appthreat / cpggen Goto Github PK
View Code? Open in Web Editor NEWGenerate CPG for multiple languages for code and threat analysis
Home Page: https://discord.gg/tmmtjCEHNV
License: Apache License 2.0
Generate CPG for multiple languages for code and threat analysis
Home Page: https://discord.gg/tmmtjCEHNV
License: Apache License 2.0
Would appreciate any help testing cpggen on Windows and M1 Mac.
The OSS version used the atom distribution but was incorrectly called cpggen. To correct these error, I am renaming things as below:
Old name | New name | Purpose |
---|---|---|
cpggen-oss-bin | atomgen-bin | OCI artefact to be used with ORAS cli |
cpggen-oss-linux-amd64 | atomgen | Single binary executable that bundles atom with Python |
ghcr.io/appthreat/cpggen-slim | ghcr.io/appthreat/atomgen | Container image to generate atoms |
cpggen-linux-musl | atomgen-musl | Single binary executable for alpine |
The OCI image ghcr.io/appthreat/cpggen-oss
uses joern so isn't affected.
PR to follow:
https://github.com/AppThreat/cpggen/pull/29/files
A detailed writeup on atom vs cpg would become available at some point. Please let me know if you think you might be affected by these changes or have further questions.
After detailed discussion with joern developers, I am using scala 3 branch of joern to bring some new features and bug fixes
https://github.com/AppThreat/joern2
After some exhaustive testing, I'm confident this approach is working well for the use cases and projects I am aware of. I will raise another ticket once the project is ready to switch back to the upstream version which might be in a few weeks time.
Working on a slimmer cli distribution called atom which will replace joern that gets bundled with cpggen.
Hello,
After installing the "cpggen" package with the command "pip install cpggen", I was able to generate cpg, it is stored in a ".bin.zip" file. I'm wondering how I can convert the graph into a different format, such as ".dot", which I can then use as inputs for my tool.
As we do not pass any arguments in the workflow for cpggen, how do we work on the scan recommendations provided by 'Bestfix' ?
As an example, I used cpggen for the app 'Fineract' and then executed bestfix for this app. The scan recommendation were as below.
How do we work on those scan recommendations?
AT tools such as cpggen must support reading configuration values from a toml file called .at.toml
. This ticket will be updated to show examples for this file.
Executed the cpggen for windows. Errors out with proper messages, but shows a successful scan and submission towards the end.
[WinError 1314WinError 1314[]1314]WinError A required privilege is not held by the client: ] A required privilege is not held by the client:
.
.
INFO Error: Unable to access jarfile /usr/local/bin/java2cpg.jar
.
.
INFO shiftleft-java-demo-java uploaded successfully
Complete logs attached
cpggen-error-log.docx
Please consider upgrading to atom which is a modern lightweight implementation.
The following packages are temporarily unavailable:
These would be republished without any binary plugins later this week.
Atom 1.2.0 has breaking changes to the directory structure.
https://github.com/AppThreat/cpggen/blob/main/cpggen/executor.py#L39
https://github.com/AppThreat/cpggen/blob/main/cpggen/executor.py#L66
With the v9 branch, cdxgen uses caxa for sae
cpggen to support generating a graph per module or package. The module would be based on the directory structure and configurable via the toml config files.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.