Merge 4-0-238 to backup_sync #167
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
joernio#4908) * [ruby] add methodInvocationWithoutParentheses to RETURN argumentList * [ruby] Added check for arguments of jsonArg
Only static calls with import related names 'require', 'load" and so on are linked to import nodes. Before that we ended up with import nodes and links for calls like `Marshal.load(...)`.
Fixed an instance where something like `foo.bar` would represent `foo` as a `self.foo` field access instead of a `foo()` call, given that no `foo` variable is present.
* update cpg/flatgraph * empty commit to trigger GH actions
If an annotation type full name cannot be resolved we now use `<unresolvedNamespace>.ClassName` instead of `ANY`.
In case of a field access after a map/array access, the following field access had invalid argument indicies because it triggered the code path for dynamic receiver calls. This is now fixed.
* Fixed issue where access modifiers in expression positions would be unhandled * Handling identifiers on LHS of associations as symbols
…nio#4920) * Refactor `Semantics` -> `FullNameSemantics` * Refactor `FlowSemantic`/`FlowNode`/`FlowPath` out of the FullNameSemantics parser * Rename `Parser` -> `FullNameSemanticsParser` * Introduce `Semantics` trait with `initialize` and `forMethod`
* [kotlin2cpg] Fix "nacked" call representation. Fix representation of "nacked" calls like `someFunc(someArg)`. These so far have always being represented as statically dispatched which is obviously not correct. * Handle static dispatch with instance argument case.
as brought up in joernio#4936 it can lead to confusing situations if type parameters are shadowed, so for the sake of readability and disambiguity alone we should enable this compiler warning IMO. That being said, I'd like to stress that it's not something fundamentally complicated, afaics. Simple example copied from joernio#4936: ```scala class Example[NodeType <: Object](node: NodeType) extends AnyVal{ def foo[NodeType](x: List[NodeType]): List[NodeType] = x } ``` These two type parameters in your Example class are not related at all. They happen to have the same name, which only means that within `def foo` we cannot reference the `NodeType` type from the `class Example`, but apart from that there's no connection at all between them. Semantically it's similar to something like this on the value level: the two `bar` variables are not related at all, they just happen to have the same name, and therefor we cannot reference the class-level `bar` variable from within `def baz`. ```scala class Foo { val bar = 42 def baz: Unit = { val bar = "123" () } } ```
* Added ANTLR profiling with the `--antlrProfile` frontend argument. * If enabled, will gather parser metrics and log them right next to the file that was parsed, as well as print any syntax ambiguities.
Removes the old frontend and related CLI arguments. Hard deadline 20 Sept 2024.
Profiled `ArrayTests` to detect ambiguity and decisions with high lookaheads and modified test fixture to print profiler logs if enabled. This led to converting certain array rules to use more specific rules and fall back to more general rules less often. Some small improvements on `railsgoat` measured with `time` command on `joern-parse`: ``` // With ambiguity 75.58s user 1.98s system 356% cpu 21.762 total 73.56s user 2.61s system 492% cpu 15.452 total 66.52s user 2.01s system 387% cpu 17.667 total // With reduced ambiguity 65.42s user 1.94s system 443% cpu 15.189 total 74.58s user 2.01s system 557% cpu 13.744 total 74.39s user 1.75s system 560% cpu 13.595 total ```
…and detect project and configuration names automatically (joernio#4934) Fix android project detection and automatic name detection for gradle dependency fetcher
There were some unused parser rules adding unnecessary complexity to the parser
Added `simpleCommandArgumentList` to allow multiple call args for `methodInvocationWithoutParentheses`
* fix assignmentModulo
* fix assignmentXor
* fix assignmentOr
* fix assignmentAnd
* fix assignmentExponentiation
* fix assignmentShiftLeft
* fix assignment{Logical,Arithmetic}ShiftRight
* scalafmt
…#4954) These synthetic METHOD nodes did not have an offset at all. For: https://shiftleftinc.atlassian.net/browse/SEN-3250
…o#4955) As soon as `FullNameSemantics` started logging duplicate semantics (in joernio#4954), it was observed that `SemanticTestCpg` was passing a fresh Semantics instance to `EngineContext` instead of passing the one used by `OssDataFlow`. By coincidence, however, they were the same. Nevertheless, this patch guarantees they are the same.
Basically revives joernio#2002
* [jimple2cpg]Update soot to 4.6.0 https://github.com/soot-oss/soot/releases/tag/4.6.0 * [jimple2cpg] fix parse jimple fail, the two problems will cause the class and method not have correct info. --------- Co-authored-by: NextToMinus <[email protected]>
* [javasrc2cpg] Fixed logged debug command suggestion. A '$' was missing to be able to directly copy-paste the logged command suggestion. * Update joern-cli/frontends/x2cpg/src/main/scala/io/joern/x2cpg/utils/dependency/MavenDependencies.scala Co-authored-by: Johannes Coetzee <[email protected]> --------- Co-authored-by: Johannes Coetzee <[email protected]>
Seen during testing on https://github.com/blender/blender For: joernio#5254
Just discovered the latest addition to joernio#5256 of the sarif config was `val` and would not be able to be redefined for tools extending the REPL.
* [sarif] Add Reporting Descriptors & More "Optionality" * Added reporting descriptors which allow one to add more meta data to rules, and link findings to a given existing entry. * Moved the sarif instantiation to the RunBeforeCode object which separates actions from tools deriving from Joern * Using more "optional" properties where possible on properties which are not required by the sarif schema * Moved parameter to back * Test expectations
…o#5273) GitHub code scanning has strict requirements on SARIF files that need to be enforced, such as minimum elements in an array, line number > 0, etc. Some validators emit warnings on this, but GH fails the pipeline. Additionally, GitHub makes use of fingerprinting to avoid duplication between versions. The SARIF conversion has been adapted to accommodate the above.
… file signature format (joernio#5274) * First version of a JVM binary signature calculator for java parser classes. * Add binary signatures to javasrc nodes * Add generic signature for native foreach iterator tmp local * Do some cleanup * Add test for type parameter with multiple interface bounds * Add generic tests description and add unspecified type to lambda type decls --------- Co-authored-by: Markus Lottmann <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Created by Github action