Update packages (#43)

* Update packages

Signed-off-by: Prabhu Subramanian <[email protected]>

* Update poetry packages

Signed-off-by: Prabhu Subramanian <[email protected]>

---------

Signed-off-by: Prabhu Subramanian <[email protected]>

README.md

@@ -190,6 +190,8 @@ chen is a fork of the popular [joern](https://github.com/joernio/joern) project.
 - Enable broader hierarchical analysis (Application + Dependency + Container + OS layer)
 - By creating a welcoming community more appropriate for beginner users with great enterprise support. We want to democratize code analysis.
 
+We don't intend for bug-to-bug compatibility and often rewrite patches to suit our needs. We also do not bring features and passes that do not add value for hierarchical analysis.
+
 ## License
 
 Apache-2.0

build.sbt

@@ -1,6 +1,6 @@
 name                     := "chen"
 ThisBuild / organization := "io.appthreat"
-ThisBuild / version      := "1.0.10"
+ThisBuild / version      := "1.1.0"
 ThisBuild / scalaVersion := "3.3.1"
 
 val cpgVersion = "1.4.22"
@@ -32,9 +32,9 @@ lazy val aggregatedProjects: Seq[ProjectReference] = Seq(
 )
 
 ThisBuild / libraryDependencies ++= Seq(
-  "org.slf4j"                % "slf4j-api"         % "2.0.7",
-  "org.apache.logging.log4j" % "log4j-slf4j2-impl" % "2.20.0" % Optional,
-  "org.apache.logging.log4j" % "log4j-core"        % "2.20.0" % Optional
+  "org.slf4j"                % "slf4j-api"         % "2.0.9",
+  "org.apache.logging.log4j" % "log4j-slf4j2-impl" % "2.22.0" % Optional,
+  "org.apache.logging.log4j" % "log4j-core"        % "2.22.0" % Optional
   // `Optional` means "not transitive", but still included in "stage/lib"
 )
 

ci/Dockerfile

@@ -1,19 +1,19 @@
-FROM almalinux:9.2-minimal
+FROM almalinux:9.3-minimal
 
 LABEL maintainer="appthreat" \
       org.opencontainers.image.authors="Team AppThreat <[email protected]>" \
       org.opencontainers.image.source="https://github.com/appthreat/chen" \
       org.opencontainers.image.url="https://github.com/appthreat/chen" \
-      org.opencontainers.image.version="1.0.x" \
+      org.opencontainers.image.version="1.1.x" \
       org.opencontainers.image.vendor="appthreat" \
       org.opencontainers.image.licenses="Apache-2.0" \
       org.opencontainers.image.title="chen" \
       org.opencontainers.image.description="Container image for AppThreat chen code analysis platform" \
       org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -v $HOME:$HOME -v $(pwd):/app:rw -it ghcr.io/appthreat/chen chennai"
 
-ARG JAVA_VERSION=20.0.2-graalce
-ARG MAVEN_VERSION=3.9.3
-ARG GRADLE_VERSION=8.2.1
+ARG JAVA_VERSION=21.0.1-graalce
+ARG MAVEN_VERSION=3.9.6
+ARG GRADLE_VERSION=8.5
 
 ENV JAVA_VERSION=$JAVA_VERSION \
     MAVEN_VERSION=$MAVEN_VERSION \

codemeta.json

@@ -7,7 +7,7 @@
   "downloadUrl": "https://github.com/AppThreat/chen",
   "issueTracker": "https://github.com/AppThreat/chen/issues",
   "name": "chen",
-  "version": "1.0.10",
+  "version": "1.1.0",
   "description": "Code Hierarchy Exploration Net (chen) is an advanced exploration toolkit for your application source code and its dependency hierarchy.",
   "applicationCategory": "code-analysis",
   "keywords": [

console/build.sbt

@@ -4,8 +4,8 @@ enablePlugins(JavaAppPackaging)
 
 val ScoptVersion          = "4.1.0"
 val CaskVersion           = "0.9.1"
-val CirceVersion          = "0.14.5"
-val ZeroturnaroundVersion = "1.15"
+val CirceVersion          = "0.14.6"
+val ZeroturnaroundVersion = "1.16"
 
 dependsOn(
   Projects.semanticcpg,
@@ -24,7 +24,7 @@ libraryDependencies ++= Seq(
   "io.circe"             %% "circe-generic"     % CirceVersion,
   "io.circe"             %% "circe-parser"      % CirceVersion,
   "org.zeroturnaround"    % "zt-zip"            % ZeroturnaroundVersion,
-  "com.lihaoyi"          %% "os-lib"            % "0.9.1",
+  "com.lihaoyi"          %% "os-lib"            % "0.9.2",
   "com.lihaoyi"          %% "pprint"            % "0.8.1",
   "com.lihaoyi"          %% "cask"              % CaskVersion,
   "dev.scalapy"          %% "scalapy-core"      % "0.5.3",

