Search in CallGraph

[rohitcoder]

Hi Team,

Thank you for this amazing project! I was able to generate a call graph with the dependencies' calls as mentioned. I wanted to check if this project includes a feature to examine the call graph, such as searching for a specific function name from a library or just a function name. Can it identify whether the mentioned function is reachable? Essentially, I’m trying to address a reachability analysis issue, where I have the name of a vulnerable function from an open-source package, and I want to search the call graph to see if it's reachable.

If this feature isn't currently available, could you guide me through the process? I'd also be happy to contribute if I can.

Thanks,
Rohit

[errt]

Dear Rohit,

checking reachability is fairly straightforward: after you computed the call graph, get the callers property for the method you are interested in, either from the CallGraph: cg.callersPropertyOf(method) or directly from the PropertyStore: ps(method ,Callers.key).ub.
Check whether the result is NoCallers, in which case the method is not reachable, or anything else, in which case it is.
Note that this means you need to get the proper DeclaredMethod object for your method first. If you don't have that yet, you can get it like this:

val declaredMethods = project.getProjectInformationKey(DeclaredMethodsKey)
val myDeclaredMethod = declaredMethods(myMethod)

where myMethod in turn is the proper Method object for your method. You can get that from various sources, e.g., classFile.findMethod (efficient) or project.allMethods or classFile.methods (less efficient)
If you need the classfile, you can get it from project.classFile(ObjectType("fully/qualified/name/of/your/class")) (JVM notation with slashes, not Java notation with periods)