Feature/july pkg updates (#80)

* Update packages

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Some data flow fixes with tests

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* passes and passesNot

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Update maven and gradle in container image

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

---------

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

Author: prabhu

.sbtopts

@@ -1,2 +1,2 @@
 -J-Xms3G
--J-Xmx4G
+-J-Xmx16G

README.md

@@ -6,7 +6,7 @@ Code Hierarchy Exploration Net (chen) is an advanced exploration toolkit for you
 
 - Java >= 21
 - Python >= 3.10
-- Node.js >= 18 (To run [atom](https://github.com/AppThreat/atom))
+- Node.js >= 20 (To run [atom](https://github.com/AppThreat/atom))
 - Minimum 16GB RAM
 
 ## Getting started
@@ -147,9 +147,9 @@ Refer to the documentation site to learn more about the commands.
 
 ## Languages supported
 
-- C/C++ (Requires Java 21 or above)
+- C/C++
 - H (C/C++ Header files alone)
-- Java (Requires compilation) - 8 to 17
+- Java (Requires compilation) - 8 to 21
 - Jar
 - Android APK (Requires Android SDK. Set the environment variable `ANDROID_HOME`)
 - JavaScript

build.sbt

@@ -1,7 +1,7 @@
 name                     := "chen"
 ThisBuild / organization := "io.appthreat"
-ThisBuild / version      := "2.1.0"
-ThisBuild / scalaVersion := "3.4.1"
+ThisBuild / version      := "2.1.1"
+ThisBuild / scalaVersion := "3.4.2"
 
 val cpgVersion = "1.0.0"
 

ci/Dockerfile

@@ -12,8 +12,8 @@ LABEL maintainer="appthreat" \
       org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -v $HOME:$HOME -v $(pwd):/app:rw -it ghcr.io/appthreat/chen chennai"
 
 ARG JAVA_VERSION=22.0.1-graalce
-ARG MAVEN_VERSION=3.9.6
-ARG GRADLE_VERSION=8.7
+ARG MAVEN_VERSION=3.9.8
+ARG GRADLE_VERSION=8.8
 
 ENV JAVA_VERSION=$JAVA_VERSION \
     MAVEN_VERSION=$MAVEN_VERSION \

codemeta.json

@@ -7,7 +7,7 @@
   "downloadUrl": "https://github.com/AppThreat/chen",
   "issueTracker": "https://github.com/AppThreat/chen/issues",
   "name": "chen",
-  "version": "2.1.0",
+  "version": "2.1.1",
   "description": "Code Hierarchy Exploration Net (chen) is an advanced exploration toolkit for your application source code and its dependency hierarchy.",
   "applicationCategory": "code-analysis",
   "keywords": [

console/build.sbt

@@ -4,7 +4,7 @@ enablePlugins(JavaAppPackaging)
 
 val ScoptVersion          = "4.1.0"
 val CaskVersion           = "0.9.2"
-val CirceVersion          = "0.14.6"
+val CirceVersion          = "0.14.9"
 val ZeroturnaroundVersion = "1.17"
 
 dependsOn(
@@ -24,7 +24,7 @@ libraryDependencies ++= Seq(
   "io.circe"             %% "circe-generic"     % CirceVersion,
   "io.circe"             %% "circe-parser"      % CirceVersion,
   "org.zeroturnaround"    % "zt-zip"            % ZeroturnaroundVersion,
-  "com.lihaoyi"          %% "os-lib"            % "0.10.0",
+  "com.lihaoyi"          %% "os-lib"            % "0.10.2",
   "com.lihaoyi"          %% "pprint"            % "0.9.0",
   "com.lihaoyi"          %% "cask"              % CaskVersion,
   "dev.scalapy"          %% "scalapy-core"      % "0.5.3",

dataflowengineoss/src/main/scala/io/appthreat/dataflowengineoss/language/package.scala

@@ -6,6 +6,8 @@ import io.appthreat.dataflowengineoss.language.nodemethods.{
     ExtendedCfgNodeMethods
 }
 import io.shiftleft.codepropertygraph.generated.nodes.*
+import io.shiftleft.semanticcpg.language.*
+import scala.language.implicitConversions
 
 package object language:
 
@@ -26,4 +28,17 @@ package object language:
 
     implicit def toDdgNodeDotSingle(method: Method): DdgNodeDot =
         new DdgNodeDot(Iterator.single(method))
+
+    implicit def toExtendedPathsTrav[NodeType <: Path](traversal: IterableOnce[NodeType])
+      : PassesExt =
+        new PassesExt(traversal.iterator)
+
+    class PassesExt(traversal: Iterator[Path]):
+
+        def passes(trav: Iterator[AstNode] => Iterator[?]): Iterator[Path] =
+            traversal.filter(_.elements.exists(_.start.where(trav).nonEmpty))
+
+        def passesNot(trav: Iterator[AstNode] => Iterator[?]): Iterator[Path] =
+            traversal.filter(_.elements.forall(_.start.where(trav).isEmpty))
+
 end language

dataflowengineoss/src/main/scala/io/appthreat/dataflowengineoss/passes/reachingdef/EdgeValidator.scala

