Automatically invoke cdxgen while importing code (#65)

* Automatically invoke cdxgen while importing code

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Use dynamic source

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

---------

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

Author: prabhu

.gitignore

@@ -58,3 +58,5 @@ chen.zip
 project/metals.sbt
 conda-out/
 notebooks/.ipynb_checkpoints/
+*.slices.json
+

build.sbt

@@ -1,6 +1,6 @@
 name                     := "chen"
 ThisBuild / organization := "io.appthreat"
-ThisBuild / version      := "2.0.3"
+ThisBuild / version      := "2.0.4"
 ThisBuild / scalaVersion := "3.3.1"
 
 val cpgVersion = "1.0.0"

codemeta.json

@@ -7,7 +7,7 @@
   "downloadUrl": "https://github.com/AppThreat/chen",
   "issueTracker": "https://github.com/AppThreat/chen/issues",
   "name": "chen",
-  "version": "2.0.3",
+  "version": "2.0.4",
   "description": "Code Hierarchy Exploration Net (chen) is an advanced exploration toolkit for your application source code and its dependency hierarchy.",
   "applicationCategory": "code-analysis",
   "keywords": [

console/src/main/scala/io/appthreat/console/BridgeBase.scala

@@ -290,7 +290,7 @@ trait ScriptExecution:
       */
     private def importCpgCode(config: Config): List[String] =
         config.cpgToLoad.map { cpgFile =>
-            "importCpg(\"" + cpgFile + "\")"
+            "importAtom(\"" + cpgFile + "\")"
         }.toList ++ config.forInputPath.map { name =>
             s"""
          |openForInputPath(\"$name\")
@@ -340,9 +340,8 @@ trait PluginHandling:
 
         val storeCode = if config.store then "save"
         else ""
-        val runDataflow = if productName == "ocular" then "run.dataflow"
-        else "run.ossdataflow"
-        val argsString = argsStringFromConfig(config)
+        val runDataflow = "run.ossdataflow"
+        val argsString  = argsStringFromConfig(config)
 
         s"""
        | if (${config.overwrite} || !workspace.projectExists("$src")) {

console/src/main/scala/io/appthreat/console/ConsoleConfig.scala

@@ -12,12 +12,12 @@ import scala.collection.mutable
   */
 class InstallConfig(environment: Map[String, String] = sys.env):
 
-    /** determining the root path of the joern/ocular installation is rather complex unfortunately,
-      * because we support a variety of use cases:
+    /** determining the root path of the installation is rather complex unfortunately, because we
+      * support a variety of use cases:
       *   - running the installed distribution from the install dir
       *   - running the installed distribution anywhere else on the system
-      *   - running a locally staged ocular/joern build (via `sbt stage` and then either `./joern`
-      *     or `cd platform/target/universal/stage; ./joern`)
+      *   - running a locally staged build (via `sbt stage` and then either `./chennai` or `cd
+      *     platform/target/universal/stage; ./chennai`)
       *   - running a unit/integration test (note: the jars would be in the local cache, e.g. in
       *     ~/.coursier/cache)
       */

console/src/main/scala/io/appthreat/console/cpgcreation/AtomGenerator.scala

@@ -14,23 +14,38 @@ case class AtomGenerator(
   sliceMode: String = "reachables",
   slicesFile: String = "reachables.slices.json"
 ) extends CpgGenerator:
-    private lazy val command: String = "atom"
+    private lazy val command: String       = sys.env.getOrElse("ATOM_CMD", "atom")
+    private lazy val cdxgenCommand: String = sys.env.getOrElse("CDXGEN_CMD", "cdxgen")
 
     /** Generate an atom for the given input path. Returns the output path, or None, if no CPG was
       * generated.
       */
     override def generate(inputPath: String, outputPath: String = "app.atom"): Try[String] =
+        // If there is no bom.json file in the root directory, attempt to automatically invoke cdxgen
+        val bomPath = File(inputPath) / "bom.json"
+        if !bomPath.exists then
+            val cdxLanguage = language.toLowerCase().replace("src", "")
+            val arguments = Seq(
+              "-t",
+              cdxLanguage,
+              "--deep",
+              "-o",
+              (File(inputPath) / "bom.json").pathAsString,
+              inputPath
+            )
+            runShellCommand(cdxgenCommand, arguments)
         val arguments = Seq(
           sliceMode,
           "-s",
-          slicesFile,
+          (File(inputPath) / slicesFile).pathAsString,
           "--output",
           (File(inputPath) / outputPath).pathAsString,
           "--language",
           language,
           inputPath
         ) ++ config.cmdLineParams
         runShellCommand(command, arguments).map(_ => (File(inputPath) / outputPath).pathAsString)
+    end generate
 
     override def isAvailable: Boolean = true
 

console/src/test/scala/io/appthreat/console/LanguageHelperTests.scala

@@ -26,47 +26,47 @@ class LanguageHelperTests extends AnyWordSpec with Matchers {
     }
 
     "guess `JavaSrc` for a directory containing `.java`" in {
-      File.usingTemporaryDirectory("oculartests") { tmpDir =>
+      File.usingTemporaryDirectory("chentests") { tmpDir =>
         val subdir = mkdir(tmpDir / "subdir")
         touch(subdir / "ServiceIdentifierComposerVisitorBasedStrategy.java")
         guessLanguage(tmpDir.pathAsString) shouldBe Some(Languages.JAVASRC)
       }
     }
 
