All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
- Progress bar causing call graph pass to freeze on large graphs. This has been removed.
- Resource clearing was accidentally commented out in 0.3.8 - this has been addressed.
- Progress bar when logging level is
>= Level.INFOfor method related operations - Added cache2k to handle caching
CacheMetricsto track hits and missesMETHOD_PARAMETER_IN-PARAMETER_LINK->METHOD_PARAMETER_OUTedge was included
- Improved the node caching and centralized
tryGetandgetOrMake-style operations toDriverCache.kt - Separated the cache and storage into
storage._Cacheclasses andstorage.PlumeStorage
- Method/Local/MethodParameterIn have been created more closely to Ocular's output.
TigerGraphDriverbug where empty strings for intentional properties would be unintentionally excluded.Member.nameandFieldIdentifier.codeproperly handled- Fixed temp dir resolution issue on macOS and Windows
CONTAINSedges are generated forMETHODto body vertices.ListMapperto process Scala lists to a serialized string and back. More formally processing Scala lists to and from OverflowDB node objects.- Handle inheritance edges i.e.
TYPE_DECL -INHERITS_FROM-> TYPE
BaseCpgPassnow uses a local cache for method body nodes instead of relying solely onGlobalCacheSCPGPassnow known asDataFlowPassas all passes now come fromdataflowengineoss.- Added
PROGRAM_STRUCTUREto timer keys.
IDriver::getVerticesOfTypeto aid in caching from existing database vertices.- External methods signatures are parsed to figure out their method parameters.
MethodStubPassandBaseCPGPassnow includesMETHOD_PARAM_INandMETHOD_PARAM_OUTand connects them to their type.- Field accesses are now constructed as a
Callvertex. - Plume now has a new logo and branding.
- Better logging for loaded files.
- Many of the
nodeCacheuses inIProgramPasspasses were converted to using theGlobalCacheinstead. MethodStubPassnow runs in parallel if possible.
- Upped the default chunk size
DeltaGraph::toOverflowDbcan now take in an optionaloverflowdb.Graphobject to write to
- Memory leak where thread pools weren't getting shutdown
DeltaGraphas aNewNodeBuildervariant of ShiftLeft'sDiffGraph.BaseCpgPasswhich is a combination of theASTPass,CFGPass, andPDGPassand returns aDeltaGraphinstead of directly apply changes to the driver.methodBodieswas added toGlobalCacheto save on database requests when moving toSCPGPassafterBaseCpgPass- Chunk size can now be configured via
ExtractorOptions::methodChunkSize
- Replaced
ASTPass,CFGPass, andPDGPasswithBaseCpgPass. - Spawns a thread pool to run base CPG building in parallel and apply
DeltaGraphs in serial. - SCPG flows are only run on new/updated method bodies since the analysis is independent of other methods.
- Types for global primitives
- Return types are now added to all types built in the CPG
- Moved the maps in
Extractorto a dedicatedGlobalCacheobject that usesConcurrentHashMaps. - SCPG pass now concurrently pulls all methods and merges it into an input graph. This code has been moved to
passes.SCPGPass.kt - External method stubs have call-to-returns generated i.e. (METHOD)-CFG->(RETURN)-CFG->(METHOD_RETURN)
- Better
INFOthreshold logging withinExtractor::project.
- Combined
Extractor::projectandExtractor::postProjectintoproject. - Deprecated
getProgramTypeData - Changed
UNIT_GRAPH_BUILDINGtoSOOTand added the time taken on loading files into Soot, calling FastHierarchy, and using Soot's call graph.
- Method pass
MethodStubPass - Structure pass
ExternalTypePass,FileAndPackagePass,MarkForRebuildPass, andTypePass - Type pass
GlobalTypePass - Added
getVerticesByPropertyandgetPropertyFromVerticestoIDriver
- Graph builders are now known as "passes" to conform to how SCPG builds graphs. Each has an interface
under
IGraphPass. graph/[AST|CFG|PDG|CallGraph]Buildertopasses/graph/[AST|CFG|PDG|CallGraph]Pass- Deprecated
getMethodNames - Added timer probes regarding database closer to database methods
- Duplication of files, types, namespace vertices on updates
ContainsEdgePassadded beforeReachingDefPassPlumeTimerto measure various intervals of the projection process- Added a filter step before
constructStructurecall inExtractor::projectas not to duplicate types
- Fixed
PlumeKeyProviderinfinite loop and added proper tests forgetNewId - Added a check in the setter for
keyPoolSizeto not allow anything less than 1
- Added
getMethodNamesandgetProgramTypeDatatoIDriver
- Used
getMethodNamesandgetProgramTypeDatato reduce the sub-graphs inExtractor::postProject
- Changed subgraph-style results to list of edge results in order to improve performance in
GremlinDriver - Switched to using
SLF4Jas the logging API
- Fixed issue where
${sys:LOG_DIR}is generated when there is nolog4j2config file Callvertices not containing consistent full names and signatures asMethodvertices. Resolves #76.
