Update traversal docs. Small tweaks (#55)

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
AppThreat · Jan 10, 2024 · 3142541 · 3142541
1 parent c354c13
commit 3142541
Show file tree

Hide file tree

Showing 6 changed files with 201 additions and 47 deletions.
diff --git a/console/src/main/scala/io/appthreat/console/Console.scala b/console/src/main/scala/io/appthreat/console/Console.scala
@@ -520,7 +520,11 @@ class Console[T <: Project](
                                 if !addedMethods.contains(c.methodFullName) then
                                     mtree
                                         .add(
-                                          c.methodFullName + (if c.callee(NoResolve).head.isExternal
+                                          c.methodFullName + (if c.callee(
+                                                                    NoResolve
+                                                                  ).head.nonEmpty && c.callee(
+                                                                    NoResolve
+                                                                  ).head.isExternal
                                                               then " :right_arrow_curving_up:"
                                                               else "")
                                         )

diff --git a/dataflowengineoss/README.md b/dataflowengineoss/README.md
diff --git a/docs/TRAVERSAL.md b/docs/TRAVERSAL.md
@@ -0,0 +1,186 @@
+## Traversing an atom
+
+Traversal queries begin with `atom`, followed by a primary node type from the below list.
+
+| Name                | Comment                                                                             |
+| ------------------- | ----------------------------------------------------------------------------------- |
+| annotation          | Entire annotation                                                                   |
+| annotationLiteral   | Literatal values in an annotation                                                   |
+| annotationParameter | Parameter values                                                                    |
+| call                | Call nodes                                                                          |
+| configFile          | Configuration files                                                                 |
+| file                | File                                                                                |
+| identifier          | Identifier nodes                                                                    |
+| imports             | Import nodes                                                                        |
+| literal             | Literal nodes                                                                       |
+| local               | Local variables                                                                     |
+| method              | Method nodes                                                                        |
+| ret                 | Return statements                                                                   |
+| tag                 | Tag nodes                                                                           |
+| typeDecl            | Type declarations                                                                   |
+| typeRef             | Type references                                                                     |
+| cfgNode             | Wrapper for multiple nodes such as annotation, call, control_structure, method, etc |
+| declaration         | Wrapper for multiple noeds such as local, member, method, etc                       |
+
+Example:
+
+```scala
+// List all annotations in the atom
+atom.annotation.l
+
+// List all files in the atom
+atom.file.l
+
+// Show the annotation list as json
+atom.annotation.toJson
+```
+
+## annotation steps
+
+- argumentIndex(int)
+- argumentName(pattern)
+- code(pattern)
+- name(pattern)
+- fullName(pattern)
+
+## annotationLiteral steps
+
+- argumentIndex(int)
+- argumentName(pattern)
+- code(pattern)
+- name(pattern)
+
+## annotationParameter steps
+
+- code(pattern)
+
+## call steps
+
+- argumentIndex(int)
+- argumentName(pattern)
+- code(pattern)
+- name(pattern)
+- methodFullName(pattern)
+- signature(pattern)
+- typeFullName(pattern)
+
+### call traversal
+
+- argument - All argument nodes
+- callee - All callee methods
+
+## configFile steps
+
+- name(string)
+- content(string)
+
+## file steps
+
+- name(string)
+
+## identifier steps
+
+- argumentIndex(int)
+- argumentName(pattern)
+- code(pattern)
+- name(pattern)
+- typeFullName(pattern)
+
+## import steps
+
+- code(pattern)
+- importedAs(string)
+- importedEntity(string)
+- isExplicit(boolean)
+- isWildcard(boolean)
+
+## literal steps
+
+- argumentIndex(int)
+- argumentName(pattern)
+- code(pattern)
+- typeFullName(pattern)
+
+## local steps
+
+- code(pattern)
+- name(pattern)
+- typeFullName(pattern)
+
+## method steps
+
+- code(pattern)
+- filename(pattern)
+- name(pattern)
+- fullName(pattern)
+- isExternal(boolean)
+- signature(pattern)
+
+### method traversal
+
+- parameter - All MethodParameterIn nodes of the given method.
+- literal - All literal nodes in the method.
+- caller - All callers of this method
+
+## ret steps
+
+- argumentIndex(int)
+- argumentName(pattern)
+- code(pattern)
+
+## tag steps
+
+- name(pattern)
+
+## typeDecl steps
+
+- code(pattern)
+- filename(pattern)
+- name(pattern)
+- fullName(pattern)
+- isExternal(boolean)
+
+## typeRef steps
+
+- argumentIndex(int)
+- argumentName(pattern)
+- code(pattern)
+- typeFullName(pattern)
+
+## cfgNode steps
+
+- code(pattern)
+
+## declaration steps
+
+- name(pattern)
+
+## Helper step methods
+
+Step methods accepting an integer would have variations such as Gt, Gte, Lt, Lte and Not to support integer operations.
+
+Example:
+
+```scala
+atom.annotation.argumentIndexGt(1).l
+```
+
+Step methods accepting a string would have variations such as Exact and Not.
+
+Example:
+
+```scala
+atom.annotation.argumentNameNot("foo").l
+```
+
+## Chaining step methods
+
+If a step method return an iterator of type node then the method calls could be chained.
+
+Example:
+
+Parameters of all methods with the name `foo`.
+
+```scala
+atom.method.name("foo").parameter.l
+```
diff --git a/platform/frontends/c2cpg/lib/README.md b/platform/frontends/c2cpg/lib/README.md
diff --git a/platform/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/CdxPass.scala b/platform/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/CdxPass.scala
@@ -45,7 +45,8 @@ class CdxPass(atom: Cpg) extends CpgPass(atom):
     private def PY_REQUEST_PATTERNS = Array(".*views.py:<module>.*")
 
