### Copy Application Configuration Example Source: https://github.com/fraunhofer-aisec/cpg/blob/main/codyze-console/README.md Copies the example application configuration file to be edited for LLM provider setup. ```bash cp codyze-console/src/main/resources/application.conf.example codyze-console/src/main/resources/application.conf ``` -------------------------------- ### Start Frontend Dev Server Source: https://github.com/fraunhofer-aisec/cpg/blob/main/AGENTS.md Starts the development server for the codyze-console frontend. ```bash cd codyze-console/src/main/webapp pnpm run dev ``` -------------------------------- ### Start Svelte Development Server Source: https://github.com/fraunhofer-aisec/cpg/blob/main/codyze-console/src/main/webapp/README.md Run 'npm run dev' to start the development server. Use '-- --open' to automatically open the application in a new browser tab. ```bash npm run dev # or start the server and open the app in a new browser tab npm run dev -- --open ``` -------------------------------- ### LLM Client Configuration Example Source: https://github.com/fraunhofer-aisec/cpg/blob/main/codyze-console/README.md Example HOCON configuration for setting up LLM clients like Ollama, OpenAI, and Gemini. Configure the baseUrl and apiKeyEnv for each client as needed. ```hocon llm { clients { ollama { baseUrl = "http://localhost:11434" } openai { baseUrl = "https://api.openai.com" apiKeyEnv = "CODYZE_OPENAI_API_KEY" } gemini { baseUrl = "https://generativelanguage.googleapis.com/v1beta" apiKeyEnv = "CODYZE_GEMINI_API_KEY" } } } ``` -------------------------------- ### Install Frontend Dependencies Source: https://github.com/fraunhofer-aisec/cpg/blob/main/AGENTS.md Installs Node.js dependencies for the codyze-console frontend using pnpm. ```bash cd codyze-console/src/main/webapp pnpm install ``` -------------------------------- ### Install MCP-to-OpenAPI Proxy Source: https://github.com/fraunhofer-aisec/cpg/blob/main/cpg-mcp/src/main/kotlin/de/fraunhofer/aisec/cpg/mcp/OpenWebUI.md Installs the necessary proxy package using pip. Ensure you have Python and pip installed. ```bash pip install mcpo ``` -------------------------------- ### Start Codyze Console Standalone Source: https://github.com/fraunhofer-aisec/cpg/blob/main/codyze-console/README.md Use this command to start only the Codyze console application. ```bash ./gradlew :codyze:run --args="console" ``` -------------------------------- ### Start MCP Proxy Server Source: https://github.com/fraunhofer-aisec/cpg/blob/main/cpg-mcp/src/main/kotlin/de/fraunhofer/aisec/cpg/mcp/OpenWebUI.md Starts the MCP proxy server, forwarding requests to the CPG MCP server. The port and path to the CPG MCP server binary should be adjusted as needed. ```bash uvx mcpo --port 8000 -- /path/to/cpg-mcp/build/install/cpg-mcp/bin/cpg-mcp ``` -------------------------------- ### Build Project Distribution using Gradle Source: https://github.com/fraunhofer-aisec/cpg/blob/main/cpg-neo4j/README.md This command builds and installs a distribution of the project using Gradle. Ensure gradle.properties is configured before running. ```bash ../gradlew installDist ``` -------------------------------- ### Clone Repository Source: https://github.com/fraunhofer-aisec/cpg/blob/main/CONTRIBUTING.md Clone your forked repository to start contributing. ```bash git clone https://github.com/<<>>/TODO.git ``` -------------------------------- ### C Source for Backward DFG Example Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/examples.md Provides C code demonstrating safe and unsafe usage of an 'encrypt' function, used to test DFG analysis. ```c #include /* Encrypts data using `key`. The key should always be a known constant. */ void encrypt(const char *data, const char *key); /* Safe: key is always a string literal */ void process_safe(const char *data) { encrypt(data, "s3cr3t_k3y"); } /* Unsafe: key comes from a function parameter (potentially attacker-controlled) */ void process_unsafe(const char *data, const char *user_key) { encrypt(data, user_key); } ``` -------------------------------- ### Detailed Query Output Example Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/query.md This output illustrates the step-by-step reasoning for a query in detailed mode, showing intermediate values and conditions. ```text all (==> false) -------- Starting