console/src/main/scala/io/appthreat/console/BridgeBase.scala

@@ -240,9 +240,12 @@ trait InteractiveShell:
           replpp.Config(
             predefFiles = predefFile +: config.additionalImports,
             nocolors = config.nocolors,
-            dependencies = config.dependencies,
-            resolvers = config.resolvers,
-            verbose = config.verbose,
+            classpathConfig = replpp.Config
+                .ForClasspath(
+                  inheritClasspath = true,
+                  dependencies = config.dependencies,
+                  resolvers = config.resolvers
+                ),
             greeting = Option(greeting),
             prompt = Option(promptStr),
             onExitCode = Option(onExitCode),
@@ -268,14 +271,19 @@ trait ScriptExecution:
                 scriptFile = Option(scriptFile),
                 command = config.command,
                 params = config.params,
-                dependencies = config.dependencies,
-                resolvers = config.resolvers,
-                verbose = config.verbose
+                verbose = config.verbose,
+                classpathConfig = replpp.Config
+                    .ForClasspath(
+                      inheritClasspath = true,
+                      dependencies = config.dependencies,
+                      resolvers = config.resolvers
+                    )
               )
             )
             if config.verbose && scriptReturn.isFailure then
                 println(scriptReturn.failed.get.getMessage)
             scriptReturn
+        end if
     end runScript
 
     /** For the given config, generate a list of commands to import the CPG
@@ -392,9 +400,13 @@ trait ServerHandling:
 
         val baseConfig = replpp.Config(
           predefFiles = predefFile +: config.additionalImports,
-          dependencies = config.dependencies,
-          resolvers = config.resolvers,
-          verbose = false
+          verbose = true, // always print what's happening - helps debugging
+          classpathConfig = replpp.Config
+              .ForClasspath(
+                inheritClasspath = true,
+                dependencies = config.dependencies,
+                resolvers = config.resolvers
+              )
         )
 
         replpp.server.ReplServer.startHttpServer(

dataflowengineoss/src/main/scala/io/appthreat/dataflowengineoss/queryengine/AccessPathUsage.scala

@@ -43,11 +43,14 @@ object AccessPathUsage:
                     // assume: MemberAccess.isGenericMemberAccessName(call.name)
                     val argOne = memberAccess.argumentOption(1)
                     if argOne.isEmpty then
-                        logger.warn(s"Missing first argument on call ${memberAccess.code}.")
+                        logger.debug(s"Missing first argument on call ${memberAccess.code}.")
                         return (TrackedUnknown, Nil)
                     val (base, tail) = toTrackedBaseAndAccessPathInternal(argOne.get)
                     val path         = AccessPathHandling.memberAccessToPath(memberAccess, tail)
                     (base, path)
+                case _ =>
+                    logger.debug(s"Missing handling for node type ${node.getClass}.")
+                    (TrackedUnknown, Nil)
         end if
     end toTrackedBaseAndAccessPathInternal
 end AccessPathUsage

meta.yaml

@@ -1,4 +1,4 @@
-{% set version = "1.0.10" %}
+{% set version = "1.1.0" %}
 
 package:
   name: chen

platform/frontends/c2cpg/src/main/scala/io/appthreat/c2cpg/astcreation/AstCreatorHelper.scala

@@ -23,6 +23,7 @@ import org.eclipse.cdt.internal.core.dom.parser.cpp.{CPPASTIdExpression, CPPFunc
 import org.eclipse.cdt.internal.core.dom.parser.cpp.CPPASTArrayRangeDesignator
 import org.eclipse.cdt.internal.core.dom.parser.cpp.semantics.EvalMemberAccess
 import org.eclipse.cdt.internal.core.dom.parser.cpp.CPPASTFieldReference
+import org.eclipse.cdt.internal.core.dom.parser.cpp.CPPMethod
 import org.eclipse.cdt.internal.core.model.ASTStringUtil
 
 import java.nio.file.{Path, Paths}
@@ -31,10 +32,6 @@ import scala.collection.mutable
 
 object AstCreatorHelper:
 
-    // maximum length of code fields in number of characters
-    private val MaxCodeLength: Int = 1000
-    private val MinCodeLength: Int = 50
-
     implicit class OptionSafeAst(val ast: Ast) extends AnyVal:
         def withArgEdge(src: NewNode, dst: Option[NewNode]): Ast = dst match
             case Some(value) => ast.withArgEdge(src, value)
@@ -81,6 +78,8 @@ trait AstCreatorHelper(implicit withSchemaValidation: ValidationMode):
           _.asFileLocation()
         )
 