@@ -24,6 +24,11 @@ object EdgeValidator:
             case (childNode: Expression, parentNode)
                 if isCallRetval(parentNode) || !isValidEdgeToExpression(parentNode, childNode) =>
                 false
+            case (childNode: Call, parentNode: Expression)
+                if isCallRetval(childNode) && childNode.argument.contains(parentNode) =>
+                // e.g. foo(x), but there are semantics for `foo` that don't taint its return value
+                // in which case we don't want `x` to taint `foo(x)`.
+                false
             case (childNode: Expression, parentNode: Expression)
                 if parentNode.isArgToSameCallWith(
                   childNode

dataflowengineoss/src/main/scala/io/appthreat/dataflowengineoss/passes/reachingdef/ReachingDefProblem.scala

@@ -165,7 +165,7 @@ class ReachingDefTransferFunction(flowGraph: ReachingDefFlowGraph)
     val gen: Map[StoredNode, mutable.BitSet] =
         initGen(method).withDefaultValue(mutable.BitSet())
 
-    val kill: Map[StoredNode, Set[Definition]] =
+    val kill: Map[StoredNode, mutable.BitSet] =
         initKill(method, gen).withDefaultValue(mutable.BitSet())
 
     /** For a given flow graph node `n` and set of definitions, apply the transfer function to
@@ -226,8 +226,8 @@ class ReachingDefTransferFunction(flowGraph: ReachingDefFlowGraph)
       */
     private def initKill(
       method: Method,
-      gen: Map[StoredNode, Set[Definition]]
-    ): Map[StoredNode, Set[Definition]] =
+      gen: Map[StoredNode, mutable.BitSet]
+    ): Map[StoredNode, mutable.BitSet] =
 
         val allIdentifiers: Map[String, List[CfgNode]] =
             val results = mutable.Map.empty[String, List[CfgNode]]
@@ -266,44 +266,45 @@ class ReachingDefTransferFunction(flowGraph: ReachingDefFlowGraph)
       * gen(call).
       */
     private def killsForGens(
-      genOfCall: Set[Definition],
+      genOfCall: mutable.BitSet,
       allIdentifiers: Map[String, List[CfgNode]],
       allCalls: Map[String, List[Call]]
-    ): Set[Definition] =
+    ): mutable.BitSet =
 
-        def definitionsOfSameVariable(definition: Definition): Set[Definition] =
+        def definitionsOfSameVariable(definition: Definition): Iterator[Definition] =
             val definedNodes = flowGraph.numberToNode(definition) match
                 case param: MethodParameterIn =>
-                    allIdentifiers(param.name)
+                    allIdentifiers(param.name).iterator
                         .filter(x => x.id != param.id)
                 case identifier: Identifier =>
-                    val sameIdentifiers = allIdentifiers(identifier.name)
+                    val sameIdentifiers = allIdentifiers(identifier.name).iterator
                         .filter(x => x.id != identifier.id)
 
                     /** Killing an identifier should also kill field accesses on that identifier.
                       * For example, a reassignment `x = new Box()` should kill any previous calls
                       * to `x.value`, `x.length()`, etc.
                       */
-                    val sameObjects: Iterable[Call] = allCalls.values.flatten
+                    val sameObjects: Iterator[Call] = allCalls.valuesIterator.flatten
                         .filter(_.name == Operators.fieldAccess)
                         .filter(_.ast.isIdentifier.nameExact(identifier.name).nonEmpty)
 
                     sameIdentifiers ++ sameObjects
                 case call: Call =>
-                    allCalls(call.code)
+                    allCalls(call.code).iterator
                         .filter(x => x.id != call.id)
-                case _ => Set()
+                case _ => Iterator.empty
             definedNodes
                 // It can happen that the CFG is broken and contains isolated nodes,
                 // in which case they are not in `nodeToNumber`. Let's filter those.
                 .collect {
                     case x if nodeToNumber.contains(x) => Definition.fromNode(x, nodeToNumber)
-                }.toSet
+                }
         end definitionsOfSameVariable
 
-        genOfCall.flatMap { definition =>
-            definitionsOfSameVariable(definition)
-        }
+        val res = mutable.BitSet()
+        for definition <- genOfCall do
+            res.addAll(definitionsOfSameVariable(definition))
+        res
     end killsForGens
 end ReachingDefTransferFunction
 

meta.yaml

@@ -1,4 +1,4 @@
-{% set version = "2.1.0" %}
+{% set version = "2.1.1" %}
 
 package:
   name: chen

platform/frontends/c2cpg/build.sbt

@@ -4,8 +4,8 @@ dependsOn(Projects.semanticcpg, Projects.dataflowengineoss % Test, Projects.x2cp
 
 libraryDependencies ++= Seq(
   "org.scala-lang.modules" %% "scala-parallel-collections" % "1.0.4",
-  "org.eclipse.platform"    % "org.eclipse.equinox.common"       % "3.19.0",
-  "org.eclipse.platform"    % "org.eclipse.core.resources"       % "3.20.100" excludeAll(
+  "org.eclipse.platform"    % "org.eclipse.equinox.common"       % "3.19.100",
+  "org.eclipse.platform"    % "org.eclipse.core.resources"       % "3.20.200" excludeAll(
     ExclusionRule(organization = "com.ibm.icu", name = "icu4j"),
     ExclusionRule(organization = "org.eclipse.platform", name = "org.eclipse.jface"),
     ExclusionRule(organization = "org.eclipse.platform", name = "org.eclipse.jface.text")