at Call[name=memcpy,location=vulnerable.cpp(3:5-3:38),type=UNKNOWN,base=]: 5 > 11 (==> false) ------------------------ sizeof(Reference[Reference[name=array,location=vulnerable.cpp(2:10-2:28),initializer=Literal[location=vulnerable.cpp(2:21-2:28),type=PointerType[name=char[]],value=hello]]]) (==> 5) ---------------------------------------- ------------------------ sizeof(Literal[location=vulnerable.cpp(3:19-3:32),type=PointerType[name=char[]],value=Hello world]) (==> 11) ---------------------------------------- ------------------------ -------- ``` -------------------------------- ### Example: Inferring Algorithm Value Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/query_examples.md This example demonstrates how to infer the value of a variable after a function call, based on conditional logic. ```scala val algo = read_from_file(/* some file */); if (val != "AES") { throw Exception(); } val cipher = initialize_cipher(algo); // at this point one can infer that algo must have the value "AES" ``` -------------------------------- ### Run Local Development Server for Documentation Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/README.md Starts a local development server to view the CPG documentation. This command maps port 8000 and mounts the current directory to the container. ```shell docker run --rm -it -p 8000:8000 -v ${PWD}:/docs mkdocs-material ``` -------------------------------- ### Build Codyze Distribution Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/codyze.md Build and install a distribution of Codyze using Gradle. Ensure 'gradle.properties' is configured before building. ```bash ./gradlew :codyze:installDist ``` -------------------------------- ### Run MCP Server with HTTP Source: https://github.com/fraunhofer-aisec/cpg/blob/main/AGENTS.md Starts the cpg-mcp server with streamable HTTP enabled on a specified port. ```bash ./gradlew :cpg-mcp:run --args="--http 8080" ``` -------------------------------- ### Kotlin Example of Scope Management Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/CPG/impl/scopes.md Demonstrates how to use ScopeManager in Kotlin to enter and leave scopes, and add declarations. Essential for frontend and pass developers. ```kotlin // We are inside the global scope here and want to create a new function var func = newFunctionDeclaration("main") // Create a function scope scopeManager.enterScope(func) // Create a block scope for the body because our language works this way var body = newBlock() func.body = body scopeManager.enterScope(body) // Add statements here body.statements += /* ... */ // Leave block scope scopeManager.leaveScope(body) // Back to global scope, add the function to global scope scopeManager.leaveScope(func) system.addDeclaration(func) ``` -------------------------------- ### Start Codyze Console with Compliance Scan Source: https://github.com/fraunhofer-aisec/cpg/blob/main/codyze-console/README.md Initiates a compliance scan of a specified project directory and runs the console. Ensure to replace with the actual project directory. ```bash ./gradlew :codyze:run --args="compliance scan --project-dir --console=true" ``` -------------------------------- ### Less Detailed Query Output Example Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/query.md This output shows the final result and input nodes for a query in less detailed mode. ```text [Call[name=memcpy,location=vulnerable.cpp(3:5-3:38),type=UNKNOWN,base=]] ``` -------------------------------- ### followPrevCDGUntilHit Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/reference.md Follows control-dependence (CDG) edges backward from a starting node to find nodes that control the execution of the starting node. Supports optional interprocedural analysis and early termination. ```APIDOC ## followPrevCDGUntilHit ### Description Follows control-dependence (CDG) edges backward from `this` node to find nodes that control whether `this` is executed (e.g., the conditions of `if` statements). ### Method Signature ```kotlin fun Node.followPrevCDGUntilHit( collectFailedPaths: Boolean = true, findAllPossiblePaths: Boolean = true, interproceduralAnalysis: Boolean = false, interproceduralMaxDepth: Int? = null, earlyTermination: (Node, Context) -> Boolean = { _, _ -> false }, predicate: (Node) -> Boolean, ): FulfilledAndFailedPaths ``` ### Parameters - **collectFailedPaths** (Boolean) - Optional - Whether to collect paths that do not satisfy the predicate. - **findAllPossiblePaths** (Boolean) - Optional - Whether to find all possible paths. - **interproceduralAnalysis** (Boolean) - Optional - Whether to perform interprocedural analysis. - **interproceduralMaxDepth** (Int?) - Optional - The maximum depth for interprocedural analysis. - **earlyTermination** ((Node, Context) -> Boolean) - Optional - A function to determine if traversal should terminate early. - **predicate** ((Node) -> Boolean) - Required - A function that returns true if the node satisfies the condition. ``` -------------------------------- ### C Source for Intraprocedural DFG Example Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/examples.md Provides C code for a logging scenario, demonstrating safe (sanitized) and unsafe (unsanitized) data flow to a log function. ```c #include void sanitize(char *buf, int len); void log_message(const char *msg); /* Safe: data is sanitized before logging */ void handle_request_safe(char *data, int len) { sanitize(data, len); log_message(data); /* data was sanitized first */ } /* Unsafe: data flows directly into log_message without sanitization */ void handle_request_unsafe(char *data, int len) { log_message(data); /* no sanitize() call before this */ sanitize(data, len); } ``` -------------------------------- ### Run Neo4j with APOC Plugin using Docker Source: https://github.com/fraunhofer-aisec/cpg/blob/main/cpg-neo4j/README.md This command starts a Neo4j instance with the APOC plugin enabled, which is required for mass creation of nodes and relationships. ```bash docker run -p 7474:7474 -p 7687:7687 -d -e NEO4J_AUTH=neo4j/password -e NEO4JLABS_PLUGINS='["apoc"]' neo4j:5 ``` -------------------------------- ### Build CPG MCP Server Source: https://github.com/fraunhofer-aisec/cpg/blob/main/cpg-mcp/src/main/kotlin/de/fraunhofer/aisec/cpg/mcp/OpenWebUI.md Builds the CPG MCP server distribution using Gradle. This command generates the necessary files for installation. ```bash ./gradlew :cpg-mcp:installDist ``` -------------------------------- ### Backward DFG Traversal Example Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/index.md Find all possible definitions that could reach a specific use node by traversing backward along DFG edges until a VariableDeclaration is hit. ```kotlin // Backward DFG: find all possible definitions that could reach `useNode` val (paths, _) = useNode.followDFGEdgesUntilHit( direction = Backward(GraphToFollow.DFG), ) { it is VariableDeclaration } ``` -------------------------------- ### Property Edges with Delegation Source: https://github.com/fraunhofer-aisec/cpg/blob/main/CONTRIBUTING.md Example of using Kotlin delegation for accessing nodes connected via property edges. ```kotlin /** The list of function parameters. */ @Relationship(value = "PARAMETERS", direction = Relationship.Direction.OUTGOING) var parameterEdges = astEdgesOf() /** Virtual property for accessing [parameterEdges] without property edges. */ var parameters by unwrapping(Function::parameterEdges) ``` -------------------------------- ### Required Properties with ProblemNode Source: https://github.com/fraunhofer-aisec/cpg/blob/main/CONTRIBUTING.md Example of initializing required properties with a ProblemNode to handle parsing issues. ```kotlin var base: Expression = newProblemExpression("could not parse base expression") ``` -------------------------------- ### EOG Example: Expression Evaluation Order Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/CPG/specs/eog.md Illustrates how EOG edges connect subexpressions (a, b) before reaching the parent operator (+). This demonstrates the postorder traversal construction of the EOG. ```mermaid flowchart LR classDef outer fill:#fff,stroke:#ddd,stroke-dasharray:5 5; prev:::outer --EOG--> lhs node --EOG--> next:::outer node([+]) -.-> lhs["a"] node -.