     private def containsRegex(str: String) =
-        Pattern.quote(str) != str || str.contains("*") || str.contains("(") || str.contains(")")
+        val reChars = "[](){}*+&|?.,\\$"
+        str.exists(reChars.contains(_))
 
     private val BOM_JSON_FILE = ".*(bom|cdx).json"
 

diff --git a/...rm/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/ChennaiTagsPass.scala b/...rm/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/ChennaiTagsPass.scala
@@ -50,6 +50,10 @@ class ChennaiTagsPass(atom: Cpg) extends CpgPass(atom):
     )
     private val HTTP_METHODS_REGEX = ".*(request|session)\\.(args|get|post|put|form).*"
 
+    private def containsRegex(str: String) =
+        val reChars = "[](){}*+&|?.,\\$"
+        str.exists(reChars.contains(_))
+
     private def tagCRoutes(dstGraph: DiffGraphBuilder): Unit =
         C_ROUTES_CALL_REGEXES.foreach { r =>
             atom.method.fullName(r).parameter.newTagNode(FRAMEWORK_INPUT).store()(
@@ -131,7 +135,7 @@ class ChennaiTagsPass(atom: Cpg) extends CpgPass(atom):
                         atom.method.parameter.typeFullNameExact(pn).newTagNode(tagName).store()(
                           dstGraph
                         )
-                        if !pn.contains("[") && !pn.contains("*") then
+                        if !containsRegex(pn) then
                             atom.method.parameter.typeFullName(
                               s".*${Pattern.quote(pn)}.*"
                             ).newTagNode(tagName).store()(dstGraph)
@@ -140,7 +144,7 @@ class ChennaiTagsPass(atom: Cpg) extends CpgPass(atom):
                     val mn = methodName.asString.getOrElse("")
                     if mn.nonEmpty then
                         atom.method.fullNameExact(mn).newTagNode(tagName).store()(dstGraph)
-                        if !mn.contains("[") && !mn.contains("*") then
+                        if !containsRegex(mn) then
                             atom.method.fullName(s".*${Pattern.quote(mn)}.*").newTagNode(
                               tagName
                             ).store()(dstGraph)
@@ -151,7 +155,7 @@ class ChennaiTagsPass(atom: Cpg) extends CpgPass(atom):
                         atom.method.parameter.typeFullNameExact(tn).newTagNode(tagName).store()(
                           dstGraph
                         )
-                        if !tn.contains("[") && !tn.contains("*") then
+                        if !containsRegex(tn) then
                             atom.method.parameter.typeFullName(
                               s".*${Pattern.quote(tn)}.*"
                             ).newTagNode(tagName).store()(dstGraph)
@@ -165,7 +169,7 @@ class ChennaiTagsPass(atom: Cpg) extends CpgPass(atom):
                     val fn = fileName.asString.getOrElse("")
                     if fn.nonEmpty then
                         atom.file.nameExact(fn).newTagNode(tagName).store()(dstGraph)
-                        if !fn.contains("[") && !fn.contains("*") then
+                        if !containsRegex(fn) then
                             atom.file.name(s".*${Pattern.quote(fn)}.*").newTagNode(tagName).store()(
                               dstGraph
                             )