- Log4j-Core is now only added as a
testImplementationsince this is used as a library and not an application ExtractorConst::getPlumeVersionnow used to get package versionVERSION.mdis now where the build obtains version details
code,lineNumber,columnNumbertoArrayInitializer
- Escape " (quotes) to fix Neo4j bug where strings containing quotes fail vertex insertion
TypeDecltoArrayInitializeredge warning
TigerGraphDriver::authKeynever null and now just blank if not set- Removed
log4f2.propertiesunder the main artifact - Made the visibility of driver constructors module specific so that users are forced to use the
DriverFactory connectmethods on drivers now return the driver instead of nothing.
ISchemeSafeDriverinterface for drivers who can install schemas on the databaseJanusGraphDriver::buildSchemato dynamically build and install JanusGraph schema
- Dependency
com.tigergraph.client:gsql_client TigerGraphDriver::buildSchemato dynamically build and install GSQL schema
- Assigned all operator calls to
io.shiftleft.codepropertygraph.generated.Operatorsconstants - Assigned values to
ControlStructure::controlStructureType - Improved logging
Extractor::postProjectto add additionalio.shiftleft.semanticcpg.passesandio.shiftleft.dataflowengineoss.passes- Added
IDriver::getMetaDatato get theNewMetaDatavertex from the database if present
Extractor::loadandExtractor::projectnow returnExtractorinstance to allow call chaining
- Graph updates would add duplicate program structure information and fail to link prior
CALLedges - Handle the case where
NewFileBuilder#hashis null - Where
TypeDecls were attempted to be duplicated ingetProgramStructure - Fixed case where
Nodetypes were not handled inDiffGraphUtil::processDiffGraph IDriver::getProgramStructurewould not return vertices with degree 0
deleteEdgetoIDriverupdateVertexPropertytoIDriverDiffGraphUtil::processDiffGraphto acceptDiffGraphs and apply changes to a givenIDriver
- Modified
deleteVertexsignature to take ID and optional label
- Lifted compilation directory to $TEMP/plume/build. This is then deleted recursively after project.
- Module not found bug introduced by improper class cleanup in temp dir.
- Fixed instances where CallGraphBuilder would connect non-NewCallBuilder source nodes to methods.
- Fixed GraphML not escaping ampersands
- Support for loading JAR files via
loadfunction
ASTedges betweenTypeDecland theirModifiersSOURCE_FILEedges betweenTypeDecland theirFiles- A
Filevertex to represent unknown files
- When Soot cannot get method data, it will log this as a warning instead of throwing a
RuntimeException
TypeDeclare now properly generated for external types
- Replaced Plume enums with
codepropertygraphconstants
CALLedges not created if nostatic void mainpresent
- Performance issues with
getProgramStructureinOverflowDbDriver
- Replaced
PlumeGraphwithoverflowdb.Graph. - Removed Gremlin driver transaction logic being present by default.
- Fixed
cmpbug by adding this toExtractorConst#BIN_OPS. - Neo4j driver now also connects in the extractor if given to extractor disconnected
- Upgraded ASM5 -> ASM8 to fix some JAR support
- Migrated to ShiftLeft's codepropertygraph domain classes
- Migrated from Neo4j Gremlin Bolt to Neo4j Java Driver (Official Driver)
- Fixed order property and got rid of old implementation
- Removed use of reflection to improve performance of serializing and deserializing
- Extractor now longer halts process if a schema violation occurs
- ShiftLeft dependencies upgraded
- Argument index was not being implemented properly, this has been fixed.
- The following additional configuration options for OverflowDB
- overflow
- heapPercentageThreshold
- serializationStatsEnabled
- The configuration option
dbfilenamechanged tostorageLocationto match OverflowDB's respective config's name. - Removed polyglot support
- All analyzed files are sent to a temp directory so there is no longer a need to specify class path in the Extractor
- Replaced REF edges between calls and methods with CALL edges.
- Broken jCenter link in README
- Support for 6 graph databases
- TinkerGraph
- OverflowDB
- JanusGraph
- TigerGraph
- Amazon Neptune
- Neo4j
- Can extract code property graphs using Soot for:
- Java class and source code
- JavaScript 170 (1.7)
- Python 2.72
- Can construct call graphs using Soot with the following algorithms:
- CHA
- SPARK