-> rhs["b"] lhs --EOG--> rhs rhs --EOG--> node ``` -------------------------------- ### Configure Inference and Translation Settings Source: https://github.com/fraunhofer-aisec/cpg/blob/main/README.md Example of configuring inference options like inferring records and DFG for unresolved calls, and setting this within the translation configuration using Kotlin. ```kotlin val inferenceConfig = InferenceConfiguration .builder() .inferRecords(true) .inferDfgForUnresolvedCalls(true) .build() val translationConfig = TranslationConfiguration .builder() .inferenceConfiguration(inferenceConfig) .build() ``` -------------------------------- ### Runtime Type Assignment Example Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/CPG/impl/types.md Illustrates how 'assignedTypes' captures the possible runtime types of a variable, especially in scenarios involving polymorphism or dynamic assignment. ```cpp Interface obj; if (something) { obj = new A(); } else { obj = new B(); } ``` -------------------------------- ### CPG Analyze Tool Response Example Source: https://github.com/fraunhofer-aisec/cpg/blob/main/cpg-mcp/src/main/kotlin/de/fraunhofer/aisec/cpg/mcp/README.md This JSON object shows a typical response from the `cpg_analyze` tool after parsing code. It includes metadata about the CPG and a list of nodes, with details for a specific call expression. ```json { "fileName": "security_check.py", "totalNodes": 15, "functions": 3, "variables": 5, "callExpressions": 2, "nodes": [ { "nodeId": "12345", "name": "open", "code": "open('/etc/passwd')", "fileName": "security_check.py", "startLine": 2, "endLine": 2, "startColumn": 10, "endColumn": 26 } ] } ``` -------------------------------- ### YAML Example for Function Summaries Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/CPG/specs/dfg-function-summaries.md This YAML structure provides custom data flow summaries for functions, mirroring the JSON format. It specifies function details like language, method name, and signatures, alongside data flow edges from parameters or base objects to other parameters, base objects, or return values. ```yaml - functionDeclaration: language: de.fraunhofer.aisec.cpg.frontends.java.JavaLanguage methodName: java.util.List.addAll signature: - int - java.util.Object dataFlows: - from: param1 to: base dfgType: full - functionDeclaration: language: de.fraunhofer.aisec.cpg.frontends.java.JavaLanguage methodName: java.util.List.addAll signature: - java.util.Object dataFlows: - from: param0 to: base dfgType: full - functionDeclaration: language: de.fraunhofer.aisec.cpg.frontends.cxx.CLanguage methodName: memcpy dataFlows: - from: param1 to: param0 dfgType: full ``` -------------------------------- ### Detailed Mode Query Example: Function Argument Check Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/query.md This snippet demonstrates how to use `allExtended` in detailed mode to filter nodes and check conditions on function arguments. It requires the first argument of calls named 'foo' to be the integer constant 2. ```kotlin result.allExtended{it.name.localName == "foo"} {it.argument[0].intValue eq const(2) } ``` -------------------------------- ### Quick Project Build Source: https://github.com/fraunhofer-aisec/cpg/blob/main/AGENTS.md Executes a quick build of the entire project. ```bash ./gradlew build ``` -------------------------------- ### Build Project Source: https://github.com/fraunhofer-aisec/cpg/blob/main/CONTRIBUTING.md Clean, format, build, and publish the project locally using Gradle. ```bash ./gradlew clean spotlessApply build publishToMavenLocal ``` -------------------------------- ### followNextCDGUntilHit Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/reference.md Follows control-dependence (CDG) edges forward from a starting node to find nodes whose execution is controlled by the starting node. Supports optional interprocedural analysis and early termination. ```APIDOC ## followNextCDGUntilHit ### Description Follows control-dependence (CDG) edges forward from `this` node to find nodes whose execution is controlled by `this`. ### Method Signature ```kotlin fun Node.followNextCDGUntilHit( collectFailedPaths: Boolean = true, findAllPossiblePaths: Boolean = true, interproceduralAnalysis: Boolean = false, earlyTermination: (Node, Context) -> Boolean = { _, _ -> false }, predicate: (Node) -> Boolean, ): FulfilledAndFailedPaths ``` ### Parameters - **collectFailedPaths** (Boolean) - Optional - Whether to collect paths that do not satisfy the predicate. - **findAllPossiblePaths** (Boolean) - Optional - Whether to find all possible paths. - **interproceduralAnalysis** (Boolean) - Optional - Whether to perform interprocedural analysis. - **earlyTermination** ((Node, Context) -> Boolean) - Optional - A function to determine if traversal should terminate early. - **predicate** ((Node) -> Boolean) - Required - A function that returns true if the node satisfies the condition. ``` -------------------------------- ### Build HelloWorld APK Source: https://github.com/fraunhofer-aisec/cpg/blob/main/cpg-language-jvm/src/test/resources/apk/HelloWorld/README.md Execute this script to build the HelloWorld APK from its Java source file. It cleans previous builds, compiles the Java code, and packages it into an APK (JAR) file. ```bash ./build.sh ``` -------------------------------- ### Create a New Svelte Project Source: https://github.com/fraunhofer-aisec/cpg/blob/main/codyze-console/src/main/webapp/README.md Use 'npx sv create' to initialize a new Svelte project. Specify a directory name to create the project in a subdirectory. ```bash npx sv create # create a new project in my-app npx sv create my-app ``` -------------------------------- ### Follow Next Control Dependence Edges Forward Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/reference.md Follows control-dependence (CDG) edges forward from a starting node to find nodes whose execution is controlled by the starting node. Useful for analyzing forward control flow. ```kotlin fun Node.followNextCDGUntilHit( collectFailedPaths: Boolean = true, findAllPossiblePaths: Boolean = true, interproceduralAnalysis: Boolean = false, earlyTermination: (Node, Context) -> Boolean = { _, _ -> false }, predicate: (Node) -> Boolean, ): FulfilledAndFailedPaths ``` -------------------------------- ### Follow Previous Control Dependence Edges Backward Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/reference.md Follows control-dependence (CDG) edges backward from a starting node to find nodes that control whether the starting node is executed. Useful for understanding the conditions that affect a node's execution. ```kotlin fun Node.followPrevCDGUntilHit( collectFailedPaths: Boolean = true, findAllPossiblePaths: Boolean = true, interproceduralAnalysis: Boolean = false, interproceduralMaxDepth: Int? = null, earlyTermination: (Node, Context) -> Boolean = { _, _ -> false }, predicate: (Node) -> Boolean, ): FulfilledAndFailedPaths ``` -------------------------------- ### Merge Traversal Results Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/index.md Combine traversal results from multiple starting nodes using the '+' operator. ```kotlin val combined = result1 + result2 ``` -------------------------------- ### collectAllPrevCDGPaths Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/reference.md Collects all nodes reachable from a starting node via the backward CDG sub-graph, without a target predicate. ```APIDOC ## collectAllPrevCDGPaths ### Description Collects all nodes reachable from a starting node via the backward CDG sub-graph. This helper uses a never-satisfied predicate internally, returning all explored paths in the `failed` list. ### Method Signature ```kotlin fun Node.collectAllPrevCDGPaths(interproceduralAnalysis: Boolean = false): List ``` ### Parameters - **interproceduralAnalysis** (Boolean) - Optional - Whether to perform interprocedural analysis. Defaults to `false`. ``` -------------------------------- ### collectAllNextCDGPaths Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/reference.md Collects all nodes reachable from a starting node via the forward CDG sub-graph, without a target predicate. ```APIDOC ## collectAllNextCDGPaths ### Description Collects all nodes reachable from a starting node via the forward CDG sub-graph. This helper uses a never-satisfied predicate internally, returning all explored paths in the `failed` list. ### Method Signature ```kotlin fun Node.collectAllNextCDGPaths(interproceduralAnalysis: Boolean = false): List ``` ### Parameters - **interproceduralAnalysis** (Boolean) - Optional - Whether to perform interprocedural analysis. Defaults to `false`. ``` -------------------------------- ### Build Docker Image for Documentation Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/README.md Builds the Docker image required for serving the CPG documentation locally. Ensure you are in the directory containing the Dockerfile. ```shell docker build -t mkdocs-material . ``` -------------------------------- ### C Example of Symbol