Packages

  • package root
    Definition Classes
    root
  • package io
    Definition Classes
    root
  • package shiftleft
    Definition Classes
    io
  • package queryprimitives

    Domain specific language for querying code property graphs

    Domain specific language for querying code property graphs

    This is the API reference for the CPG query language, a language to mine code for defects and vulnerabilities both interactively on a code analysis shell (REPL), or using non-interactive scripts.

    Queries written in the CPG query language express graph traversals (see https://en.wikipedia.org/wiki/Graph_traversal). Similar to the standard graph traversal language "Gremlin" (see https://en.wikipedia.org/wiki/Gremlin_(programming_language))) these traversals are formulated as sequences of primitive language elements referred to as "steps". You can think of a step as a small program, similar to a unix shell utility, however, instead of processing lines one by one, the step processes nodes of the graph.

    Starting a traversal

    All traversals begin by selecting a set of start nodes, e.g.,

    cpg.method

    will start the traversal at all methods, while

    cpg.local

    will start at all local variables. The complete list of starting points can be found here: io.shiftleft.queryprimitives.steps.starters.Cpg

    Lazy evaluation

    Queries are lazily evaluated, e.g., cpg.method creates a traversal which you can add more steps to. You can, for example, evaluate the traversal by converting it to a list:

    cpg.method.toList

    Since toList is such a common operation, we provide the shorthand l, meaning that

    cpg.method.l

    provides the same result as the former query.

    Properties

    Nodes have "properties", key-value pairs where keys are strings and values are primitive data types such as strings, integers, or Booleans. Properties of nodes can be selected based on their key, e.g.,

    cpg.method.name

    traverses to all method names. Nodes can also be filtered based on properties, e.g.,

    cpg.method.name(".*exec.*")

    traverse to all methods where name matches the regular expression ".*exec.*". You can see a complete list of properties by browsing to the API documentation of the corresponding step. For example, you can find the properties of method nodes at io.shiftleft.queryprimitives.steps.types.structure.Method.

    Side effects

    Useful if you want to mutate something outside the traversal, or simply debug it: This prints all typeDecl names as it traverses the graph and increments i for each one.

    var i = 0
cpg.typeDecl.sideEffect{typeTemplate => println(typeTemplate.name); i = i + 1}.exec

    [advanced] Selecting multiple things from your traversal

    If you are interested in multiple things along the way of your traversal, you label anything using the as modulator, and use select at the end. Note that the compiler automatically derived the correct return type as a tuple of the labelled steps, in this case with two elements.

    cpg.method.as("method").definingTypeDecl.as("classDef").select.toList
// return type: List[(nodes.Method, nodes.TypeDecl)]

    [advanced] For comprehensions

    You can always start a new traversal from a node, e.g.,

    val someMethod = cpg.method.head
someMethod.start.parameter.toList

    You can use this e.g. in a for comprehension, which is (in this context) essentially an alternative way to select multiple intermediate things. It is more expressive, but more computationally expensive.

    val query = for {
  method <- cpg.method
  param <- method.start.parameter
} yield (method.name, param.name)

query.toList
    Definition Classes
    shiftleft
  • package steps

    Steps for traversing the code property graph

    Steps for traversing the code property graph

    All traversal start at io.shiftleft.queryprimitives.starters.Cpg.

    Definition Classes
    queryprimitives
  • package types
    Definition Classes
    steps
  • package expressions
    Definition Classes
    types
  • package generalizations
    Definition Classes
    expressions
  • Declaration
  • DeclarationBase
  • Expression
  • ExpressionBase
  • Modifier

trait ExpressionBase[NodeType <: codepropertygraph.generated.nodes.Expression, Labels <: HList] extends OrderAccessors[NodeType, Labels] with EvalTypeAccessors[NodeType, Labels] with CodeAccessors[NodeType, Labels] with LineNumberAccessors[NodeType, Labels]