+    protected def code(node: IASTNode): String = shortenCode(nodeSignature(node))
+
     protected def fileName(node: IASTNode): String =
         val path = nullSafeFileLocation(node).map(_.getFileName).getOrElse(filename)
         SourceFiles.toRelativePath(path, config.inputPath)
@@ -208,6 +207,10 @@ trait AstCreatorHelper(implicit withSchemaValidation: ValidationMode):
                 s.getEvaluation match
                     case evaluation: EvalMemberAccess =>
                         cleanType(evaluation.getOwnerType.toString, stripKeywords)
+                    case evalBinding: EvalBinding =>
+                        evalBinding.getBinding match
+                            case m: CPPMethod => cleanType(fullName(m.getDefinition))
+                            case _ => cleanType(ASTTypeUtil.getNodeType(s), stripKeywords)
                     case _ => cleanType(ASTTypeUtil.getNodeType(s), stripKeywords)
             case _: IASTIdExpression | _: IASTName | _: IASTDeclarator =>
                 cleanType(ASTTypeUtil.getNodeType(node), stripKeywords)
@@ -228,9 +231,6 @@ trait AstCreatorHelper(implicit withSchemaValidation: ValidationMode):
         end match
     end typeFor
 
-    protected def shortenCode(code: String, length: Int = MaxCodeLength): String =
-        StringUtils.abbreviate(code, math.max(MinCodeLength, length))
-
     private def notHandledText(node: IASTNode): String =
         s"""Node '${node.getClass.getSimpleName}' not handled yet!
        |  Code: '${node.getRawSignature}'

platform/frontends/c2cpg/src/main/scala/io/appthreat/c2cpg/astcreation/AstForExpressionsCreator.scala

@@ -126,6 +126,8 @@ trait AstForExpressionsCreator(implicit withSchemaValidation: ValidationMode):
             // much sense anyway.
             case Some(r: NewIdentifier) if r.name == shortName =>
                 callAst(cpgCall, args)
+            case Some(r: NewMethodRef) if r.code == shortName =>
+                callAst(cpgCall, args)
             case Some(_) =>
                 callAst(cpgCall, args, Option(rec))
             case None =>

platform/frontends/c2cpg/src/main/scala/io/appthreat/c2cpg/astcreation/AstForPrimitivesCreator.scala

@@ -2,8 +2,11 @@ package io.appthreat.c2cpg.astcreation
 
 import io.shiftleft.codepropertygraph.generated.{DispatchTypes, Operators}
 import io.appthreat.x2cpg.{Ast, ValidationMode}
+import io.shiftleft.codepropertygraph.generated.nodes.NewMethodRef
 import org.eclipse.cdt.core.dom.ast.*
+import org.eclipse.cdt.internal.core.dom.parser.c.ICInternalBinding
 import org.eclipse.cdt.internal.core.dom.parser.cpp.CPPASTQualifiedName
+import org.eclipse.cdt.internal.core.dom.parser.cpp.ICPPInternalBinding
 import org.eclipse.cdt.internal.core.model.ASTStringUtil
 
 trait AstForPrimitivesCreator(implicit withSchemaValidation: ValidationMode):
@@ -16,43 +19,75 @@ trait AstForPrimitivesCreator(implicit withSchemaValidation: ValidationMode):
         val tpe = cleanType(ASTTypeUtil.getType(lit.getExpressionType))
         Ast(literalNode(lit, nodeSignature(lit), registerType(tpe)))
 
