Packages

trait Console extends AnyRef

This is the main console for Ocular. It contains all methods that can be executed by users directly on the REPL.

In brief, the Console allows code property graphs to be created, augmented with overlays, loaded, unloaded and deleted. By default, all operations are executed on the CPG that was last loaded. This CPG is accessible via the cpg variable, while all loaded CPGs are accessible via cpgs.

In order to create CPGs that contain the application code but do not include the code of libraries, Ocular performs a smart inspection of the input file(s) to determine application code vs dependencies. The console offers the methods namespaces, appNamespaces, and depNamespaces to gain visibility into this process.

The console offers features to achieve the following:

  • Creating and loading of code property graphs, along with overlays such as security profiles
  • Managing of the CPG workspace
  • Managing overlays
  • Identifying application dependencies vs application code

Some methods are only available in the full version and are marked as such.

Examples

1. Creating and loading of code property graphs

// Three ways to create CPG and SP
// (1) via shorthand
createCpgAndSp("subjects/JavaVulnerableLab.war")

// (2) By creating CPG, then SP
createCpg("subjects/JavaVulnerableLab.war")
createSp

// (3) By specifying the overlays explicitly
createCpg("subjects/JavaVulnerableLab.war", "semanticcpg", "tagging", "securityprofile")

2. Managing the workspace

// Show code property graphs in workspace - last entry is the active CPG
workspace
// Unload the newly created CPG
unloadCpg
// load CPG by name - if loaded, this just makes this the active CPG
loadCpg("hello-shiftleft-0.0.1-SNAPSHOT.jar")
// Run query on the active cpg
cpg.method.fullName.l
// Run query on all cpgs and join results
cpgs.flatMap(_.method.fullName.l)

3. Managing overlays

// show all available overlay creators
overlays
// load CPG only with 'semanticcpg' overlay
loadCpg("JavaVulnerableLab.war", "semanticcpg")
// add the tagging overlay
addOverlay("tagging")

4. Identifying application code vs dependencies

// Show all namespaces of hello-shiftleft
namespaces("subjects/hello-shiftleft-0.0.1-SNAPSHOT.jar")
// Show application namespaces and dependency namespaces
appNamespaces("subjects/hello-shiftleft-0.0.1-SNAPSHOT.jar")
depNamespaces("subjects/hello-shiftleft-0.0.1-SNAPSHOT.jar")
Linear Supertypes
AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. Console
  2. AnyRef
  3. Any
Implicitly
  1. by any2stringadd
  2. by StringFormat
  3. by Ensuring
  4. by ArrowAssoc
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##(): Int
    Definition Classes
    AnyRef → Any
  3. def +(other: String): String
    Implicit
    This member is added by an implicit conversion from Console to any2stringadd[Console] performed by method any2stringadd in scala.Predef.
    Definition Classes
    any2stringadd
  4. def ->[B](y: B): (Console, B)
    Implicit
    This member is added by an implicit conversion from Console to ArrowAssoc[Console] performed by method ArrowAssoc in scala.Predef.
    Definition Classes
    ArrowAssoc
    Annotations
    @inline()
  5. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  6. def addOverlay(baseCpg: Cpg, names: String*): Cpg

    Add the overlays created by @overlayCreators to the CPG at @baseCpg The CPG is assumed to be in the workspace.

  7. def addOverlay(names: String*): Cpg

    Add the overlays created by @overlayCreators to current CPG.

  8. def appNamespaces(inputPath: String): List[String]

    All application namespaces for a program at @inputPath - as opposed to dependency namespaces.

    All application namespaces for a program at @inputPath - as opposed to dependency namespaces. These are the namespaces for which method bodies are analyzed in CPG creation.

