enhances the tool's ability to analyze non-java languages such as scala.
• Configuration options for Scala SDK and unpacking: The pull request adds configuration options for specifying the Scala SDK path and controlling the depth and scope of archive unpacking. These options provide greater flexibility and control over the analysis process.
• Path Handling: The pull request migrates from better.files.File to java.nio.file.Path for file system operations. This change aligns with standard Java practices and improves code maintainability.
• Logging: The pull request removes explicit logging statements. While this reduces verbosity, ensure that sufficient logging is maintained through other mechanisms for debugging and monitoring purposes.

Merge Readiness

The pull request appears to be in good shape for merging. The changes are well-structured and contribute to the tool's versatility and maintainability. However, it's crucial to ensure that the version updates and the addition of the CFR decompiler are thoroughly tested and compatible with the existing codebase. Additionally, verify that sufficient logging is maintained through other mechanisms for debugging and monitoring purposes. I am unable to directly approve this pull request, and recommend that others review and approve this code before merging.