Shadowing Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/CPG/impl/scopes.md Illustrates how a symbol declared in a local scope can shadow a symbol with the same name in a higher scope. ```c // This defines a symbol "a" in the global/file scope. // Its visibility is global within the file. int a = 1; int main() { // this defines another symbol "a" in a function/block scope. // Its visibility is limited to the block it is defined in. int a = 1; } ``` -------------------------------- ### Build Frontend Production Source: https://github.com/fraunhofer-aisec/cpg/blob/main/AGENTS.md Creates a production build for the codyze-console frontend. ```bash cd codyze-console/src/main/webapp pnpm run build ``` -------------------------------- ### Configure Gradle Java Home Source: https://github.com/fraunhofer-aisec/cpg/blob/main/CONTRIBUTING.md Configure Gradle to use Java 21 if it's not the default. ```bash ./gradlew -Dorg.gradle.java.home="/usr/lib/jvm/java-21-openjdk-amd64/" build ``` -------------------------------- ### ValueDeclaration USAGE Relationship Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/CPG/specs/graph.md Visualizes the USAGE relationship from ValueDeclaration to Reference. ```mermaid flowchart LR classDef outer fill:#fff,stroke:#ddd,stroke-dasharray:5 5; classDef special fill:#afa,stroke:#5a5,stroke-dasharray:5 5; ValueDeclaration--"USAGE¹"-->ValueDeclarationUSAGE[Reference]:::outer ``` -------------------------------- ### cpg-neo4j Command-Line Usage Source: https://github.com/fraunhofer-aisec/cpg/blob/main/cpg-neo4j/README.md This snippet shows the general command-line syntax for running the cpg-neo4j tool and lists its available options. Use this to understand how to invoke the tool and configure its behavior. ```bash ./build/install/cpg-neo4j/bin/cpg-neo4j [--infer-nodes] [--load-includes] [--no-default-passes] [--no-neo4j] [--no-purge-db] [--print-benchmark] [--schema-json] [--schema-markdown] [--use-unity-build] [--benchmark-json=] [--custom-pass-list=] [--export-json=] [--host=] [--includes-file=] [--max-complexity-cf-dfg=] [--password=] [--port=] [--save-depth=] [--top-level=] [--user=] [--exclusion-patterns=]... ([...] | -S= [-S=]... | --json-compilation-database= | --list-passes) [...] The paths to analyze. If module support is enabled, the paths will be looked at if they contain modules --benchmark-json= Save benchmark results to json file --custom-pass-list= Add custom list of passes (might be used additional to --no-default-passes) which is passed as a comma-separated list; give either pass name if pass is in list, or its FQDN (e.g. --custom-pass-list=DFGPass,CallResolver) --exclusion-patterns= Configures an exclusion pattern for files or directories that should not be parsed --export-json= Export cpg as json --host= Set the host of the neo4j Database (default: localhost). --includes-file= Load includes from file --infer-nodes Create inferred nodes for missing declarations --json-compilation-database= The path to an optional a JSON compilation database --list-passes Prints the list available passes --load-includes Enable TranslationConfiguration option loadIncludes --max-complexity-cf-dfg= Performance optimisation: Limit the ControlFlowSensitiveDFGPass to functions with a complexity less than what is specified here. -1 (default) means no limit is used. --no-default-passes Do not register default passes [used for debugging] --no-neo4j Do not push cpg into neo4j [used for debugging] --no-purge-db Do no purge neo4j database before pushing the cpg --password= Neo4j password (default: password --port= Set the port of the neo4j Database (default: 7687). --print-benchmark Print benchmark result as markdown table -S, --softwareComponents= Maps the names of software components to their respective files. The files are separated by commas (No whitespace!). Example: -S App1=./file1.c,./file2.c -S App2=. /Main.java,./Class.java --save-depth= Performance optimisation: Limit recursion depth form neo4j OGM when leaving the AST. -1 (default) means no limit is used. --schema-json Print the CPGs nodes and edges that they can have. --schema-markdown Print the CPGs nodes and edges that they can have. --top-level= Set top level directory of project structure. Default: Largest common path of all source files --use-unity-build Enable unity build mode for C++ (requires --load-includes) --user= Neo4j user name (default: neo4j) ``` -------------------------------- ### Build Svelte Project for Production Source: https://github.com/fraunhofer-aisec/cpg/blob/main/codyze-console/src/main/webapp/README.md Execute 'npm run build' to generate a production-ready build of your Svelte application. ```bash npm run build ``` -------------------------------- ### Run Unit Tests Source: https://github.com/fraunhofer-aisec/cpg/blob/main/AGENTS.md Executes all unit tests for the project. ```bash ./gradlew test ``` -------------------------------- ### Apply Code Formatting Source: https://github.com/fraunhofer-aisec/cpg/blob/main/AGENTS.md Applies code formatting rules to the project. ```bash ./gradlew spotlessApply ``` -------------------------------- ### Run Integration Tests Source: https://github.com/fraunhofer-aisec/cpg/blob/main/AGENTS.md Executes integration tests for the project. ```bash ./gradlew integrationTest ``` -------------------------------- ### Find Nearest Literal via DFG Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/index.md Example of finding the nearest literal node reachable via Data Flow Graph (DFG) edges from a given node. ```kotlin // Find the nearest literal reachable via DFG from `myNode` val (paths, _) = myNode.followDFGEdgesUntilHit { it is Literal<*> } ``` -------------------------------- ### Enable cpg-mcp Module Source: https://github.com/fraunhofer-aisec/cpg/blob/main/codyze-console/README.md Run this script to enable the cpg-mcp module for AI chat features. ```bash ./configure_frontends.sh ``` -------------------------------- ### Custom Traversal Context with Call Stack Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/index.md Creates a custom traversal context based on a pre-defined call stack. Use this when the analysis needs to start within a specific call chain. ```kotlin val context = Context.ofCallStack(callExpr1, callExpr2) val (paths, _) = myNode.followDFGEdgesUntilHit(ctx = context) { it is Literal<*> } ``` -------------------------------- ### Lint Frontend Code Source: https://github.com/fraunhofer-aisec/cpg/blob/main/AGENTS.md Runs the linter on the codyze-console frontend code. ```bash cd codyze-console/src/main/webapp pnpm run lint ``` -------------------------------- ### Collect All Previous CDG Paths Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/reference.md Collects all nodes reachable from a starting node via Control Dependence Graph (CDG) backward edges, with optional interprocedural analysis. Uses a never-satisfied predicate internally. ```kotlin val allPrevCDG: List = myNode.collectAllPrevCDGPaths(interproceduralAnalysis = false) ``` -------------------------------- ### C Source Code for User Input Handling Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/examples.md This C code snippet demonstrates how user input is read using fgets and then processed and logged. It serves as the source for DFG path analysis. ```c #include #include void process(char *buf); void log_it(const char *msg); void read_and_handle() { char buf[256]; fgets(buf, sizeof(buf), stdin); /* user input enters here */ process(buf); log_it(buf); } ``` -------------------------------- ### Collect All Next CDG Paths Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/reference.md Collects all nodes reachable from a starting node via Control Dependence Graph (CDG) forward edges, with optional interprocedural analysis. Uses a never-satisfied predicate internally. ```kotlin val allNextCDG: List = myNode.collectAllNextCDGPaths(interproceduralAnalysis = false) ``` -------------------------------- ### Build Single Module Source: https://github.com/fraunhofer-aisec/cpg/blob/main/AGENTS.md Builds a specific module within the project. ```bash ./gradlew :cpg-core:build ``` ```bash ./gradlew :codyze-console:build ``` -------------------------------- ### Run MCP Server (stdio) Source: https://github.com/fraunhofer-aisec/cpg/blob/main/AGENTS.md Executes the cpg-mcp server using standard input/output for communication. ```bash ./gradlew :cpg-mcp:run ``` -------------------------------- ### Collect All Previous PDG Paths Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/reference.md Collects all nodes reachable from a starting node via Program Dependence Graph (PDG) backward edges, with optional interprocedural analysis. Uses a