Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Improper Association of Methods in Data Flow Analysis #4987

Open
krisstivg opened this issue Oct 2, 2024 · 0 comments
Open

[Bug] Improper Association of Methods in Data Flow Analysis #4987

krisstivg opened this issue Oct 2, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@krisstivg
Copy link

Describe the bug
I encountered incorrect behavior while using the data flow analysis with reachableByFlows. The problem is that the analyzer improperly connects methods that are unrelated to each other.

In the code, there is an execute method, which clearly belongs to the Django library and should be recognized as a call to cursor.execute() from Django. However, during analysis, Joern links this method to another execute method located in a different file.

I've experienced the same behavior with built-in methods like string.format(). If there were other methods named format in the project, the analyzer would link them together.

#dir1/file1.py
from django.conf import settings
from django.db import connections


def get_data(self, request, domain_id, task_id=None):
        with connections[settings.DATABASE_POSTGRES].cursor() as cursor:
            result_type = self.request.query_params.get()
            if result_type == 'csv':
                raw_sql = "SELECT ..."
                cursor.execute(raw_sql, [task_id])
                rows = cursor.fetchall()
                return None

            raw_sql = "SELECT ..."
            raw_sql, params = self.raw_sql_search(raw_sql)
            cursor.execute(raw_sql, [task_id, *params])
            rows = cursor.fetchall()
            return None
#dir2/file2.py
def execute(self, client, raise_exc=True, **data):
        domain = self.get_current_domain()
        user = self.request.user
        _, result = execute_client(
            client,
            user_id=user.id,
            user_email=user.email,
            domain_id=domain.pk,
            domain_name=domain.name,
            raise_exc=raise_exc,
            **data
        )
        return result

It is clear that the execute method from file1 is in no way related to the execute method from file2,

Screenshots
image

It's how reproduce this behavior

cpg.call.name("execute").location.l

I also saw in the README that the parser has the following issue: Incorrect instance argument for a call like x.func. Is my problem related to this? Are there any ways to resolve it?

Desktop (please complete the following information):

  • OS: macOS Sonoma 14.6.1
  • Joern Version: 4.0.96
  • Java version: 21.0.4(But I've tried others too)
@krisstivg krisstivg added the bug Something isn't working label Oct 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@krisstivg