Is it possible to display call path? #5353
-
Is it possible to display a 'call path' with CodeQL? It appears currently only taint / data flow paths are supported. What I am looking for is for example, the path from a method executed on HTTP GET request (regardless of user provided parameters, if any) to a specific method (e.g. Is something like this possible? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
Yes, this is possible! The site you linked to mentions it here and here although it's easy too miss or easy to underestimate its potential. When you use taint or data-flow the A self-defined query-predicate is used in Here's my code that only creates a path for methods itself and not for the (control flow) basic-blocks. /**
* @kind path-problem
*/
import java
class StartMethod extends Method {
StartMethod() { getName() = "validateExpression" }
}
class TargetMethod extends Method {
TargetMethod() { getName() = "findValue" }
}
query predicate edges(Method a, Method b) { a.calls(b) }
from TargetMethod end, StartMethod entryPoint
where edges+(entryPoint, end)
select end, entryPoint, end, "Found a path from start to target." |
Beta Was this translation helpful? Give feedback.
Yes, this is possible!
The site you linked to mentions it here and here although it's easy too miss or easy to underestimate its potential.
When you use taint or data-flow the
edges
predicate is defined by thePathGraph
module.But you can also define your own
edges
query-predicate.A self-defined query-predicate is used in
@agustingianni
's blog post. It's relatively easy to port the code to "Java CodeQL".Here's my code that only creates a path for methods itself and not for the (control flow) basic-blocks.
Link to query