Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[jimple2cpg] Consistent & Recursive JAR/WAR Unpacking #3078

Merged
merged 9 commits into from
Jul 11, 2023
Merged

[jimple2cpg] Consistent & Recursive JAR/WAR Unpacking #3078

merged 9 commits into from
Jul 11, 2023

Conversation

badly-drawn-wizards
Copy link
Contributor

@badly-drawn-wizards badly-drawn-wizards commented Jul 11, 2023
edited by DavidBakerEffendi
Loading

Add consistent recursive jar unpacking.

Previously jimple2cpg would have two distinct
code paths when importing a directory containing a
jar (which would unpack the jar) compared to importing
a jar directly (which would load it with soot).

This led to strange names starting with META-INF for method nodes when importing a jar directly.

This change does the following

  • Always use the unpacking behaviour for jars
  • Remove jimple from the source files being processed
    (It can be added back if needed downstream)
  • Keep the .apk/.dex behaviour if imported directly (but not if contained
    in a directory). This maintains the existing behaviour.
  • Checks for zip-slips along the way

@badly-drawn-wizards
Add nix flake devShell.
2854777
@badly-drawn-wizards
Add graphviz to flake.
85b757c
@badly-drawn-wizards
Remove irrelevant argument
97ec306
@badly-drawn-wizards
Add consistent recursive jar unpacking.
a7185b1 
Previously jimple2cpg would have two distinct
code paths when importing a directory containing a
jar (which would unpack the jar) compared to importing
a jar directly (which would load it with soot).

This change does the following
- Always use the unpacking behaviour for jars
- Remove jimple from the source files being processed
  (It can be added back if needed downstream)
- Keep the .apk/.dex behaviour if imported directly (but not if contained
in a directory). This maintains the existing behaviour.

Some remaining work is to:
- add docstrings
- add unit tests for recursive unpacking
- add unit tests for .apk/.dex (maybe)
@badly-drawn-wizards badly-drawn-wizards changed the title Recursive jar unpacking. [jimple2cpg] recursive jar unpacking. Jul 11, 2023
@badly-drawn-wizards badly-drawn-wizards changed the title [jimple2cpg] recursive jar unpacking. [jimple2cpg] recursive jar unpacking Jul 11, 2023
@DavidBakerEffendi DavidBakerEffendi added enhancement New feature or request jvm Relates to jimple2cpg labels Jul 11, 2023
DavidBakerEffendi
DavidBakerEffendi requested changes Jul 11, 2023
View reviewed changes
Copy link
Collaborator

@DavidBakerEffendi DavidBakerEffendi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really good PR! The suggestions are mostly about Scala style related stuff

.envrc Outdated Show resolved Hide resolved
joern-cli/frontends/jimple2cpg/src/main/scala/io/joern/jimple2cpg/Jimple2Cpg.scala Outdated Show resolved Hide resolved
...n-cli/frontends/jimple2cpg/src/main/scala/io/joern/jimple2cpg/util/ProgramHandlingUtil.scala Outdated Show resolved Hide resolved
...n-cli/frontends/jimple2cpg/src/main/scala/io/joern/jimple2cpg/util/ProgramHandlingUtil.scala Outdated Show resolved Hide resolved
...n-cli/frontends/jimple2cpg/src/main/scala/io/joern/jimple2cpg/util/ProgramHandlingUtil.scala Show resolved Hide resolved
...n-cli/frontends/jimple2cpg/src/main/scala/io/joern/jimple2cpg/util/ProgramHandlingUtil.scala Outdated Show resolved Hide resolved
...n-cli/frontends/jimple2cpg/src/main/scala/io/joern/jimple2cpg/util/ProgramHandlingUtil.scala Show resolved Hide resolved
...n-cli/frontends/jimple2cpg/src/main/scala/io/joern/jimple2cpg/util/ProgramHandlingUtil.scala Outdated Show resolved Hide resolved
...n-cli/frontends/jimple2cpg/src/main/scala/io/joern/jimple2cpg/util/ProgramHandlingUtil.scala Outdated Show resolved Hide resolved
...n-cli/frontends/jimple2cpg/src/main/scala/io/joern/jimple2cpg/util/ProgramHandlingUtil.scala Outdated Show resolved Hide resolved
fabsx00
fabsx00 reviewed Jul 11, 2023
View reviewed changes
flake.lock Outdated Show resolved Hide resolved
fabsx00
fabsx00 reviewed Jul 11, 2023
View reviewed changes
flake.nix Outdated Show resolved Hide resolved
@DavidBakerEffendi DavidBakerEffendi changed the title [jimple2cpg] recursive jar unpacking [jimple2cpg] Recursive JAR/WAR Unpacking Jul 11, 2023
@DavidBakerEffendi DavidBakerEffendi changed the title [jimple2cpg] Recursive JAR/WAR Unpacking [jimple2cpg] Consistent & Recursive JAR/WAR Unpacking Jul 11, 2023
@badly-drawn-wizards
Add javadocs and use copy instead of move
728897e 
Since we recursively search, the class files found
may include those in the original source directory,
which we do not want to move. So we just copy instead.
@DavidBakerEffendi DavidBakerEffendi marked this pull request as ready for review July 11, 2023 13:22
@DavidBakerEffendi DavidBakerEffendi merged commit 9aa30c0 into joernio:master Jul 11, 2023
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabsx00 fabsx00 fabsx00 approved these changes

@DavidBakerEffendi DavidBakerEffendi DavidBakerEffendi approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request jvm Relates to jimple2cpg
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@badly-drawn-wizards @fabsx00 @DavidBakerEffendi