Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

First attempt to implement bug reasoning logic for Query API #765

Merged
merged 77 commits into from
Aug 19, 2022
Merged

First attempt to implement bug reasoning logic for Query API #765

merged 77 commits into from
Aug 19, 2022

Conversation

KuechA
Copy link
Contributor

@KuechA KuechA commented Apr 20, 2022
edited
Loading

We probably want to simplify the identification of bugs by providing an API to query the graph for vulnerabilities.

Tasks:

  • Evaluate the different components of a query (probably something like first order logic)
  • Parse the queries
  • Add required analyses to the cpg-analysis module

See WIP wiki page concerning the Query API.

@oxisto
Copy link
Member

oxisto commented Apr 20, 2022

Just a suggestion: Wouldn't it be easier to use Kotlin itself as the script language rather than try to parse specific string-based fields and identifiers? This way we could probably re-use all the existing node types and their property and not build an additional property layer on top of it.

For example https://medium.com/adobetech/building-elegant-dsls-with-kotlin-707726c5ed21

KuechA and others added 24 commits April 21, 2022 16:36
@KuechA
Naive extension to retrieve more than a single value (in some cases)
c92687a
@KuechA
Fix error of refactoring
22dd8b5
@KuechA
Builder for Queries
598f0e3
@KuechA
Slightly simplify the Query API
8e6b338
@KuechA
Test null pointer check with query
da9eed8
@KuechA
Test for memcpy query and sizeof
81793cd
@KuechA
Try to compress the notation a bit
c3e21b5
@oxisto
Quick alternative using reified function
b0ea44b
@oxisto
Even more fancy
1260fb3
@oxisto
more possibilites
8dbf785
@oxisto
added Assignment interface
0cc817e
@oxisto
Added forgotten stuff
65b20e0
@KuechA
Formatting
8f9f21d
@KuechA
Include intermediate steps and results
c16de27
@oxisto
++
4236b08
@KuechA
Add min and max operators
4121fda
@KuechA
Fix compiler error, add tests
a0563c2
@KuechA
Performance, doc
a8132cd
@KuechA
Additional testcase and second min/max function
4c57e25
@KuechA
Merge branch 'master' into console/queries
90bb596
@KuechA
Try to update MultiValueEvaluator
1768636
@KuechA
Merge branch 'console/queries' of github.com:Fraunhofer-AISEC/cpg int…
3175f6a 
…o console/queries
@KuechA
Updated formatting
2b94fbc
@KuechA
Fix
2cf68d4
@sonarcloud
Copy link

sonarcloud bot commented Jun 10, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 10 Code Smells

29.0% 29.0% Coverage
1.1% 1.1% Duplication

@oxisto oxisto added the enhancement New feature or request label Aug 12, 2022
@sonarcloud
Copy link

sonarcloud bot commented Aug 19, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 7 Code Smells

58.7% 58.7% Coverage
2.0% 2.0% Duplication

oxisto
oxisto approved these changes Aug 19, 2022
View reviewed changes
Copy link
Member

@oxisto oxisto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I propose merging an initial version of this so we can tweak it further in smaller PRs

@KuechA KuechA merged commit 5e4ae48 into main Aug 19, 2022
@KuechA KuechA deleted the console/queries branch August 19, 2022 06:33
@oxisto oxisto mentioned this pull request Sep 7, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oxisto oxisto oxisto approved these changes

@konradweiss konradweiss Awaiting requested review from konradweiss konradweiss is a code owner

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@KuechA @oxisto