  9. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  10. def banner(): Unit

    Print a nice banner

  11. def clone(): AnyRef
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )
  12. def config: OcularConfig

    Global config object

  13. def cpg: Cpg

    Last cpg loaded into the workspace

  14. def cpgs: List[Cpg]

    All cpgs loaded in the workspace

  15. def createCpg(inputPaths: Seq[String], namespaces: List[String], overlayCreators: List[String]): Option[Cpg]

    Same as createCPG but for multiple input paths

  16. def createCpg(inputPaths: List[String], namespaces: List[String]): Option[Cpg]
  17. def createCpg(inputPaths: List[String]): Option[Cpg]
  18. def createCpg(inputPath: String, namespaces: List[String]): Option[Cpg]
  19. def createCpg(inputPath: String): Option[Cpg]
  20. def createCpg(inputPath: String, namespaces: List[String], overlayCreators: List[String]): Option[Cpg]

    Create CPG from input file at @inputPath for all namespaces in @namespaces, and subsequently calculate, apply, and store overlays for all overlay creators in

  21. def createCpgAndSp(inputPaths: Seq[String]): Option[Cpg]
  22. def createCpgAndSp(inputPaths: Seq[String], namespaces: List[String]): Option[Cpg]
  23. def createCpgAndSp(inputPath: String): Option[Cpg]
  24. def createCpgAndSp(inputPath: String, namespaces: List[String]): Option[Cpg]

    Create a CPG from input file at @inputPath for all namespaces in @namespaces, and subsequently calculate, apply, and store all overlays of the semantic CPG and security profile.

    Create a CPG from input file at @inputPath for all namespaces in @namespaces, and subsequently calculate, apply, and store all overlays of the semantic CPG and security profile.

    Only available in the full version.

    Returns new CPG.

  25. def createSp(newCpg: Cpg): Cpg

    Create security profile overlay for the CPG @newCpg

    Create security profile overlay for the CPG @newCpg

    Only available in the full version.

  26. def createSp: Cpg

    Create security profile overlay.

    Create security profile overlay. We do not create this by default because it is computationally expensive and not always necessary.

    Only available in the full version.

  27. def deleteCpg(name: String): Unit

    Delete cpg - removes the CPG from the workspace, along with all of its files.

  28. def deleteCpg: Unit

    Delete the current CPG - removes the CPG from the workspace, along with all of its files.

  29. def depNamespaces(inputPath: String): List[String]

    All dependency namespaces for a program at @inputPath - as opposed to application namespaces.

    All dependency namespaces for a program at @inputPath - as opposed to application namespaces. There are the namespaces for which method bodies are NOT analyzed in CPG construction. References to these namespaces are included, however.

  30. def enableOnDiskOverflow(cacheHeapPercentage: Float = DEFAULT_CACHE_HEAP_PERCENTAGE, storageDir: String = ...): Unit

    Enable on-disk overflow option to allow for graphs larger than the heap.

  31. def ensuring(cond: (Console) ⇒ Boolean, msg: ⇒ Any): Console
    Implicit
    This member is added by an implicit conversion from Console to Ensuring[Console] performed by method Ensuring in scala.Predef.
    Definition Classes
    Ensuring
  32. def ensuring(cond: (Console) ⇒ Boolean): Console
    Implicit
    This member is added by an implicit conversion from Console to Ensuring[Console] performed by method Ensuring in scala.Predef.
    Definition Classes
    Ensuring
  33. def ensuring(cond: Boolean, msg: ⇒ Any): Console
    Implicit
    This member is added by an implicit conversion from Console to Ensuring[Console] performed by method Ensuring in scala.Predef.
    Definition Classes
    Ensuring
  34. def ensuring(cond: Boolean): Console
    Implicit
    This member is added by an implicit conversion from Console to Ensuring[Console] performed by method Ensuring in scala.Predef.
    Definition Classes
    Ensuring
  35. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  36. def equals(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  37. def finalize(): Unit
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  38. def formatted(fmtstr: String): String
    Implicit
    This member is added by an implicit conversion from Console to StringFormat[Console] performed by method StringFormat in scala.Predef.
    Definition Classes
    StringFormat
    Annotations
    @inline()
  39. final def getClass(): Class[_]
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  40. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  41. def helpMsg(): String
  42. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  43. def loadCpg(name: String, overlayNames: String*): Option[Cpg]

    Load CPG for @name from the workspace's CPG directory - assuming that a CPG for this file has been generated using createCpg, and apply overlays stored in @overlayFilenames in the specified order.