     "guess `Go` for a directory containing `Gopkg.lock`" in {
-      File.usingTemporaryDirectory("oculartests") { tmpDir =>
+      File.usingTemporaryDirectory("chentests") { tmpDir =>
         val subdir = mkdir(tmpDir / "subdir")
         touch(subdir / "Gopkg.lock")
         guessLanguage(tmpDir.pathAsString) shouldBe Some(Languages.GOLANG)
       }
     }
 
     "guess `Go` for a directory containing `Gopkg.toml`" in {
-      File.usingTemporaryDirectory("oculartests") { tmpDir =>
+      File.usingTemporaryDirectory("chentests") { tmpDir =>
         val subdir = mkdir(tmpDir / "subdir")
         touch(subdir / "Gopkg.toml")
         guessLanguage(tmpDir.pathAsString) shouldBe Some(Languages.GOLANG)
       }
     }
 
     "guess `Javascript` for a directory containing `package.json`" in {
-      File.usingTemporaryDirectory("oculartests") { tmpDir =>
+      File.usingTemporaryDirectory("chentests") { tmpDir =>
         val subdir = mkdir(tmpDir / "subdir")
         touch(subdir / "package.json")
         guessLanguage(tmpDir.pathAsString) shouldBe Some(Languages.JSSRC)
       }
     }
 
     "guess `C` for a directory containing .ll (LLVM) file" in {
-      File.usingTemporaryDirectory("oculartests") { tmpDir =>
+      File.usingTemporaryDirectory("chentests") { tmpDir =>
         val subdir = mkdir(tmpDir / "subdir")
         touch(subdir / "foobar.ll")
         guessLanguage(tmpDir.pathAsString) shouldBe Some(Languages.LLVM)
       }
     }
 
     "guess the language with the largest number of files" in {
-      File.usingTemporaryDirectory("oculartests") { tmpDir =>
+      File.usingTemporaryDirectory("chentests") { tmpDir =>
         val subdir = mkdir(tmpDir / "subdir")
         touch(subdir / "source.c")
         touch(subdir / "source.java")
@@ -79,7 +79,7 @@ class LanguageHelperTests extends AnyWordSpec with Matchers {
     }
 
     "not find anything for an empty directory" in {
-      File.usingTemporaryDirectory("oculartests") { tmpDir =>
+      File.usingTemporaryDirectory("chentests") { tmpDir =>
         guessLanguage(tmpDir.pathAsString) shouldBe None
       }
     }

macros/src/main/scala/io/appthreat/console/QueryDatabase.scala

@@ -44,7 +44,7 @@ class QueryDatabase(
             // the namespace currently looks like `io.appthreat.scanners.c.CopyLoops`
             val namespaceParts = bundleNamespace.split('.')
             val language =
-                if bundleNamespace.startsWith("io.appthreat.ocular.scanners") then
+                if bundleNamespace.startsWith("io.appthreat.chen.scanners") then
                     namespaceParts(4)
                 else if namespaceParts.length > 3 then
                     namespaceParts(3)

meta.yaml

@@ -1,4 +1,4 @@
-{% set version = "2.0.3" %}
+{% set version = "2.0.4" %}
 
 package:
   name: chen

platform/src/main/scala/io/appthreat/chencli/console/ChenConsole.scala

@@ -33,7 +33,7 @@ class ChenConsole extends Console[ChenProject](new ChenWorkspaceLoader):
             .getOrElse(EngineContext())
 
     def loadCpg(inputPath: String): Option[Cpg] =
-        report("Deprecated. Please use `importCpg` instead")
+        report("Deprecated. Please use `importAtom` instead")
         importCpg(inputPath)
 
     override def applyDefaultOverlays(cpg: Cpg): Cpg =

platform/src/main/scala/io/appthreat/chencli/console/Predefined.scala

@@ -23,16 +23,24 @@ object Predefined:
           """
         |def reachables(sinkTag: String, sourceTag: String, sourceTags: Array[String])(implicit atom: Cpg): Unit = {
         |  try {
-        |    def source=atom.tag.name(sourceTag).parameter
+        |    val language = atom.metaData.language.l.head
         |    def sources=sourceTags.map(t => atom.tag.name(t).parameter)
-        |    def sink=atom.ret.where(_.tag.name(sinkTag))
-        |    sink.df(source, sources).t
+        |    if language == Languages.JSSRC || language == Languages.JAVASCRIPT || language == Languages.PYTHON || language == Languages.PYTHONSRC
+        |    then
+        |      def source = atom.tag.name(sourceTag).call.argument
+        |      def sink = atom.tag.name(sinkTag).call.argument
+        |      sink.df(source, sources).t
+        |    else
+        |       def source=atom.tag.name(sourceTag).parameter
+        |       def sink=atom.ret.where(_.tag.name(sinkTag))
+        |       sink.df(source, sources).t
+        |    end if
         |  } catch {
         |    case exc: Exception =>
         |  }
         |}
         |
-        |def reachables(implicit atom: Cpg): Unit = reachables("framework-output", "framework-input", Array("api"))
+        |def reachables(implicit atom: Cpg): Unit = reachables("framework-output", "framework-input", Array("api", "framework", "http", "cli-source", "library-call"))
         |
         |""".stripMargin
         )

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "appthreat-chen"
-version = "2.0.3"
+version = "2.0.4"
 description = "Code Hierarchy Exploration Net (chen)"
 authors = ["Team AppThreat <cloud@appthreat.com>"]
 license = "Apache-2.0"