Packages

  • package root
    Definition Classes
    root
  • package io
    Definition Classes
    root
  • package shiftleft
    Definition Classes
    io
  • package semanticcpg

    Domain specific language for querying code property graphs

    Domain specific language for querying code property graphs

    This is the API reference for the CPG query language, a language to mine code for defects and vulnerabilities both interactively on a code analysis shell (REPL), or using non-interactive scripts.

    Queries written in the CPG query language express graph traversals (see https://en.wikipedia.org/wiki/Graph_traversal). Similar to the standard graph traversal language "Gremlin" (see https://en.wikipedia.org/wiki/Gremlin_(programming_language))) these traversals are formulated as sequences of primitive language elements referred to as "steps". You can think of a step as a small program, similar to a unix shell utility, however, instead of processing lines one by one, the step processes nodes of the graph.

    Starting a traversal

    All traversals begin by selecting a set of start nodes, e.g.,

    cpg.method

    will start the traversal at all methods, while

    cpg.local

    will start at all local variables. The complete list of starting points can be found at 

    io.shiftleft.codepropertygraph.Cpg

    Lazy evaluation

    Queries are lazily evaluated, e.g., cpg.method creates a traversal which you can add more steps to. You can, for example, evaluate the traversal by converting it to a list:

    cpg.method.toList

    Since toList is such a common operation, we provide the shorthand l, meaning that

    cpg.method.l

    provides the same result as the former query.

    Properties

    Nodes have "properties", key-value pairs where keys are strings and values are primitive data types such as strings, integers, or Booleans. Properties of nodes can be selected based on their key, e.g.,

    cpg.method.name

    traverses to all method names. Nodes can also be filtered based on properties, e.g.,

    cpg.method.name(".*exec.*")

    traverse to all methods where name matches the regular expression ".*exec.*". You can see a complete list of properties by browsing to the API documentation of the corresponding step. For example, you can find the properties of method nodes at io.shiftleft.semanticcpg.language.types.structure.Method.

    Side effects

    Useful if you want to mutate something outside the traversal, or simply debug it: This prints all typeDecl names as it traverses the graph and increments i for each one.

    var i = 0
cpg.typeDecl.sideEffect{typeTemplate => println(typeTemplate.name); i = i + 1}.exec

    [advanced] Selecting multiple things from your traversal

    If you are interested in multiple things along the way of your traversal, you label anything using the as modulator, and use select at the end. Note that the compiler automatically derived the correct return type as a tuple of the labelled steps, in this case with two elements.

    cpg.method.as("method").definingTypeDecl.as("classDef").select.toList
// return type: List[(nodes.Method, nodes.TypeDecl)]

    [advanced] For comprehensions

    You can always start a new traversal from a node, e.g.,

    val someMethod = cpg.method.head
someMethod.start.parameter.toList

    You can use this e.g. in a for comprehension, which is (in this context) essentially an alternative way to select multiple intermediate things. It is more expressive, but more computationally expensive.

    val query = for {
  method <- cpg.method
  param <- method.start.parameter
} yield (method.name, param.name)

query.toList
    Definition Classes
    shiftleft
  • package accesspath
    Definition Classes
    semanticcpg
  • package codedumper
    Definition Classes
    semanticcpg
  • package dotgenerator
    Definition Classes
    semanticcpg
  • package language

    Language for traversing the code property graph

    Language for traversing the code property graph

    Implicit conversions to specific steps, based on the node at hand. Automatically in scope when using anything in the steps package, e.g. Steps

    Definition Classes
    semanticcpg
  • package callgraphextension
  • package dotextension
  • package nodemethods
  • package operatorextension
  • package types
  • HasStoreMethod
  • ICallResolver
  • LocationCreator
  • NewNodeSteps
  • NewNodeTypeDeco
  • NewTagNodePair
  • NoResolve
  • NodeSteps
  • NodeTypeStarters
  • Show
  • Steps
  • Tag
  • package layers
    Definition Classes
    semanticcpg
  • package passes
    Definition Classes
    semanticcpg
  • package testing
    Definition Classes
    semanticcpg
  • package utils
    Definition Classes
    semanticcpg

package language

Language for traversing the code property graph

Implicit conversions to specific steps, based on the node at hand. Automatically in scope when using anything in the steps package, e.g. Steps

Linear Supertypes
LowPrioImplicits, LowLowPrioImplicits, language.operatorextension.Implicits, AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. language
  2. LowPrioImplicits
  3. LowLowPrioImplicits
  4. Implicits
  5. AnyRef
  6. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Package Members

  1. package callgraphextension
  2. package dotextension
  3. package nodemethods
  4. package operatorextension
  5. package types

Type Members

  1. trait HasStoreMethod extends AnyRef
  2. trait ICallResolver extends AnyRef
  3. class NewNodeSteps[A <: NewNode] extends HasStoreMethod
  4. implicit final class NewNodeTypeDeco[NodeType <: NewNode] extends AnyVal
  5. class NewTagNodePair extends HasStoreMethod
  6. final class NodeSteps[NodeType <: StoredNode] extends AnyVal

    Steps for all node types

    Steps for all node types

    This is the base class for all steps defined on nodes.