Self Type
ExpressionBase[NodeType, Labels] with CpgSteps[NodeType, Labels]
Linear Supertypes
LineNumberAccessors[NodeType, Labels], CodeAccessors[NodeType, Labels], StringPropertyAccessors[NodeType, Labels], EvalTypeAccessors[NodeType, Labels], OrderAccessors[NodeType, Labels], PropertyAccessors[NodeType, Labels], AnyRef, Any
Known Subclasses
Call, Identifier, Literal, Expression
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. ExpressionBase
  2. LineNumberAccessors
  3. CodeAccessors
  4. StringPropertyAccessors
  5. EvalTypeAccessors
  6. OrderAccessors
  7. PropertyAccessors
  8. AnyRef
  9. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Abstract Value Members

  1. implicit abstract def converter: Aux[NodeType, Vertex]
    Definition Classes
    StringPropertyAccessors
  2. abstract val raw: GremlinScala[Vertex]
    Definition Classes
    StringPropertyAccessors

Concrete Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##(): Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def call: Call[Labels]

    Cast to call if applicable

  6. def cfgNext: Expression[Labels]

    Traverse to next expression in CFG.

  7. def cfgPrev: Expression[Labels]

    Traverse to previous expression in CFG.

  8. def clone(): AnyRef
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )
  9. def code(value: String*): Steps[NodeType, Vertex, Labels]
    Definition Classes
    CodeAccessors
  10. def code(value: String): Steps[NodeType, Vertex, Labels]
    Definition Classes
    CodeAccessors
  11. def code(): Steps[String, String, Labels]
    Definition Classes
    CodeAccessors
  12. def codeExact(values: String*): Steps[NodeType, Vertex, Labels]
    Definition Classes
    CodeAccessors
  13. def codeExact(value: String): Steps[NodeType, Vertex, Labels]
    Definition Classes
    CodeAccessors
  14. def codeNot(values: String*): Steps[NodeType, Vertex, Labels]
    Definition Classes
    CodeAccessors
  15. def codeNot(value: String): Steps[NodeType, Vertex, Labels]
    Definition Classes
    CodeAccessors
  16. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  17. def equals(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  18. def evalType(_values: String*): Steps[NodeType, Vertex, Labels]
    Definition Classes
    EvalTypeAccessors
  19. def evalType(_value: String): Steps[NodeType, Vertex, Labels]
    Definition Classes
    EvalTypeAccessors
  20. def evalType(): Steps[String, String, Labels]
    Definition Classes
    EvalTypeAccessors
  21. def evalTypeExact(_values: String*): Steps[NodeType, Vertex, Labels]
    Definition Classes
    EvalTypeAccessors
  22. def evalTypeExact(_value: String): Steps[NodeType, Vertex, Labels]
    Definition Classes
    EvalTypeAccessors
  23. def evalTypeNot(_values: String*): Steps[NodeType, Vertex, Labels]
    Definition Classes
    EvalTypeAccessors
  24. def evalTypeNot(_value: String): Steps[NodeType, Vertex, Labels]
    Definition Classes
    EvalTypeAccessors
  25. def expression: Expression[Labels]

    Traverse to sub expressions

  26. def expressionUp: Expression[Labels]

    Traverse to enclosing expression

  27. def finalize(): Unit
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  28. final def getClass(): Class[_]
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  29. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  30. def identifier: Identifier[Labels]

    Cast to identifier, if applicable

  31. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  32. def lineNumber(value: Integer*): Steps[NodeType, Vertex, Labels]
    Definition Classes
    LineNumberAccessors
  33. def lineNumber(value: Integer): Steps[NodeType, Vertex, Labels]
    Definition Classes
    LineNumberAccessors
  34. def lineNumber(): Steps[Integer, Integer, Labels]
    Definition Classes
    LineNumberAccessors
  35. def lineNumberNot(values: Integer*): Steps[NodeType, Vertex, Labels]
    Definition Classes
    LineNumberAccessors
  36. def lineNumberNot(value: Integer): Steps[NodeType, Vertex, Labels]
    Definition Classes
    LineNumberAccessors
  37. def literal: Literal[Labels]