never-satisfied predicate internally. ```kotlin val allPrevPDG: List = myNode.collectAllPrevPDGPaths(interproceduralAnalysis = false) ``` -------------------------------- ### Registering New Languages in TranslationConfiguration Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/CPG/impl/language.md Demonstrates how to register new languages using different methods provided by the `TranslationConfiguration` builder. This is essential when adding support for a new programming language to the CPG. ```kotlin val config: TranslationConfiguration = TranslationConfiguration .builder() // More configuration .registerLanguage(MyNewLanguage()) // Option 1 .registerLanguage() // Option 2 .registerLanguage("MyThirdNewLanguage") // Option 3 .build() ``` -------------------------------- ### Collect All Next PDG Paths Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/reference.md Collects all nodes reachable from a starting node via Program Dependence Graph (PDG) forward edges. Uses a never-satisfied predicate internally, returning all explored paths as failed. ```kotlin val allNextPDG: List = myNode.collectAllNextPDGPaths() ``` -------------------------------- ### Codyze CLI Usage Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/codyze.md Basic usage of the Codyze command-line interface, showing available options and commands. ```bash Usage: codyze [] []... Options: -h, --help Show this message and exit Commands: console compliance ``` -------------------------------- ### DFG Edges for Read Access with Control Flow Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/CPG/specs/dfg.md Illustrates collecting potential previous assignments to a variable for DFG edges during read access, considering control flow. ```mermaid flowchart LR node([Reference]) -.- refersTo; A == last write to ==> refersTo; A[/Node/] -- DFG --> node; ``` -------------------------------- ### Collect All Previous DFG Paths Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/reference.md Collects all nodes reachable from a starting node via Data Flow Graph (DFG) backward edges. Uses a never-satisfied predicate internally, returning all explored paths as failed. ```kotlin val allPrevDFGPaths: List = myNode.collectAllPrevDFGPaths() ``` -------------------------------- ### Collect All Next DFG Paths Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/reference.md Collects all nodes reachable from a starting node via Data Flow Graph (DFG) forward edges. Uses a never-satisfied predicate internally, returning all explored paths as failed. ```kotlin val allNextDFGPaths: List = myNode.collectAllNextDFGPaths() ``` -------------------------------- ### Collect All Next EOG Paths with Interprocedural Analysis Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/reference.md Collects all nodes reachable from a starting node via Execution Order Graph (EOG) forward edges, with optional interprocedural analysis. Uses a never-satisfied predicate internally. ```kotlin val allNextEOG: List = myNode.collectAllNextEOGPaths(interproceduralAnalysis = true) ``` -------------------------------- ### BibTeX Entry for 'AbsIntIO: Towards Showing the Absence of Integer Overflows in Binaries using Abstract Interpretation' Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/index.md This BibTeX entry provides metadata for the paper 'AbsIntIO: Towards Showing the Absence of Integer Overflows in Binaries using Abstract Interpretation'. It is useful for citing the paper in academic contexts. ```bibtex @inproceedings{kuechler2023absintio, author={Alexander K"uchler and Leon Wenning and Florian Wendland}, title={AbsIntIO: Towards Showing the Absence of Integer Overflows in Binaries using Abstract Interpretation}, year={2023}, booktitle={ACM ASIA Conference on Computer and Communications Security}, series={Asia CCS '23}, doi={10.1145/3579856.3582814}, location={Melbourne, VIC, Australia}, publisher={ACM} } ``` -------------------------------- ### Collect All Next Full DFG Paths Source: https://github.com/fraunhofer-aisec/cpg/blob/main/docs/docs/GettingStarted/graph-traversal/reference.md Collects all nodes reachable from a starting node via full Data Flow Graph (DFG) edges. Uses a never-satisfied predicate internally, returning all explored paths as failed. ```kotlin val allNextFullDFG: List = myNode.collectAllNextFullDFGPaths() ```