    Annotations
    @Traversal()
  7. class NodeTypeStarters extends AnyRef
    Annotations
    @TraversalSource()
  8. trait Show[A] extends AnyRef

    Typeclass for (pretty) printing an object

  9. final class Steps[A] extends AnyVal

    Base class for our DSL These are the base steps available in all steps of the query language.

    Base class for our DSL These are the base steps available in all steps of the query language. There are no constraints on the element types, unlike e.g. NodeSteps

  10. final class Tag extends AnyVal

Value Members

  1. implicit def cfgNodeToAsNode(node: CfgNode): AstNodeMethods
  2. implicit def toArrayAccessExt(arrayAccess: ArrayAccess): ArrayAccessMethods
    Definition Classes
    Implicits
  3. implicit def toArrayAccessTrav(steps: Traversal[ArrayAccess]): ArrayAccess
    Definition Classes
    Implicits
  4. implicit def toAssignmentExt(assignment: Assignment): AssignmentMethods
    Definition Classes
    Implicits
  5. implicit def toAssignmentTrav(steps: Traversal[Assignment]): Assignment
    Definition Classes
    Implicits
  6. implicit def toAstNode[A, NodeType <: AstNode](a: A)(implicit f: (A) => Traversal[NodeType]): AstNode[NodeType]
    Definition Classes
    LowLowPrioImplicits
  7. implicit def toAstNodeDot[A, NodeType <: AstNode](a: A)(implicit f: (A) => Traversal[NodeType]): AstNodeDot[NodeType]
  8. implicit def toAstNodeMethods(node: AstNode): AstNodeMethods
  9. implicit def toBinding[A](a: A)(implicit f: (A) => Traversal[Binding]): Binding
  10. implicit def toBlock[A](a: A)(implicit f: (A) => Traversal[Block]): Block
  11. implicit def toCall[A](a: A)(implicit f: (A) => Traversal[Call]): Call
  12. implicit def toCallForCallGraph[A](a: A)(implicit f: (A) => Traversal[Call]): Call
  13. implicit def toCallMethods(node: Call): CallMethods
  14. implicit def toCfgNode[A, NodeType <: CfgNode](a: A)(implicit f: (A) => Traversal[NodeType]): CfgNode[NodeType]
    Definition Classes
    LowLowPrioImplicits
  15. implicit def toCfgNodeDot[A](a: A)(implicit f: (A) => Traversal[Method]): CfgNodeDot
  16. implicit def toCfgNodeMethods(node: CfgNode): CfgNodeMethods
  17. implicit def toControlStructure[A](a: A)(implicit f: (A) => Traversal[ControlStructure]): ControlStructure
  18. implicit def toEvalTypeAccessorsExpression[A, NodeType <: Expression](a: A)(implicit f: (A) => Traversal[NodeType]): EvalTypeAccessors[NodeType]
    Definition Classes
    LowPrioImplicits
  19. implicit def toEvalTypeAccessorsLocal[A](a: A)(implicit f: (A) => Traversal[Local]): EvalTypeAccessors[Local]
  20. implicit def toEvalTypeAccessorsMember[A](a: A)(implicit f: (A) => Traversal[Member]): EvalTypeAccessors[Member]
  21. implicit def toEvalTypeAccessorsMethod[A](a: A)(implicit f: (A) => Traversal[Method]): EvalTypeAccessors[Method]
  22. implicit def toEvalTypeAccessorsMethodParameterIn[A](a: A)(implicit f: (A) => Traversal[MethodParameterIn]): EvalTypeAccessors[MethodParameterIn]
  23. implicit def toEvalTypeAccessorsMethodParameterOut[A](a: A)(implicit f: (A) => Traversal[MethodParameterOut]): EvalTypeAccessors[MethodParameterOut]
  24. implicit def toEvalTypeAccessorsMethodReturn[A](a: A)(implicit f: (A) => Traversal[MethodReturn]): EvalTypeAccessors[MethodReturn]
  25. implicit def toExpression[A, NodeType <: Expression](a: A)(implicit f: (A) => Traversal[NodeType]): Expression[NodeType]
    Definition Classes
    LowPrioImplicits
  26. implicit def toExpressionMethods(node: Expression): ExpressionMethods