    Cast to literal if applicable

  38. def method: Method[Labels]

    Traverse to enclosing method

  39. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  40. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  41. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  42. def order(value: Integer*): Steps[NodeType, Vertex, Labels]
    Definition Classes
    OrderAccessors
  43. def order(value: Integer): Steps[NodeType, Vertex, Labels]
    Definition Classes
    OrderAccessors
  44. def order(): Steps[Integer, Integer, Labels]
    Definition Classes
    OrderAccessors
  45. def orderNot[Out](values: Integer*): Steps[NodeType, Vertex, Labels]
    Definition Classes
    OrderAccessors
  46. def orderNot(value: Integer): Steps[NodeType, Vertex, Labels]
    Definition Classes
    OrderAccessors
  47. def property[P](property: Key[P]): Steps[P, P, Labels]
    Definition Classes
    PropertyAccessors
  48. def propertyFilter[Out, P](property: Key[P], value: P): Steps[NodeType, Vertex, Labels]
    Definition Classes
    PropertyAccessors
  49. def propertyFilterMultiple[Out, P](property: Key[P], values: P*): Steps[NodeType, Vertex, Labels]
    Definition Classes
    PropertyAccessors
  50. def propertyFilterNot[Out, P](property: Key[P], value: P): Steps[NodeType, Vertex, Labels]
    Definition Classes
    PropertyAccessors
  51. def propertyFilterNotMultiple[Out, P](property: Key[P], values: P*): Steps[NodeType, Vertex, Labels]
    Definition Classes
    PropertyAccessors
  52. def stringProperty(property: Key[String]): Steps[String, String, Labels]
    Attributes
    protected
    Definition Classes
    StringPropertyAccessors
  53. def stringPropertyFilter(property: Key[String], value: String): Steps[NodeType, Vertex, Labels]
    Attributes
    protected
    Definition Classes
    StringPropertyAccessors
  54. def stringPropertyFilterExact[Out](property: Key[String], _value: String): Steps[NodeType, Vertex, Labels]
    Attributes
    protected
    Definition Classes
    StringPropertyAccessors
  55. def stringPropertyFilterExactMultiple[Out](property: Key[String], values: String*): Steps[NodeType, Vertex, Labels]
    Attributes
    protected
    Definition Classes
    StringPropertyAccessors
  56. def stringPropertyFilterMultiple(property: Key[String], values: String*): Steps[NodeType, Vertex, Labels]
    Attributes
    protected
    Definition Classes
    StringPropertyAccessors
  57. def stringPropertyFilterNot[Out](property: Key[String], value: String): Steps[NodeType, Vertex, Labels]
    Attributes
    protected
    Definition Classes
    StringPropertyAccessors
  58. def stringPropertyFilterNotMultiple[Out](property: Key[String], values: String*): Steps[NodeType, Vertex, Labels]
    Attributes
    protected
    Definition Classes
    StringPropertyAccessors
  59. final def synchronized[T0](arg0: ⇒ T0): T0
    Definition Classes
    AnyRef
  60. def toParameter: MethodParameter[Labels]

    Traverse to related parameter

  61. def toString(): String
    Definition Classes
    AnyRef → Any
  62. def typ: Type[Labels]

    Traverse to expression evaluation type

  63. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  64. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  65. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )

Inherited from LineNumberAccessors[NodeType, Labels]

Inherited from CodeAccessors[NodeType, Labels]

Inherited from StringPropertyAccessors[NodeType, Labels]

Inherited from EvalTypeAccessors[NodeType, Labels]

Inherited from OrderAccessors[NodeType, Labels]

Inherited from PropertyAccessors[NodeType, Labels]

Inherited from AnyRef

Inherited from Any

Ungrouped