+    private def namesForBinding(binding: ICInternalBinding | ICPPInternalBinding)
+      : (Option[String], Option[String]) =
+        val definition = binding match
+            // sadly, there is no common interface defining .getDefinition
+            case b: ICInternalBinding   => b.getDefinition.asInstanceOf[IASTFunctionDeclarator]
+            case b: ICPPInternalBinding => b.getDefinition.asInstanceOf[IASTFunctionDeclarator]
+        val typeFullName = definition.getParent match
+            case d: IASTFunctionDefinition => Some(typeForDeclSpecifier(d.getDeclSpecifier))
+            case _                         => None
+        (Some(this.fullName(definition)), typeFullName)
+
+    private def maybeMethodRefForIdentifier(ident: IASTNode): Option[NewMethodRef] =
+        ident match
+            case id: IASTIdExpression if id.getName != null =>
+                id.getName.resolveBinding()
+                val (mayBeFullName, mayBeTypeFullName) = id.getName.getBinding match
+                    case binding: ICInternalBinding
+                        if binding.getDefinition.isInstanceOf[IASTFunctionDeclarator] =>
+                        namesForBinding(binding)
+                    case binding: ICPPInternalBinding
+                        if binding.getDefinition.isInstanceOf[IASTFunctionDeclarator] =>
+                        namesForBinding(binding)
+                    case _ => (None, None)
+                for
+                    fullName     <- mayBeFullName
+                    typeFullName <- mayBeTypeFullName
+                yield methodRefNode(ident, code(ident), fullName, typeFullName)
+            case _ => None
+
     protected def astForIdentifier(ident: IASTNode): Ast =
-        val identifierName = ident match
-            case id: IASTIdExpression => ASTStringUtil.getSimpleName(id.getName)
-            case id: IASTName if ASTStringUtil.getSimpleName(id).isEmpty && id.getBinding != null =>
-                id.getBinding.getName
-            case id: IASTName if ASTStringUtil.getSimpleName(id).isEmpty =>
-                uniqueName("name", "", "")._1
-            case _ => nodeSignature(ident)
-        val variableOption = scope.lookupVariable(identifierName)
-        val identifierTypeName = variableOption match
-            case Some((_, variableTypeName)) => variableTypeName
-            case None
-                if ident.isInstanceOf[IASTName] && ident.asInstanceOf[
-                  IASTName
-                ].getBinding != null =>
-                val id = ident.asInstanceOf[IASTName]
-                id.getBinding match
-                    case v: IVariable =>
-                        v.getType match
-                            case f: IFunctionType => f.getReturnType.toString
-                            case other            => other.toString
-                    case other => other.getName
-            case None if ident.isInstanceOf[IASTName] =>
-                typeFor(ident.getParent)
-            case None => typeFor(ident)
-
-        val node = identifierNode(
-          ident,
-          identifierName,
-          nodeSignature(ident),
-          registerType(cleanType(identifierTypeName))
-        )
-        variableOption match
-            case Some((variable, _)) =>
-                Ast(node).withRefEdge(node, variable)
-            case None => Ast(node)
-    end astForIdentifier
+        maybeMethodRefForIdentifier(ident) match
+            case Some(ref) => Ast(ref)
+            case None =>
+                val identifierName = ident match
+                    case id: IASTIdExpression => ASTStringUtil.getSimpleName(id.getName)
+                    case id: IASTName
+                        if ASTStringUtil.getSimpleName(id).isEmpty && id.getBinding != null =>
+                        id.getBinding.getName
+                    case id: IASTName if ASTStringUtil.getSimpleName(id).isEmpty =>
+                        uniqueName("name", "", "")._1
+                    case _ => code(ident)
+                val variableOption = scope.lookupVariable(identifierName)
+                val identifierTypeName = variableOption match
+                    case Some((_, variableTypeName)) => variableTypeName
+                    case None
+                        if ident.isInstanceOf[IASTName] && ident.asInstanceOf[
+                          IASTName
+                        ].getBinding != null =>
+                        val id = ident.asInstanceOf[IASTName]
+                        id.getBinding match
+                            case v: IVariable =>
+                                v.getType match
+                                    case f: IFunctionType => f.getReturnType.toString
+                                    case other            => other.toString
+                            case other => other.getName
+                    case None if ident.isInstanceOf[IASTName] =>
+                        typeFor(ident.getParent)
+                    case None => typeFor(ident)
+
+                val node = identifierNode(
+                  ident,
+                  identifierName,
+                  code(ident),
+                  registerType(cleanType(identifierTypeName))
+                )
+                variableOption match
+                    case Some((variable, _)) =>
+                        Ast(node).withRefEdge(node, variable)
+                    case None => Ast(node)
 
     protected def astForFieldReference(fieldRef: IASTFieldReference): Ast =
         val op = if fieldRef.isPointerDereference then Operators.indirectFieldAccess

platform/frontends/c2cpg/src/main/scala/io/appthreat/c2cpg/astcreation/AstForStatementsCreator.scala

@@ -204,7 +204,13 @@ trait AstForStatementsCreator(implicit withSchemaValidation: ValidationMode):
         val code       = s"while (${nullSafeCode(whileStmt.getCondition)})"
         val compareAst = astForConditionExpression(whileStmt.getCondition)
         val bodyAst    = nullSafeAst(whileStmt.getBody)
-        whileAst(Some(compareAst), bodyAst, Some(code))
+        whileAst(
+          Some(compareAst),
+          bodyAst,
+          Some(code),
+          lineNumber = line(whileStmt),
+          columnNumber = column(whileStmt)
+        )
 
     private def astForIf(ifStmt: IASTIfStatement): Ast =
         val (code, conditionAst) = ifStmt match