Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Is there any way to build call graph path? #7531

Answered by intrigus-lgtm
ox1234 asked this question in Q&A
Discussion options

The codeql document only shows how to generate path query through DataFlow problem.Now i just want to generate call graph path from source to sink and don't want to do any data flow track.Is there a way to do so?
You must be logged in to vote

Have a look at this discussion: #5353 (comment)
Also look at the additional comments from @Marcono1234.

I think this is what you want :)

(Quote from the above discussion also copied and pasted below)

Yes, this is possible!

The site you linked to mentions it here and here although it's easy too miss or easy to underestimate its potential.

When you use taint or data-flow the edges predicate is defined by the PathGraph module. But you can also define your own edges query-predicate.

A self-defined query-predicate is used in @agustingianni's blog post. It's relatively easy to port the code to "Java CodeQL".

Here's my code that only creates a path for methods itself and not for the (control fl...

Replies: 2 comments 4 replies

Comment options

So you've got a DataFlow::PathNode source, DataFlow::PathNode sink but you want something different to the usual dataflow path? Could you given an example of what you do want?
You must be logged in to vote
1 reply
Comment options

Now i have one source method and one sink method. I want to know the call graph path from source to sink such as: source() -> func1() -> func2() -> sink(). I don't want to do any data flow tracking. All i just want to get is the call method path from source to sink. So is there any way to do that?
Comment options

Have a look at this discussion: #5353 (comment)
Also look at the additional comments from @Marcono1234.

I think this is what you want :)

(Quote from the above discussion also copied and pasted below)

Yes, this is possible!

The site you linked to mentions it here and here although it's easy too miss or easy to underestimate its potential.

When you use taint or data-flow the edges predicate is defined by the PathGraph module. But you can also define your own edges query-predicate.

A self-defined query-predicate is used in @agustingianni's blog post. It's relatively easy to port the code to "Java CodeQL".

Here's my code that only creates a path for methods itself and not for the (control flow) basic-blocks. Link to query 

/**
 * @kind path-problem
 */
import java
class StartMethod extends Method {
 StartMethod() { getName() = "validateExpression" }
}
class TargetMethod extends Method {
 TargetMethod() { getName() = "findValue" }
}
query predicate edges(Method a, Method b) { a.calls(b) }
from TargetMethod end, StartMethod entryPoint
where edges+(entryPoint, end)
select end, entryPoint, end, "Found a path from start to target."
You must be logged in to vote
3 replies
Comment options

It is exactly what i want. Thanks a lot for help!
Comment options

Likewise, thank you! This should really be added to somewhere official on the CodeQL docs, it's incredibly useful.
Comment options

incredibly useful
Answer selected by ox1234
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

AltStyle によって変換されたページ (->オリジナル) /