bluemsi/2nd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
22cd97698ef9352ce3ac6cd79ef9508bc9dfc09f
2nd/10_Wiki/Topics/DevOps_and_Security/Joern.md
T
Antigravity Agent f8b21af4be Wiki cleanup: error-doc removal, dedup merge, link normalization 
10_Wiki/Topics 대규모 정리:
- 오류 캡처/미완성 stub 문서 227개 제거
- 교차폴더 중복 43클러스터 병합 (63파일 → redirect)
- 링크명 정규화: 깨진 링크 수정·redirect 직결·개념 매핑 ~2,400건
- 카테고리 MOC 6개 신규 생성
- Graph 섹션 미해결 related-keyword 링크 10,058건 제거

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 23:52:15 +09:00

133 lines
3.8 KiB
Markdown
Raw Blame History

---
id: wiki-2026-0508-joern
title: Joern
category: 10_Wiki/Topics
status: verified
canonical_id: self
aliases: [joern-cpg, code-property-graph-tool]
duplicate_of: none
source_trust_level: A
confidence_score: 0.9
verification_status: applied
tags: [security, sast, cpg, static-analysis, vulnerability]
raw_sources: []
last_reinforced: 2026-05-10
github_commit: pending
tech_stack:
language: Scala
framework: ShiftLeft/Joern
---
# Joern
## 매 한 줄
> **"매 Code Property Graph (CPG)를 query 하는 SAST 플랫폼 — 매 AST + CFG + DDG 통합 graph"**. 매 Yamaguchi 박사 논문에서 출발 — 매 ShiftLeft가 사실상의 사업화 — 매 2026 기준 매 C/C++/Java/Python/JS/Go 매 multi-language 매 OSS SAST 의 reference.
## 매 핵심
### 매 CPG 란
- AST (syntax) + CFG (control flow) + DDG (data dependence) 통합 단일 graph.
- Node: function, identifier, literal, call, parameter, …
- Edge: AST_PARENT, CFG, REACHING_DEF, CALL, …
### 매 query language
- 매 CPGQL — Scala-based DSL.
- 매 example: `cpg.call("strcpy").argument(2).reachableBy(cpg.parameter).p`
### 매 응용
1. 매 vulnerability hunting — taint trace src→sink.
2. 매 code review automation — pattern grep 보다 더 deep.
3. 매 SBOM/SCA 보완 — first-party code의 weakness.
## 💻 패턴
### 매 install + import
```bash
brew install joern # 매 macOS
joern
joern> importCode(inputPath="/path/to/repo", projectName="myapp")
joern> open("myapp")
```
### 매 dangerous call 매 query
```scala
cpg.call.name("strcpy|gets|sprintf").l
// 매 location 매 method 매 list
cpg.call.name("strcpy").map(c => (c.method.name, c.lineNumber)).l
```
### 매 taint flow (SQL injection)
```scala
def src = cpg.call.name("getParameter")
def sink = cpg.call.name("executeQuery")
sink.reachableByFlows(src).p
```
### 매 custom rule (XSS)
```scala
def userInput = cpg.call.name(".*request.*get.*Param.*")
def htmlSink = cpg.call.name(".*innerHTML.*|.*document\\.write.*")
htmlSink.reachableByFlows(userInput).p
```
### 매 method-level metric
```scala
cpg.method.where(_.numberOfLines.gt(100)).name.l
cpg.method.controlStructure.size // 매 cyclomatic 근사
```
### 매 export
```scala
cpg.runScript("exportCpg.sc", Map("outFile" -> "/tmp/cpg.bin.zip"))
// 매 GraphML/dot 도 가능
```
### 매 CI integration
```yaml
- name: Joern scan
run: |
joern-parse src/
joern-scan --dump cpg.bin.zip > findings.json
```
### 매 ocular (commercial fork)
```scala
// 매 ShiftLeft Ocular = Joern + secrets + IaC
// 매 enterprise 매 secrets/license/SBOM 통합
```
## 매 결정 기준
| 상황 | Approach |
|---|---|
| 매 quick grep | semgrep/CodeQL |
| 매 deep taint multi-lang OSS | Joern |
| 매 enterprise + secret + SBOM | ShiftLeft / Snyk Code |
| 매 binary | Ghidra + plugin |
**기본값**: OSS multi-language SAST — Joern.
## 🔗 Graph
- 부모: [[SAST]] · [[Code_Property_Graph]]
- 변형: [[CodeQL]] · [[Semgrep]]
- 응용: [[보안_및_시스템_신뢰성_표준|OWASP Top 10]]
- Adjacent: [[보안_및_시스템_신뢰성_표준|DAST]] · [[SCA_Fundamentals|SCA]]
## 🤖 LLM 활용
**언제**: 매 cross-function taint trace 필요 — string-grep 매 부족할 때.
**언제 X**: 매 single-line pattern — semgrep 매 빠르고 충분.
## ❌ 안티패턴
- **CPG 매 too large 매 RAM**: 매 module 단위 분리 import.
- **regex 매 method name 매 over-broad**: 매 false positive 폭발.
- **flow 매 결과 매 그대로 trust**: 매 sanitizer 매 modeling 안 됐을 수도.
## 🧪 검증 / 중복
- Verified (Joern 4.x, joern.io 2026).
- 신뢰도 A.
## 🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — CPG/CPGQL 기반 SAST 패턴 정리 |
Reference in New Issue View Git Blame Copy Permalink