    Load CPG for @name from the workspace's CPG directory - assuming that a CPG for this file has been generated using createCpg, and apply overlays stored in @overlayFilenames in the specified order. Appends the CPG to @cpgs and returns the CPG or None, if no CPG exists for this @inputPath.

    For backward compatibility, if @name points to a code property graph, the graph is loaded but will not be included in the workspace.

  44. def loadCpgAndSpFromFiles(cpgFilename: String, spFilename: String): Option[Cpg]

    Utility method to load a CPG and SP overlay, e.g., as it falls out of ShiftLeft Inspect.

    Utility method to load a CPG and SP overlay, e.g., as it falls out of ShiftLeft Inspect. This operation will NOT interact with the workspace. You will simply get back a CPG to work on.

  45. def loadCpgs(cpgFilenames: Seq[String], overlayFilenames: Seq[String]): Option[Cpg]

    Create a single CPG by loading multiple base CPGs (at @cpgFilenames) and overlays (at @overlayFilenames).

  46. def loadPolicy(newCpg: Cpg): Policy
    Attributes
    protected
  47. def namespaces(inputPath: String): List[String]

    Human-readable overview of the namespaces of the code at @inputPath.

  48. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  49. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  50. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  51. def overlayCreatorByName(name: String): Option[OverlayCreator]
    Attributes
    protected
  52. def overlays: Unit

    Human-readable overview of overlay creators

  53. def printOverlayCreators(creators: List[OverlayCreator]): Unit
    Attributes
    protected
  54. implicit def queryConfig: QueryConfig
  55. def reloadCpg(name: String): Option[Cpg]

    Reload CPG for name - applying all available overlays.

    Reload CPG for name - applying all available overlays. If a workspace entry with this name does not exist, this method does nothing.

  56. def report(string: String): Unit

    Output information on the Ocular REPL

    Output information on the Ocular REPL

    Attributes
    protected
  57. final def synchronized[T0](arg0: ⇒ T0): T0
    Definition Classes
    AnyRef
  58. def toString(): String
    Definition Classes
    AnyRef → Any
  59. def unloadCpg(name: String): Unit

    Unload CPG for record with given @name.

    Unload CPG for record with given @name. This is useful to free up memory.

  60. def unloadCpg: Unit

    Unload the current CPG.

  61. def version(): String
  62. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  63. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  64. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )
  65. val workspace: Workspace
  66. def [B](y: B): (Console, B)
    Implicit
    This member is added by an implicit conversion from Console to ArrowAssoc[Console] performed by method ArrowAssoc in scala.Predef.
    Definition Classes
    ArrowAssoc

Deprecated Value Members

  1. def loadSp(filename: String, isJson: Boolean = false): Unit

    Only available in the full version

    Only available in the full version

    Annotations
    @deprecated
    Deprecated

    (Since version Feb 2019) Proto-sp is discontinued and replaced by overlay SP

  2. def workspaceReset: Unit

    Delete the current workspace and reinitialize it.

    Delete the current workspace and reinitialize it.

    Annotations
    @deprecated
    Deprecated

    (Since version Ocular) This method will be removed

Inherited from AnyRef

Inherited from Any

Inherited by implicit conversion any2stringadd from Console to any2stringadd[Console]

Inherited by implicit conversion StringFormat from Console to StringFormat[Console]

Inherited by implicit conversion Ensuring from Console to Ensuring[Console]

Inherited by implicit conversion ArrowAssoc from Console to ArrowAssoc[Console]

Ungrouped