  27. implicit def toExtendedNode(node: CpgNode): NodeMethods
  28. implicit def toExtendedStoredNode(node: StoredNode): StoredNodeMethods
  29. implicit def toFile[A](a: A)(implicit f: (A) => Traversal[File]): File
  30. implicit def toIdentifier[A](a: A)(implicit f: (A) => Traversal[Identifier]): IdentifierTrav
  31. implicit def toLiteral[A](a: A)(implicit f: (A) => Traversal[Literal]): Literal
  32. implicit def toLocal[A](a: A)(implicit f: (A) => Traversal[Local]): Local
  33. implicit def toMember[A](a: A)(implicit f: (A) => Traversal[Member]): Member
  34. implicit def toMethod[A](a: A)(implicit f: (A) => Traversal[Method]): Method
  35. implicit def toMethodForCallGraph[A](a: A)(implicit f: (A) => Traversal[Method]): Method
  36. implicit def toMethodMethods(node: Method): MethodMethods
  37. implicit def toMethodParameter[A](a: A)(implicit f: (A) => Traversal[MethodParameterIn]): MethodParameter
  38. implicit def toMethodParameterOut[A](a: A)(implicit f: (A) => Traversal[MethodParameterOut]): MethodParameterOut
  39. implicit def toMethodRef[A](a: A)(implicit f: (A) => Traversal[MethodRef]): MethodRef
  40. implicit def toMethodReturn[A](a: A)(implicit f: (A) => Traversal[MethodReturn]): MethodReturn
  41. implicit def toMethodReturnMethods(node: MethodReturn): MethodReturnMethods
  42. implicit def toModifierAccessorsMember[A](a: A)(implicit f: (A) => Traversal[Member]): ModifierAccessors[Member]
  43. implicit def toModifierAccessorsMethod[A](a: A)(implicit f: (A) => Traversal[Method]): ModifierAccessors[Method]
  44. implicit def toModifierAccessorsTypeDecl[A](a: A)(implicit f: (A) => Traversal[TypeDecl]): ModifierAccessors[TypeDecl]
  45. implicit def toNamespace[A](a: A)(implicit f: (A) => Traversal[Namespace]): Namespace
  46. implicit def toNamespaceBlock[A](a: A)(implicit f: (A) => Traversal[NamespaceBlock]): NamespaceBlock
  47. implicit def toNewNodeTrav[NodeType <: NewNode](trav: Traversal[NodeType]): NewNodeSteps[NodeType]
  48. implicit def toNodeSteps[A, NodeType <: StoredNode](a: A)(implicit f: (A) => Traversal[NodeType]): NodeSteps[NodeType]
  49. implicit def toNodeTypeStarters(cpg: Cpg): NodeTypeStarters
  50. implicit def toNodeTypeStartersOperatorExtension(cpg: Cpg): language.operatorextension.NodeTypeStarters
    Definition Classes
    Implicits
  51. implicit def toOpAstNodeExt[A <: AstNode](node: A): OpAstNodeMethods[A]
    Definition Classes
    Implicits
  52. implicit def toOpAstNodeTrav[A <: AstNode](steps: Traversal[A]): OpAstNode[A]
    Definition Classes
    Implicits
  53. implicit def toSteps[A](trav: Traversal[A]): Steps[A]
  54. implicit def toTagTraversal(trav: Traversal[codepropertygraph.generated.nodes.Tag]): Tag
  55. implicit def toTargetExt(call: Expression): TargetMethods
    Definition Classes
    Implicits
  56. implicit def toTargetTrav(steps: Traversal[Expression]): Target
    Definition Classes
    Implicits
  57. implicit def toTraversal[NodeType <: CpgNode](node: NodeType): Traversal[NodeType]
  58. implicit def toType[A](a: A)(implicit f: (A) => Traversal[Type]): Type
  59. implicit def toTypeDecl[A](a: A)(implicit f: (A) => Traversal[TypeDecl]): TypeDecl
  60. implicit def withMethodMethodsQp(node: WithinMethod): WithinMethodMethods
  61. object LocationCreator
  62. object NoResolve extends ICallResolver
  63. object Show
  64. object Steps

Inherited from LowPrioImplicits

Inherited from LowLowPrioImplicits

Inherited from language.operatorextension.Implicits

Inherited from AnyRef

Inherited from Any

Ungrouped